<div dir="ltr">We already have that through custom authentication flows. See <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html</a><div><br></div><div>Whitelist company domain can be done by customizing the first social login flow.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 9 February 2016 at 09:27, David Illsley <span dir="ltr"><<a href="mailto:davidillsley@gmail.com" target="_blank">davidillsley@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Are there any thoughts or plans to implement something like auth0 rules [1] which would allow easy customisaton of things like this (the checking part anyway)?<br><br>[1] <a href="https://auth0.com/docs/rules" target="_blank">https://auth0.com/docs/rules</a><br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 9, 2016 at 8:11 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>We don't currently have support for this. However, it would be a nice addition and you're not the first person to ask.</div><div><br></div><div>Google provides an hd query parameter that allows specifying the domain. However, it also needs to be verified on the server side in the callback.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><span>On 9 February 2016 at 02:18, Jesse Chahal <span dir="ltr"><<a href="mailto:jessec@dnbcloud.com" target="_blank">jessec@dnbcloud.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><div dir="ltr">Hi,<div><br></div><div>So I've been experimented with the social login, mostly the google one, and am trying to figure out how to allow whitelisting of domains for people using google apps for business. I think it is common practice to use social login for companies if they are using services from said provider. Is there a way to limit google's social login to only those who are using email's from specific domains? If not would be the best way for me to go around implementing this? </div></div>
<br></span>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>