Content
View differences
Updated by Klaus Zanders 1 day ago
Currently, administrators have no way to restrict which email addresses users can use when signing up (if self-sign-up is enabled) or when completing registration after being invited. In addition, users can freely change their email address later in their user settings.
At the moment, the only way to enforce such restrictions is by using LDAP or an SSO provider, since in those cases the email address is managed by the external identity provider and cannot be edited by the user.
This limitation makes it difficult to ensure that only users with approved or corporate email addresses can access the system.
**Possible solutions:**
* **Disable user-initiated email changes**
Introduce a setting that prevents users from changing their email address themselves. This would also lock the email address during the registration process to the one used when the user was invited. (<mention class="mention" data-id="76754" data-type="work_package" data-text="##OP-19689" data-display-id="OP-19689">##OP-19689</mention>)
* **Restrict allowed email domains**
Introduce a setting that restricts which email domains can be used (e.g. only allowing `example.com`).
This would ensure that users outside the approved domain cannot be invited accidentally and would also make it possible to safely enable self-sign-up, as only users with a corporate email address would be able to register.
At the moment, the only way to enforce such restrictions is by using LDAP or an SSO provider, since in those cases the email address is managed by the external identity provider and cannot be edited by the user.
This limitation makes it difficult to ensure that only users with approved or corporate email addresses can access the system.
**Possible solutions:**
* **Disable user-initiated email changes**
Introduce a setting that prevents users from changing their email address themselves. This would also lock the email address during the registration process to the one used when the user was invited. (<mention class="mention" data-id="76754" data-type="work_package" data-text="##OP-19689" data-display-id="OP-19689">##OP-19689</mention>)
* **Restrict allowed email domains**
Introduce a setting that restricts which email domains can be used (e.g. only allowing `example.com`).
This would ensure that users outside the approved domain cannot be invited accidentally and would also make it possible to safely enable self-sign-up, as only users with a corporate email address would be able to register.