HomeKnowledge baseTrusted domains
Explore Knowledge Base

Trusted domains

23. 12. 2024

The Trusted Domain functionality allows service users with the appropriate permissions to specify and manage trusted domains. Trusted domains define the domain names that team members can use to register their emails for logging into the system.

The Service Users are able to specify a domain name to add it.

The Service Users are able to view the list of domain names with the following parameters:

  • name
  • create date

This functionality is available in the back office of Service User with the relevant permission. 

APIs:

Create a new trusted domain – POST /api/v1/trusted-domain

View all trusted domainsGET /api/v1/trusted-domain

Delete existing trusted domainDELETE /api/v1/trusted-domain/{trustedDomainId}

Back-end features

  1. Trusted Domains List specifies allowed domain names for email addresses used during service user registration or profile updates.
  2. Validation Toggle
    A system-level property enables administrators to turn email validation on or off:

    • Enabled: Email validation is performed against the trusted domains list.
    • Disabled: Email validation is skipped, even if a trusted domains list is provided.
  3. System Use Case Flow
    • When Validation is Enabled and a Trusted Domains List Exists:
      • If the provided email’s domain is not in the trusted domains list, the system returns an error:
        Email Domain Not Allowed / The email address you entered is not from an allowed domain.
      • If the domain is in the trusted domains list, the operation succeeds.
    • When Validation is Enabled but No Trusted Domains List Exists:
      • Validation is skipped.
      • Note: Administrators should ensure the trusted domains list is configured when enabling validation.
    • When Validation is Disabled:
      • Validation is skipped, even if a trusted domains list is configured.
      • A warning message is displayed if administrators attempt to configure the trusted domains list while validation is disabled.

System Configuration

  1. Configuration Property:
    • Property: core.validation.trusted-domains.enabled = true 
    • Default Value: false (validation disabled by default).
  2. Email validation fails when(AND):
  • core.validation.trusted-domains.enabled = true (is false by default)
  • user is an active member of SYSTEM organization (or going to be created with SYSTEM organization membership)
  • login credential type = email
  • domain from user email doesn’t belong to trusted domains list
  1. Validation of user email for login credential purposes has been applied to the following APIs:
  • POST /v1/users: Create a user with a specified role in a specified organization.
  • PATCH /v1/profiles/{userId}/contact: Update and verify a contact without confirmation (performed by a system user role).
  • POST /v1/profiles/my/contact: Create a contact verification request (performed by the user)