Feature Introduction: Email Domain Whitelisting

Feature Introduction: Email Domain Whitelisting

4708
Created On 07/09/25 21:53 PM - Last Modified 11/04/25 09:20 AM


Symptom


Introduction

To enhance security and prevent the creation of unauthorized user accounts, we are introducing the Email Domain Whitelisting feature. This allows Domain Administrators to specify which email domains are permitted for new users within a CSP account.
Please note that this feature is only available to Domain Administrators who have the 'Domain Administrator' role in a CSP account. 

Account Details Page Updates

The Account Details page, found under Account Management, has been updated to support the new whitelisting functionality.

Account Tab

  • Removed "Email domain type": The section indicating the email domain type (e.g., Mixed) has been removed to streamline the interface.

User Access Tab

  • Updated Description: The alert message for the Account Registration Link has been simplified and is now displayed in a warning style.

  • Regenerate Link Confirmation: Clicking the "Regenerate" button for the registration link now displays a confirmation pop-up to ensure the user is aware that they are adding a new user with a confirming email address.

New "Email Domain Whitelist" Tab

  • A new Email Domain Whitelist tab is now available to Domain Administrators. Only Domain Administrators can modify (add or delete) an email domain whitelist.

  • During the initial rollout of the Email Domain Whitelisting feature, a one-time generation of the domain whitelist will be performed on all existing email domains of existing CSP Accounts.

  • Functionality: This tab allows administrators to create, view, and delete whitelisted email domains.

    • Add Email Domain: A pop-up allows administrators to add a new, valid email domain to the whitelist.
      Note: While a company can use a domain with an underscore for its internal network, that domain cannot be registered publicly or used for internet-based emails.
                The underscore character (_) is not a valid character for a public domain name.

    • Delete Email Domain: A confirmation pop-up appears to prevent accidental deletion, warning that removing a domain will also remove all users associated with it.

    • Email Addresses View: A side panel displays the specific email addresses associated with a selected whitelisted domain.

Create New User Page Updates

Located under Members > Create New User, this page has been updated to enforce the whitelist.

  • Informational Alert: A new message at the top of the page informs the user that if a whitelist is active, the new user's email domain must be on that list.

  • Error Handling: If a user attempts to create a new member with an email domain that is not on the whitelist, a clear error message will be displayed, directing them to the Email Domain Whitelist tab to manage the list.

Pending Memberships Page Updates

Found under Members > Manage Users > Review Pending Membership(s), this page now integrates with the whitelisting feature.

  • Approval Restrictions: The "Accept" button for a pending membership will be disabled if the user's email domain is not on the whitelist.

  • Informational Tooltip: An icon with a tooltip will appear next to the pending user's email address, explaining that the domain must be added to the whitelist by a Domain Administrator before the membership can be approved.

 

Environment


Customer Support Portal
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNWhKAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail