Skip to main content

Email domains

Restrict workspace invitations by email domain and surface warnings for existing out-of-policy members.

SectionWorkspace / Access policy
PurposeWorkspace access policy reference
UpdatedJul 6, 2026
AuthorTemplate Maintainers
Versionv1.2.0
Reading time1 min

Email domains

Allowed email domains let a workspace restrict new invitations and direct member additions to approved recipient domains.

Configure allowed domains

Open workspace settings and edit the allowed email domain list. Domains are normalized before they are stored, so product UI can treat Example.com and example.com as the same policy value.

An empty list means domain restrictions are disabled.

Invitation checks

When restrictions are enabled, new invitations must target an allowed email domain. Invite acceptance also checks the user's verified primary email against the invitation and the active domain policy.

If the domain is no longer allowed by the time the user accepts, the invitation cannot be accepted.

Direct member add checks

When an admin adds an existing user directly, the template checks the user's email domain before membership creation. Out-of-policy adds can require an explicit override flow.

Existing members

Changing the domain policy does not remove existing members. Instead, the users page flags members outside the current policy so admins can review them.