Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1800
Views
0
Helpful
3
Replies

Permitted Email Domains

Go to solution
zfortna
Level 1
Level 1

‎02-24-2022 11:22 AM

When setting up Duo SSO, why is it that email addresses from outlook.com, gmail.com, etc work without being on the permitted email domain list.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jamieis
Cisco Employee
Cisco Employee
In response to zfortna

‎02-25-2022 05:21 AM

That’s correct. If you want them to continue to use their company email addresses for login you’ll need to get their email domain added to your Permitted Email Domains and be validated. Alternatively you could give them an email address with a domain you’ve already validated or have them use a public email address such as gmail or yahoo.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jamieis
Cisco Employee
Cisco Employee

‎02-24-2022 12:14 PM

Hi @zfortna,

The goal of Permitted Email Domains is to protect users from logging into Duo SSO sites that aren’t run by their company, to help with this we make it so that administrators must verify the email domains on their account and only those email domains are allowed to authenticate.

We had requests from multiple customers for a variety of reasons to allow for public email domains to be allowed, these are domains that are not owned by a specific organization (gmail.com, yahoo.com, etc) so they cannot be verified. We’ve typically seen this when customers have contractors or test accounts that don’t have email addresses associated with the organization but they do have an account within Active Directory.

0 Helpful

Go to solution
zfortna
Level 1
Level 1

‎02-24-2022 12:28 PM

Perfect. That was exactly what I was looking for. We have a few contractors with their contractor’s company’s email addresses in our Active Directory. In order to get them to work with Duo SSO, we would have to go through the authorization process in order to get those domains to work. Am i understanding that correctly?

0 Helpful

Go to solution
jamieis
Cisco Employee
Cisco Employee
In response to zfortna

‎02-25-2022 05:21 AM

That’s correct. If you want them to continue to use their company email addresses for login you’ll need to get their email domain added to your Permitted Email Domains and be validated. Alternatively you could give them an email address with a domain you’ve already validated or have them use a public email address such as gmail or yahoo.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents