Scalekit now supports allowed email domains, enabling Just-In-Time provisioning for organization members. Organization admins define trusted email domains, and when users sign in or sign up with matching addresses, they're automatically suggested to join the right organization—no manual invitation required.
Manual provisioning becomes tedious as organizations grow. Admins send individual invitations to every new team member, creating onboarding bottlenecks. New employees try to sign up and don't see their company's existing organization, so they create a new one instead, fragmenting teams across multiple accounts. This leads to multiple organizations representing the same company, making customer management chaotic—support teams struggle to identify which organization is "real," and consolidation becomes a nightmare.
Without automated provisioning, everyone loses time: admins managing invitations, employees waiting for access, and B2B apps cleaning up duplicate organizations.
Allowed email domains solve this through trusted domain whitelisting. Admins specify which email domains they trust (e.g., acmecorp.com, acme.io). When users sign in or sign up with matching domains, Scalekit checks the whitelist and surfaces matching organizations through the organization switcher. Users decide which organization to join with a single click, and they're instantly provisioned—no admin approval, no waiting for invitations.
This works across all authentication methods—SSO, social login, and passwordless—making it truly universal.
How it works
When users authenticate, Scalekit automatically:
Matches email domains
Extracts the domain from the user's email address and checks it against configured allowed domains across all organizations.
Suggests organizations
Displays matching organizations through the organization switcher interface, giving users a clear view of where they can join.
Enables one-click joining
Users select their organization and are instantly provisioned as members without any admin intervention.
Prevents duplicates
By surfacing existing organizations at sign-up, users don't inadvertently create duplicate organizations for their company.
.png)
What's included
Dashboard Configuration
Organization admins add allowed email domains directly from the Scalekit Dashboard under Organizations > Roles > Allowed Email Domains. Simple interface for managing trusted domains.
API Management
Programmatically register, list, retrieve, and delete allowed email domains using the Scalekit API. Perfect for automated onboarding workflows or bulk configuration.
Organization Switcher Integration
Built-in UI component that seamlessly presents matching organizations to users during sign-in and sign-up flows.
Security Controls
Automatic blocklist enforcement prevents disposable email services and public domains (gmail.com, outlook.com) from being added to allow-lists.
Authentication-Method Agnostic
Works regardless of how users authenticate—SSO, social login, or passwordless methods all support domain-based organization discovery.
Real-Time Validation
Domain matching happens instantly during authentication, with immediate feedback if domains are blocked or invalid.
Use cases
Eliminate invitation bottlenecks
New employees automatically discover and join their organization without waiting for admin invitations.
Reduce admin workload
Stop manually managing invitations for every new hire, especially critical for rapidly growing teams.
Prevent duplicate organizations
Users see their company's existing organization at sign-up instead of creating redundant ones.
Support multi-organization users
Employees with multiple company email addresses (consultants, contractors) can discover and access all relevant organizations.
Cleaner organization directory
B2B apps maintain accurate customer records with one organization per company, simplifying support and account management.
Security considerations
Scalekit enforces strict security measures to prevent abuse:
Blocked domain types
- Disposable email services (10minutemail.com, guerrillamail.com, etc.)
- Generic public domains (gmail.com, outlook.com, yahoo.com, etc.)
- Domains with invalid syntax
Maintained blocklist
Scalekit maintains and updates a comprehensive blocklist of disposable and public email providers that cannot be added as allowed domains.
Domain validation
All domains are validated for proper syntax and checked against the blocklist before being added to organization allow-lists.
This ensures allowed email domains only work with legitimate business email addresses, maintaining data quality and preventing spam.
Configuration
Via Dashboard:
- Navigate to Organizations in your Scalekit Dashboard
- Select the organization you want to configure
- Open the Roles tab
- Find the Allowed Email Domains section
- Add trusted email domains for your organization
Via API:Manage allowed email domains programmatically:
- Register: Add new allowed domains to an organization
- List: Retrieve all configured domains for an organization
- Get: Fetch details of a specific domain
- Delete: Remove domains when they're no longer trusted
API requires Full-Stack Auth to be enabled for your environment.
Get started
Allowed email domains are available now as part of Scalekit's Full-Stack Auth:
- Configure in your dashboard
- View documentation
- Contact support for configuration assistance
