Email Domain Group Rules
Email domain group rules automatically assign users to groups based on their email address domain. When a user logs in for the first time via an external identity provider, the Identity Service checks their email against all configured rules and adds them to matching groups.
The Email Domain Group Rules page requires the TenantManagement role. It is only visible in the sidebar if you have this role assigned.
Accessing Email Domain Group Rules
Navigate to Identity > Email Domain Rules to access the rule management interface.
The list shows all configured rules:
| Column | Description |
|---|---|
| Domain Pattern | The email domain pattern to match |
| Target Group | The group that matching users are added to |
| Description | Optional description of the rule |
Toolbar Actions
| Button | Description |
|---|---|
| New Rule | Create a new email domain group rule |
| Search | Filter rules by domain pattern or description |
| Export to Excel | Export the rule list to an Excel file |
| Export to PDF | Export the rule list to a PDF file |
| Refresh Data | Reload the rule list |
Row and Context Actions
| Action | Description |
|---|---|
| Edit | Open the rule in the edit form |
| Delete | Delete the rule (context menu, with confirmation) |
Creating a Rule
Click New Rule to open the rule creation form.
| Field | Required | Description |
|---|---|---|
| Email Domain Pattern | Yes | Domain pattern to match against user email addresses (e.g., example.com) |
| Target Group | Yes | The group to add matching users to |
| Description | No | Optional description of the rule's purpose |
Click Save to create the rule or Cancel to discard.
Editing a Rule
Click Edit on a rule row to open the edit form. All fields can be modified.
Deleting a Rule
Right-click a rule and select Delete. Confirm the deletion in the dialog.
How It Works
- A user logs in via an external identity provider (e.g., Google, Azure AD)
- The Identity Service retrieves the user's email from the provider
- It checks all email domain group rules for the tenant
- If the user's email domain matches a rule's pattern, the user is added to the rule's target group
- The user inherits all roles assigned to that group
Email domain group rules are evaluated on first login only. If you create a rule after users have already registered, existing users are not retroactively added to the group. You can manually add existing users to the group via the Groups page.
Example
You want all users with @acme.com email addresses to automatically receive dashboard viewing permissions:
- Navigate to Identity > Groups and create a group "Acme Viewers" with the roles
DashboardViewerandReportingViewer - Navigate to Identity > Email Domain Rules and click New Rule
- Set Email Domain Pattern to
acme.com - Set Target Group to
Acme Viewers - Set Description to
Auto-assign Acme employees to viewer group - Click Save
Now every user who logs in with an @acme.com email address is automatically added to the "Acme Viewers" group and can view dashboards and reports.