cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1377
Views
0
Helpful
3
Replies

Permitted Email Domains

zfortna
Level 1
Level 1

When setting up Duo SSO, why is it that email addresses from outlook.com, gmail.com, etc work without being on the permitted email domain list.

1 Accepted Solution

Accepted Solutions

That’s correct. If you want them to continue to use their company email addresses for login you’ll need to get their email domain added to your Permitted Email Domains and be validated. Alternatively you could give them an email address with a domain you’ve already validated or have them use a public email address such as gmail or yahoo.

View solution in original post

3 Replies 3

jamieis
Cisco Employee
Cisco Employee

Hi @zfortna,

The goal of Permitted Email Domains is to protect users from logging into Duo SSO sites that aren’t run by their company, to help with this we make it so that administrators must verify the email domains on their account and only those email domains are allowed to authenticate.

We had requests from multiple customers for a variety of reasons to allow for public email domains to be allowed, these are domains that are not owned by a specific organization (gmail.com, yahoo.com, etc) so they cannot be verified. We’ve typically seen this when customers have contractors or test accounts that don’t have email addresses associated with the organization but they do have an account within Active Directory.

zfortna
Level 1
Level 1

Perfect. That was exactly what I was looking for. We have a few contractors with their contractor’s company’s email addresses in our Active Directory. In order to get them to work with Duo SSO, we would have to go through the authorization process in order to get those domains to work. Am i understanding that correctly?

That’s correct. If you want them to continue to use their company email addresses for login you’ll need to get their email domain added to your Permitted Email Domains and be validated. Alternatively you could give them an email address with a domain you’ve already validated or have them use a public email address such as gmail or yahoo.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links