Opti ID uses the organization DNS domains to enable JIT (Just-In-Time) user onboarding.
The Opti ID Admin Center page lets organizations configure their DNS domains so that a user can log in if they have an email whose domain matches any of the configured domains for your organization, even if the user was not explicitly provisioned from user management in the Opti ID Admin Center.
To configure DNS domains for your organization, follow these steps:
- As an administrator, login to your organization's Admin Center page (https://login.optimizely.com).
- Go to the Single Sign-on (SSO) settings.
- Click Edit Domains and enter your organization DNS domains. If you configure more than one domain, separate them with commas, and ensure that you enter only domains that your organization owns.
Do not configure social domains such as hotmail.com, gmail.com, facebook.com, and so on. Also, do not configure domains belonging to external organizations that you may have a relationship with, such as agencies or partnerships. If users in your organization use email addresses with social domains or domains belonging to external organizations, you must explicitly provision them from the user management page in the Admin Center.
- After the domains are entered, click Save. This configures the DNS domains for your organization, and users with email addresses whose domains match any of the ones configured can log in to Opti ID without first being explicitly provisioned. You will still need to provision users in groups for product access.
Social Domains
The following social domains are blocked. Attempting to add them returns an error.
- facebook.com
- gmail.com
- icloud.com
- me.com
- yahoo.com
- hotmail.com
- linkedin.com
<%= heading %>
