Allowed email domains for organization auto-join

Allowed email domains lets organization admins define trusted domains for their organization. When a user signs in or signs up with a matching email domain, Scalekit suggests the user to join that organization in the organization switcher so the user can join the organization with one click. This feature is authentication-method agnostic: regardless of whether a user authenticates via SSO, social login, or passwordless authentication, organization options are suggested based on their email domain.

When a user signs up or signs in, Scalekit will automatically:

1. Match email domains - Check if the user’s email domain matches configured allowed domains for any organization.
2. Suggest organization options - Show the user available organizations they can join through an organization switcher.
3. Enable user choice - Allow users to decide which of the suggested organizations they want to join.
4. Create organization membership - Automatically add the user to their selected organization.

Security consideration

Disposable and public email domains are blocked and cannot be added to the allow-list (e.g., gmail.com, outlook.com). We maintain a blocklist to enforce this.

Manage allowed email domains in Scalekit Dashboard

Allowed email domains can be configured for an organization through the Scalekit Dashboard.

Manage allowed email domains API

Configure allowed email domains for an organization programmatically through the Scalekit API. Before proceeding, complete the steps in the installation guide.

cURL

Register, list, get, and delete allowed email domains

# 1. Register an allowed email domain
# Use case: Restrict user registration to specific company domains for B2B applications
curl 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/{organization_id}/domains' \
  --request POST \
  --header 'Content-Type: application/json' \
  --data '{
  "domain": "customerdomain.com",
  "domain_type": "ALLOWED_EMAIL_DOMAIN"
}'

# 2. List all registered allowed email domains
# Use case: Display domain restrictions in admin dashboard or verify current settings
curl 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/{organization_id}/domains'

# 3. Get details of a specific domain
# Use case: Verify domain configuration or retrieve domain metadata
curl 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/{organization_id}/domains/{domain_id}'

# 4. Delete an allowed email domain
# Use case: Remove domain restrictions or clean up unused configurations
curl 'https://<SCALEKIT_ENVIRONMENT_URL>/api/v1/organizations/{organization_id}/domains/{domain_id}' \
  --request DELETE

Nodejs

Register, list, get, and delete allowed email domains

// 1. Register an allowed email domain
// Use case: Restrict user registration to specific company domains for B2B applications
const newDomain = await scalekit.createDomain("org-123", "customerdomain.com", {
  domainType: "ALLOWED_EMAIL_DOMAIN",
});

// 2. List all registered allowed email domains
// Use case: Display domain restrictions in admin dashboard or verify current settings
const domains = await client.domain.listDomains(organizationId);

// 3. Get details of a specific domain
// Use case: Verify domain configuration or retrieve domain metadata
const domain = await client.domain.getDomain(organizationId, domainId);

// 4. Delete an allowed email domain
// Use case: Remove domain restrictions or clean up unused configurations
// Caution: Deletion is permanent and may affect user access
await client.domain.deleteDomain(organizationId, domainId);