Hi we have successfully setup a social login using Microsoft People Against Passwords #ask-a-descoper

Hi, we have successfully setup a social login, usi...

best-soccer-13942

08/09/2023, 9:14 AM

Hi, we have successfully setup a social login, using Microsoft. However, we want users (staff) to have immediate access to our app, without the need to setup an account. Is it possible to whitelist a domain?

square-vr-55083

08/09/2023, 9:17 AM

you mean to skip AuthN altogether for these users?

square-vr-55083

08/09/2023, 9:18 AM

or have them use a diff type of AuthN ?

best-soccer-13942

08/09/2023, 9:21 AM

Anyone with an @insertcompanyname.com email address should be pre-approved and able to login - so long as they are logged into the company Office 365 account

best-soccer-13942

08/09/2023, 9:25 AM

For context, it's a staff portal and should only be accessed by staff members. We just want to remove the need for signup - as by having a staff email address they have already been approved

square-vr-55083

08/09/2023, 9:27 AM

by using sign up or in action, it will be seamless to end user

square-vr-55083

08/09/2023, 9:28 AM

you can use condition of email domain, to tweak the experience for these users

square-vr-55083

08/09/2023, 9:28 AM

in general, for staff (workforce) , doing a SAML login (IdP based) is more secure

square-vr-55083

08/09/2023, 9:30 AM

another option, you can invite these users from use page

square-vr-55083

08/09/2023, 9:31 AM

and make sure to mark the merge button on, so it will merge oauth and user based on emails (only for your staff)

square-vr-55083

08/09/2023, 9:54 AM

does that make sense ? You want a call to go over this ?

best-soccer-13942

08/09/2023, 10:04 AM

This is great, Meir. Thanks so much. We'll give this a go, and might take you up on the offer of a call if we run into any issues 👍

square-vr-55083

08/09/2023, 10:04 AM

👍

square-vr-55083

08/09/2023, 10:23 AM

just 1 caveat I forgot to mention on microsoft merge part Many times MSFT don't verify the email on their side, in that case the the merge won't work

best-soccer-13942

08/09/2023, 3:18 PM

It seems we're caught in a loop. Is our flow correct?

Screen Recording 2023-08-09 at 16.16.19.mov

square-vr-55083

08/09/2023, 3:30 PM

ok, so 2 changes I think you need to do to get to flow you want: 1. In the PEI condition, the

If PEI Domain

should lead to end step (because this is the case of internal user/staff) , the

else

should go to the

Is new user

step, to check if account creation is needed 2. in the PEI condition use

user.emailDomain

, that will give you the user created email (side not , you might need to check it is also verified)

best-soccer-13942

08/09/2023, 3:33 PM

This is great, thanks. Will update this as per your recommendations 👍

Open in Slack

Previous Next