Opti ID uses your organization's Domain Name System (DNS) domains to enable just-in-time (JIT) user onboarding.
In Opti ID, you can configure your organization's DNS domains so that a user can log in if they have an email whose domain matches any of the configured domains for your organization, even if the user was not explicitly provisioned from user management in the Opti ID Admin Center.
To configure DNS domains for your organization, follow these steps:
- As an administrator, log in to your organization's Opti ID home dashboard (https://login.optimizely.com).
- Go to Admin Center > Settings > Domains/Dynamic Provisioning.
- Click Add SSO Domains, select the SSO connection, and enter your organization's DNS domains. If you configure more than one domain for an SSO connection, separate them with commas, and ensure you enter only domains your organization owns.
Do not configure social domains such as hotmail.com, gmail.com, facebook.com, and so on. Also, do not configure domains belonging to external organizations that you may have a relationship with, such as agencies or partnerships. If users in your organization use email addresses with social domains or domains belonging to external organizations, you must explicitly provision them from the user management page in the Admin Center.
- Click Save. This configures the DNS domains for your organization, and users with email addresses whose domains match any of the ones configured can log in to Opti ID without first being explicitly provisioned. You will still need to provision users in groups for product access.
Social Domains
The following social domains are blocked. Attempting to add them returns an error.
- facebook.com
- gmail.com
- icloud.com
- me.com
- yahoo.com
- hotmail.com
- linkedin.com
Please sign in to leave a comment.