Allowed Email Domains (Enterprise)
TeamRetro Allowed Email Domains feature provides additional security for your account by locking down user, team member and retrospective / health check invitations to a list of email domains you provide.
This is an Enterprise Plan only feature.
- As an Account Owner, navigate to Account > Settings > Security
- Toggle on Allowed Email Domains, and add the email domains you wish to support (note: your own email domain is required)
Once enabled, users will be notified of the restrictions when inviting account users, team members or retrospective / health check participants.
- Subdomains are also allowed. For example, if acme.org is allowed, email@example.com can be invited.
- Restrictions apply to account user, team member and retrospective / health check participant invitations.
- Restrictions are not retroactive. Any users already added to your account will continue to maintain access and can continue to be invited to teams or retrospectives/health checks.
If you wish to restrict this, you may want to remove existing users with disallowed email domains after enabling this feature via the Account -> Users screen.
- Does not apply to Single Sign On (SSO) users. Any SSO authenticated user will continue to be provisioned just-in-time and maintain their access, regardless of the email domain associated with their SSO login. If you wish to restrict this, we suggest updating your Identity Provider (IdP) configuration to restrict access to TeamRetro.
- Does not apply to user profile. Existing account users can update their email addresses to any email domain. If you wish to restrict this, we suggest configuring Single Sign On (SSO) and SCIM.