By default on new monday.com accounts, the creator’s email domain is authorized automatically. Anyone with that domain can join the account without an invitation. By default, members can also invite people from any email domain unless an admin restricts invitations.
If your plan includes Single Sign-On (SSO), you can enable it. You can also restrict guest invitations to specific domains on supported plans.
Restricting new joiners to an authorized email domain
On new accounts, the creator’s email domain is authorized automatically. To review or change this, access the administration section by clicking on your profile picture in the top right-hand corner and then selecting Administration from the resulting menu. Next, select Security from the menu on the left and go to the Authentication tab.
Expand the Authentication policies tab, click on the three-dot menu next to Email and password, and select Edit:
Once this section is open, scroll down, select the box to enable the "Authorized Domain" option, and type your chosen domain into the box as follows:
When "Authorized domain" is enabled, anyone with the specified domain can join without an invitation. Admins can invite people from any domain. Members can invite people who share the authorized domain. If you leave invitations open, members can invite from any domain.
Using single sign-on to restrict user access
Single sign-on (SSO) is a method of authentication that allows users to easily log into multiple platforms or softwares with the same, single ID and password. On monday.com, we offer the option to use SAML as a method of single sign-on on the Enterprise plan only, as well as Google Single Sign-On for both the Pro and Enterprise plans.
By using one of these SSO options, you can seamlessly restrict who will be able to access your account as this is all defined in the back-end of the SAML configuration in the identity provider settings (often performed by an organization's IT team or an SSO admin).
Restricting email domains for guests (Enterprise only)
On the Enterprise plan, admins are able to control from which email domains guests are able to be invited to the account. There are three available options for this:
- Approve any domain
- Approve specific domains
- Don't approve specific domains
Let's review what each option means exactly, below!
- Approve any domain
The "Approve any domain" option is the default setting and it allows any person to be invited as a guest on the account, no matter what their email domain is! Choosing this option will not set any restriction on which email domain guests must have in order to be invited to the account.
- Approve specific domains
By choosing the option "Approve specific domains", you can define which email domains you approve to have guests invited from. Simply type in an email domain, and press enter or space to add it to the list of approved domains!
Once you've added one or more domains to this list (such as monday.com in the image above), guests can be invited to the account as long as their email address ends in one of those domains.
- Don't approve specific domains
The final option of "Don't approve specific domains" allows you to define which email domains you do not approve guests to be invited from. Similar to the method in the option above, simply type in an email domain, and press enter or space to add it to the list of domains which are not approved.
With this option, guests will not be able to be invited to the account if their email ends in one of the domains specified here.
That's it! Stay in control of exactly which users join your accounts with the help of these settings. If you're looking to change account permissions for your team regarding other actions on the account, check out this article: How to set up account permissions
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.