For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
AcademyContact SalesHelp CenterDashboard
DocumentationAPI ReferenceIntegrationsAdministrationChangelog
DocumentationAPI ReferenceIntegrationsAdministrationChangelog
  • Administration
    • Account Access & Login
      • Two-Factor Authentication
      • Whitelist Email Domains
      • Single Sign-On
    • Early Access Program
LogoLogo
AcademyContact SalesHelp CenterDashboard
On this page
  • What this does
  • Take domain policy further with SSO
  • Permissions
  • Where to configure
  • Add or remove allowed domains
  • How invitations are validated
  • Agencies and subaccounts
  • Invite users (with domain restrictions in place)
AdministrationSecurity

Whitelist Email Domains

Control who can be invited by whitelisting email domains
||View as Markdown|
Was this page helpful?
Previous

Single Sign-On

Centralize authentication with your identity provider
Next
Built with

What this does

Restrict which email domains can receive invitations to join your workspace. When one or more allowed domains are configured, only email addresses matching those domains can be invited.

Take domain policy further with SSO

Allowed domains secure invite controls inside Synthflow workspace access. For businesses that need centralized authentication and stronger security policy enforcement, Single Sign-On (SSO) is the next step.

With SSO, your domain policy is backed by your identity provider authentication flow, not only by invitation restrictions in Synthflow.

Permissions

Based on your role management settings:

  • Super Admins and Admins can create, view, update, and delete allowed email domains
  • Members cannot manage allowed domains or invite other users

If no allowed email domains are configured, invitations are permitted for all domains.

Where to configure

Allowed domains are managed in: Settings → Security → Whitelist Domains.

The Security page also contains related settings like webhook security.

Add or remove allowed domains

1

Navigate to Settings → Security.

2

Scroll down to Whitelist Domains and click Add domain.

3

Enter a domain (for example, example.com).

Use bare domains like example.com. Do not include @, protocols, or paths.

4

To remove a domain, use the delete action next to it.

How invitations are validated

  • If at least one allowed domain exists, an invite can only be created for an email whose domain matches one of the allowed domains.
  • If no allowed domains exist, invites are not restricted by domain.
  • The restriction applies to invite creation. Existing users are unaffected.

If you attempt to invite an email from a non‑permitted domain, the invite will be blocked and you will be prompted to use an allowed domain.

Agencies and subaccounts

For agencies and their subaccounts:

  • The email domain restriction applies to invite creation at the agency (workspace) level
  • Agency users can still access subaccounts regardless of their email domain
  • A domain restriction set at the agency does not apply to subaccounts

Invite users (with domain restrictions in place)

Follow the standard invitation flow in User Management. When entering the invitee’s email, the domain will be checked against your whitelist.