Domain allowlisting lets you control which email domains can be invited to your Windmill account. When set, members can only be invited if their email address matches one of the allowed domains.Documentation Index
Fetch the complete documentation index at: https://help.gowindmill.com/llms.txt
Use this file to discover all available pages before exploring further.
How it works
Your account admins can configure an allowlist of zero or more domains. When someone is invited to Windmill:- If the allowlist is empty, anyone can be invited regardless of email domain.
- If the allowlist contains one or more domains, only people with email addresses on those domains can be invited.
Default behavior
Domain allowlisting is on by default. When your Windmill account is created, the domain of the email used to create the account is automatically added to the allowlist. For example, if your account was created withjane@acme.com, the acme.com domain is added to the allowlist automatically. Only users with @acme.com email addresses can be invited until you change the configuration.
Managing the allowlist
Admins can update the domain allowlist at any time from Settings > Security:- Add a domain to permit invites for a new email domain (for example, a subsidiary or contractor domain).
- Remove a domain to stop allowing new invites from that domain. Existing members are not affected.
- Clear all domains to disable the restriction entirely and allow invites from any domain.
Best practices
- Keep the allowlist tight. Only add domains your organization controls or trusts.
- When working with contractors or partners on a different domain, add their domain temporarily and remove it when the engagement ends.
- If you need to invite a one-off external user, add their domain, send the invite, then remove the domain.
FAQs
What happens to existing members if I remove their domain from the allowlist?
What happens to existing members if I remove their domain from the allowlist?
Nothing. The allowlist only controls who can be invited. Existing members keep their access.
Can I allow any email domain?
Can I allow any email domain?
Yes. Clear all domains from the allowlist to allow invites from any domain.
Who can change the domain allowlist?
Who can change the domain allowlist?
Account admins can manage the allowlist from Settings > Security.