What it does
When someone in your organization connects a new credential to a protected app, Gumloop inspects the email address of the account they’re authorizing. If that email’s domain isn’t on the allowlist you’ve configured, the OAuth flow fails and their connection is not saved. Domain Restrictions only affect new connections. Existing credentials that were already connected before the restriction was added continue to work — revoke them manually if you want to remove them.Not every app supports Domain Restrictions. The Available Apps section of
the tab lists only the apps where Gumloop can reliably read the connecting
user’s email from the provider (Google Workspace, Slack, Microsoft, etc.).
Creating a restriction
Open the Domain Restrictions tab
Pick an app
Click an app card in Available Apps, or click the
+ next to an
already-restricted app to add another allowed domain.Enter the required domain
Enter a domain like
yourcompany.com. Any email whose domain matches
exactly will be allowed; everything else will be blocked.Enable, disable, delete
Each restriction has an Enabled toggle. Disabling a restriction pauses enforcement without deleting the rule, so you can turn it back on later. You can also delete a restriction from its detail page.What end users see
When someone tries to connect an account that doesn’t match, the OAuth flow ends with an error explaining that their organization requires a different email domain for this app. They can retry the connection with an account on an allowed domain.Related
App Claims
Restrict connections by provider workspace rather than by email domain.
Credentials
Learn how OAuth connections are stored and used across Gumloop.