What can we help you with?

Restrict who can join your account

The default setting on your monday.com account is that only admins can invite new users from any email domain. However, these settings can be changed to ensure that only users with a specific, authorized email domain can join your account without invitation and that non-admins can also invite users to the account which have this email domain.

Additionally, on certain plans there is also the option to enable Single Sign-on (another method of logging in, which we'll discuss later on in the article!) the invitation of guests to the account can be restricted to certain domains as well!

 

Read on to learn about how you can make these changes on your account. 🙌

 

Restricting new joiners to a specific email domain

Step 1

Select your Profile Picture (avatar) and click Admin:

image_278.png

 

Step 2

Select "Security" from the menu on the left. The Security section will open on the default tab which is the "Login" tab:

image_1__59_.png

 

Step 3

If the Email & Password section is collapsed, click on the blue "Edit" button to the right of the section header:

Screen_Shot_2021-02-24_at_11.27_1.png

Once this section is open, select the box to enable the Authorized Domain option and type in the chosen domain in the box as so:

authorized_domain.png

If this setting is enabled on your account, any user with the authorized email domain can join the account without an invitation. Additionally, account Members or Viewers can also choose to invite users from the authorized domain.

 

Note: If you activate Single Sign-on (SSO), the 'Authorized Domain' option will be disabled. A users ability to access the account will then depend on your identity provider settings and the Login Restrictions Policy in the SSO settings of your monday.com account.

 

Using single sign-on to restrict user access

Single sign-on (SSO) is a method of authentication that allows users to easily log into multiple platforms or softwares with the same, single ID and password. On monday.com, we offer the option to use SAML as a method of single sign-on on the Enterprise plan only, as well as Google Single Sign-On for both the Pro and Enterprise plans.

By using one of these SSO options, you can seamlessly restrict who will be able to access your account as this is all defined in the back-end of the SAML configuration in the identity provider settings (often performed by an organization's IT team or an SSO admin).

 

Note: To learn more about SAML SSO and how to set it up, check out this article. Additionally, to learn more about Google SSO, click here.

 

 

Restricting email domains for guests (Enterprise only)

On the Enterprise plan, admins are able to control from which email domains guests are able to be invited to the account. There are three available options for this:

  1. Approve any domain
  2. Approve specific domains
  3. Don't approve specific domains

Screen_Shot_2021-03-03_at_13.28_1.png

Let's review what each option means exactly, below!

 

Note: A guest must have a different email domain than the first user of the account in order to be invited, regardless of the options mentioned below.

 

  • Approve any domain 

The 'Approve any domain' option is the default setting and it allows any person to be invited as a guest on the account, no matter what their email domain is! Choosing this option will not set any restriction on which email domain guests must have in order to be invited to the account.

Screen_Shot_2021-03-03_at_13.57_1.png

 

  • Approve specific domains

By choosing the option 'Approve specific domains', you can define which email domains you approve to have guests invited from. Simply type in an email domain, and press enter or space to add it to the list of approved domains!

captured__5_.gif

Once you've added one or more domains to this list, (such as monday.com, abc.com, and 123.com in the GIF above) guests can then be invited to the account as long as their email address ends in one of those domains.

 

  • Don't approve specific domains

The final option of 'Don't approve specific domains' allows you to define which email domains you do not approve guests to be invited from. Similar to the method in the option above, simply type in an email domain, and press enter or space to add it to the list of domains which are not approved.

captured__6_.gif

With this option, guests will not be able to be invited to the account if their email ends in one of the domains specified here. 

 

Note: To learn more about guests and the different user types that we offer, check out this article.

 

That's it! Stay in control of exactly which users join your accounts with the help of these settings. If you're looking to change account permissions for your team regarding other actions on the account, check out this article: How to set up account permissions.

 

If you have any questions, please reach out to our team by using our contact form. We're available 24/7 and happy to help! 🙂