Email Domain Group Rules
Email domain group rules automatically assign users to groups based on their email address domain. When a user registers or logs in for the first time, the Identity Service checks their email against configured rules and adds them to matching groups.
Use Case
You want all users with @meshmakers.com email addresses to automatically receive the Development and CommunicationManagement roles. Instead of manually assigning roles to each user, you:
- Create a group
"Engineering"with those roles - Create an email domain group rule mapping
meshmakers.comto that group
Every user who registers with a @meshmakers.com email is automatically added to the Engineering group and inherits its roles.
Properties
| Property | Description |
|---|---|
| EmailDomainPattern | Domain to match against (e.g., meshmakers.com) |
| TargetGroupRtId | RtId of the group to add matching users to |
| Description | Optional description of the rule |
Managing Rules via CLI
# List all rules
octo-cli -c GetEmailDomainGroupRules
# Get a specific rule
octo-cli -c GetEmailDomainGroupRule -id "<rule-rtid>"
# Create a rule
octo-cli -c CreateEmailDomainGroupRule \
-edp "meshmakers.com" \
-tgid "<target-group-rtid>" \
-d "Auto-assign meshmakers employees to Engineering group"
# Update a rule
octo-cli -c UpdateEmailDomainGroupRule \
-id "<rule-rtid>" \
-edp "meshmakers.com" \
-tgid "<new-target-group-rtid>"
# Delete a rule
octo-cli -c DeleteEmailDomainGroupRule -id "<rule-rtid>"
How It Works
- A user logs in via an external identity provider (e.g., Google, Azure AD)
- The Identity Service retrieves the user's email from the provider
- It checks all email domain group rules for the tenant
- If the email domain matches a rule's
EmailDomainPattern, the user is added to the rule's target group - The user inherits all roles assigned to that group
note
Email domain group rules are evaluated on first login only. If you create a rule after users have already registered, existing users are not retroactively added to the group.