diff --git a/docs/documentation/configuration/examples.md b/docs/documentation/configuration/examples.md index 83571dd..1409d2b 100644 --- a/docs/documentation/configuration/examples.md +++ b/docs/documentation/configuration/examples.md @@ -72,7 +72,8 @@ auth: auth: oidc: - # a sample Entra ID provider with environment variable substitution + # A sample Entra ID provider with environment variable substitution. + # Only users with an @outlook.com email address are allowed to register or login. - id: azure provider_name: azure display_name: Login with
Entra ID @@ -80,6 +81,8 @@ auth: base_url: "https://login.microsoftonline.com/${AZURE_TENANT_ID}/v2.0" client_id: "${AZURE_CLIENT_ID}" client_secret: "${AZURE_CLIENT_SECRET}" + allowed_domains: + - "outlook.com" extra_scopes: - profile - email diff --git a/docs/documentation/configuration/overview.md b/docs/documentation/configuration/overview.md index 27d4309..bc47ba0 100644 --- a/docs/documentation/configuration/overview.md +++ b/docs/documentation/configuration/overview.md @@ -368,6 +368,10 @@ Below are the properties for each OIDC provider entry inside `auth.oidc`: - **Default:** *(empty)* - **Description:** A list of additional OIDC scopes (e.g., `profile`, `email`). +#### `allowed_domains` +- **Default:** *(empty)* +- **Description:** A list of allowlisted domains. Only users with email addresses in these domains can log in or register. This is useful for restricting access to specific organizations or groups. + #### `field_map` - **Default:** *(empty)* - **Description:** Maps OIDC claims to WireGuard Portal user fields. @@ -437,6 +441,10 @@ Below are the properties for each OAuth provider entry inside `auth.oauth`: - **Default:** *(empty)* - **Description:** A list of OAuth scopes. +#### `allowed_domains` +- **Default:** *(empty)* +- **Description:** A list of allowlisted domains. Only users with email addresses in these domains can log in or register. This is useful for restricting access to specific organizations or groups. + #### `field_map` - **Default:** *(empty)* - **Description:** Maps OAuth attributes to WireGuard Portal fields.