StatusPulse StatusPulse
← All features

Access · Business

SSO domain lock

Every B2B procurement form has an "SSO?" checkbox. Tick it: Entra External ID federates Microsoft + Google work accounts; the domain lock guarantees only your team gets in.

Why you need it

Single text field on Dashboard → Team — bare email domain like acme.com. Any subsequent sign-in or invite acceptance whose email doesn't end in that domain is rejected with a clear "domain not allowed" message.

  • Invite-time enforcement. AcceptInviteAsync reads the tenant's RequiredEmailDomain; mismatched emails return a DomainNotAllowed result and the accept page shows a 403 explaining the rule.
  • Federation-ready. Our Entra External ID tenant supports Microsoft work accounts + Google Workspace as identity providers — the domain lock is the policy layer above that federation.
  • Case-insensitive, paste-tolerant. Operator can paste @Acme.com or acme.com — both normalise to the same canonical form.
  • Light format validation. Must contain a dot, no spaces, max 253 chars (DNS limit). Avoids the noise of full DNS resolution while catching typos.

Where it pays off

The single most-requested enterprise-tier feature:

  • B2B procurement. Security review form asks "Does your tool support SSO?" — yes, Microsoft + Google + domain-locked workspace.
  • Workspace hygiene. Stops a forwarded invite link from being accepted by a personal Gmail account when the org policy is "work email only".
  • Acquisition / divestment. Old domain acquires new domain — flip the lock at the right cutover moment to control who keeps access.

Available on Business. Already on StatusPulse? See the full config in Help →

Related

Try SSO domain lock in StatusPulse

5 probes, 1 status page, forever. No credit card. US or EU host — you choose.

Start free See pricing