Allowed email domains

Allowed email domains lets organization admins define trusted domains for their organization. When a user signs in or signs up with a matching email domain, Scalekit suggests the user to join that organization in the organization switcher so the user can join the organization with one click. This feature is authentication-method agnostic: regardless of whether a user authenticates via SSO, social login, or passwordless authentication, organization options are suggested based on their email domain.

Introduction

Allowed email domains can reduce the burden of manual invitation for organization admins, avoid duplicate organization creation, and streamline membership for end users by suggesting the right organization at sign-in/sign-up.

When a user signs up or signs in, Scalekit can automatically:

Match email domains - Check if the user’s email domain matches configured allowed domains for any organization.
Suggest organization options - Show the user available organizations they can join through an organization switcher.
Enable user choice - Allow users to decide which of the suggested organizations they want to join.
Create organization membership - Automatically add the user to their selected organization.

Security consideration

Disposable and public email domains are blocked and cannot be added to the allow-list (e.g., gmail.com, outlook.com). We maintain a blocklist to enforce this.

Enabling allowed email domains

Allowed email domains can be configured for an organization through the Scalekit Dashboard or programmatically using the API.

Enable via Dashboard

Log in to your Scalekit Dashboard.
Navigate to Organizations and select an organization.
Open the Roles tab and find Allowed Email Domains.
Add or edit allowed email domains for automatic suggestions/provisioning.

Enable via API

You can also configure allowed email domains for an organization programmatically using the Scalekit API:

npm install @scalekit-sdk/node

pip install scalekit-sdk-python

go get -u github.com/scalekit-inc/scalekit-sdk-go

/* Gradle users - add the following to your dependencies in build file */
implementation "com.scalekit:scalekit-sdk-java:2.0.1"

<!-- Maven users - add the following to your `pom.xml` -->
<dependency>
    <groupId>com.scalekit</groupId>
    <artifactId>scalekit-sdk-java</artifactId>
    <version>2.0.1</version>
</dependency>

Register email domain

Path Parameters:

organization_id (string, required): The ID of the organization

Request Body:

domain (string, required): The email domain to allow (e.g., “customerdomain.com”)
domain_type (string, required): Must be “ALLOWED_EMAIL_DOMAIN”

cURL
Nodejs

1
curl 'https://$SCALEKIT_ENVIRONMENT_URL/api/v1/organizations/{organization_id}/domains' \
2
  --request POST \
3
  --header 'Content-Type: application/json' \
4
  --data '{
5
  "domain": "customerdomain.com",
6
  "domain_type": "ALLOWED_EMAIL_DOMAIN"
7
}'

1
// Add a new domain to an organization
2
const response = await scalekit.createDomain("org-123", "example.com", {
3
  // Domain type: controls user authentication and email validation
4
  domainType: "ALLOWED_EMAIL_DOMAIN",
5
});

1
{
2
    "domain": {
3
        "id": "dom_88351643129225005",
4
        "domain": "newdomain.com",
5
        "environment_id": "env_58345499215790610",
6
        "organization_id": "org_81667076086825451",
7
        "create_time": "2025-09-01T12:14:43.100Z",
8
        "update_time": "2025-09-01T12:14:43.110455169Z",
9
        "domain_type": "ALLOWED_EMAIL_DOMAIN"
10
    }
11
}

List email domains

Request Parameters:

Path Parameters:
- organization_id (string, required): The ID of the organization

cURL
Nodejs

1
curl 'https://$SCALEKIT_ENVIRONMENT_URL/api/v1/organizations/{organization_id}/domains'

1
// List all domains in an organization
2
const response = await client.domain.listDomains(organizationId);
3

4
// Domain object contains:
5
// - id: Domain identifier
6
// - domain: Domain name
7
// - organizationId: Owning organization
8
// - domainType: Configuration type

1
{
2
  "domains": [
3
    {
4
      "create_time": "2025-09-01T11:59:50.005Z",
5
      "domain": "customerdomain.com",
6
      "domain_type": "ALLOWED_EMAIL_DOMAIN",
7
      "environment_id": "env_73947929838",
8
      "id": "dom_883516432292250875",
9
      "organization_id": "org_987654321",
10
      "update_time": "2025-09-01T11:59:50.005Z",
11
    }
12
  ],
13
  "page_number": 1,
14
  "page_size": 1
15
}

Get email domain

Request Parameters:

Path Parameters:
- organization_id (string, required): The ID of the organization
- id (string, required): The ID of the domain to retrieve

cURL
Nodejs

1
curl 'https://$SCALEKIT_ENVIRONMENT_URL/api/v1/organizations/{organization_id}/domains/{id}'

1
// Fetch details of a specific domain
2
const response = await client.domain.getDomain(organizationId, domainId);
3

4
// Domain object properties:
5
// - id: Domain identifier
6
// - domain: Domain name
7
// - organizationId: Owning organization
8
// - domainType: Domain configuration type

1
{
2
  "domain": {
3
    "create_time": "2025-09-01T11:59:50.005Z",
4
    "domain": "customerdomain.com",
5
    "domain_type": "ALLOWED_EMAIL_DOMAIN",
6
    "environment_id": "env_73947929838",
7
    "id": "dom_883516432292250875",
8
    "organization_id": "org_987654321",
9
    "update_time": "2025-09-01T11:59:50.005Z"
10
  }
11
}

Delete email domain

Request Parameters:

Path Parameters:
- organization_id (string, required): The ID of the organization
- id (string, required): The ID of the domain to delete

cURL
Nodejs

1
curl 'https://$SCALEKIT_ENVIRONMENT_URL/api/v1/organizations/{organization_id}/domains/{id}' \
2
  --request DELETE

1
// Remove a domain from an organization
2
// Caution: Deletion is permanent and may affect user access
3
const response = await client.domain.deleteDomain(organizationId, domainId);