Feature Introduction: Email Domain Whitelisting
Symptom
Introduction
To enhance security and prevent the creation of unauthorized user accounts, we are introducing the Email Domain Whitelisting feature. This allows Domain Administrators to specify which email domains are permitted for new users within a CSP account.
Please note that this feature is only available to Domain Administrators who have the 'Domain Administrator' role in a CSP account.
IMPORTANT NOTE: If the CSP user also has the "Standard User" role listed along with Domain Admin role. This will prevent the user from making updates. Please edit the user and remove the "Standard User" role. Please know the Super User role is ok.
Account Details Page Updates
The Account Details page, found under Account Management, has been updated to support the new whitelisting functionality.
Account Tab
-
Removed "Email domain type": The section indicating the email domain type (e.g., Mixed) has been removed to streamline the interface.
User Access Tab
-
Updated Description: The alert message for the Account Registration Link has been simplified and is now displayed in a warning style.
-
Regenerate Link Confirmation: Clicking the "Regenerate" button for the registration link now displays a confirmation pop-up to ensure the user is aware that they are adding a new user with a confirming email address.
New "Email Domain Whitelist" Tab
-
A new Email Domain Whitelist tab is now available to Domain Administrators. Only Domain Administrators can modify (add or delete) an email domain whitelist.
- During the initial rollout of the Email Domain Whitelisting feature, a one-time generation of the domain whitelist will be performed on all existing email domains of existing CSP Accounts.
-
Functionality: This tab allows administrators to create, view, and delete whitelisted email domains.
-
Add Email Domain: A pop-up allows administrators to add a new, valid email domain to the whitelist.
Note: While a company can use a domain with an underscore for its internal network, that domain cannot be registered publicly or used for internet-based emails.
The underscore character (_) is not a valid character for a public domain name. -
Delete Email Domain: A confirmation pop-up appears to prevent accidental deletion, warning that removing a domain will also remove all users associated with it.
-
Email Addresses View: A side panel displays the specific email addresses associated with a selected whitelisted domain.
-
Create New User Page Updates
Located under Members > Create New User, this page has been updated to enforce the whitelist.
-
Informational Alert: A new message at the top of the page informs the user that if a whitelist is active, the new user's email domain must be on that list.
-
Error Handling: If a user attempts to create a new member with an email domain that is not on the whitelist, a clear error message will be displayed, directing them to the Email Domain Whitelist tab to manage the list.
Pending Memberships Page Updates
Found under Members > Manage Users > Review Pending Membership(s), this page now integrates with the whitelisting feature.
-
Approval Restrictions: The "Accept" button for a pending membership will be disabled if the user's email domain is not on the whitelist.
-
Informational Tooltip: An icon with a tooltip will appear next to the pending user's email address, explaining that the domain must be added to the whitelist by a Domain Administrator before the membership can be approved.
Cortex Gateway login with new domain
If a new user with new domain is added to CSP and the new domain is whitelisted in CSP, the new domain has to be approved in Cortex Gateway too.
Where to add new domain? > Allowed Sessions -> allowed Domain
If the new domain is not approved in Gateway, the login attempt may return the 4010509 error code (meaning: The email domain is not in the approved user email domains).
Environment
Customer Support Portal