The default monday.com setting is that only admins can invite new users from any email domain. However, these settings can be changed to ensure that only users with a specific, authorized email domain can join your account without invitation and that non-admins can also invite users to the account which have this email domain.
Additionally, on certain plans there is also the option to enable Single Sign-on (another method of logging in, which we'll discuss later on in the article!) and the invitation of guests to the account can be restricted to certain domains as well!
Read on to learn about how you can make these changes on your account. 🙌
Restricting new joiners to an authorized email domain
To begin, access the administration section by clicking on your profile picture in the top right-hand corner and then selecting "Administration" from the resulting menu. Next, select "Security" from the menu on the left. The security section will open on the "Login" tab by default.
If the Email & Password section is collapsed, click on the blue "Edit" button to the right of the section header:
Once this section is open, select the box to enable the "Authorized Domain" option and type in the chosen domain in the box as so:
If this setting is enabled on your account, any user with the authorized email domain can join the account without an invitation. Additionally, account members or viewers can also choose to invite users from the authorized domain.
Using single sign-on to restrict user access
Single sign-on (SSO) is a method of authentication that allows users to easily log into multiple platforms or softwares with the same, single ID and password. On monday.com, we offer the option to use SAML as a method of single sign-on on the Enterprise plan only, as well as Google Single Sign-On for both the Pro and Enterprise plans.
By using one of these SSO options, you can seamlessly restrict who will be able to access your account as this is all defined in the back-end of the SAML configuration in the identity provider settings (often performed by an organization's IT team or an SSO admin).
Restricting email domains for guests (Enterprise only)
On the Enterprise plan, admins are able to control from which email domains guests are able to be invited to the account. There are three available options for this:
- Approve any domain
- Approve specific domains
- Don't approve specific domains
Let's review what each option means exactly, below!
- Approve any domain
The "Approve any domain" option is the default setting and it allows any person to be invited as a guest on the account, no matter what their email domain is! Choosing this option will not set any restriction on which email domain guests must have in order to be invited to the account.
- Approve specific domains
By choosing the option "Approve specific domains", you can define which email domains you approve to have guests invited from. Simply type in an email domain, and press enter or space to add it to the list of approved domains!
Once you've added one or more domains to this list, (such as monday.com, abc.com, and 123.com in the GIF above) guests can then be invited to the account as long as their email address ends in one of those domains.
- Don't approve specific domains
The final option of "Don't approve specific domains" allows you to define which email domains you do not approve guests to be invited from. Similar to the method in the option above, simply type in an email domain, and press enter or space to add it to the list of domains which are not approved.
With this option, guests will not be able to be invited to the account if their email ends in one of the domains specified here.
That's it! Stay in control of exactly which users join your accounts with the help of these settings. If you're looking to change account permissions for your team regarding other actions on the account, check out this article: How to set up account permissions
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.
Comments