Learn how to enforce full account control over members with verified organization email addresses using the Control Verified Domain Accounts policy.
The Control Verified Domain Accounts policy allows enterprise organizations to enforce strict separation between organizational and personal email addresses on Pivot accounts. When enabled, your organization gains full control over accounts that use your verified domain emails.
This is an opt-in enterprise feature. It defaults to off and must be explicitly enabled by an organization admin. Your organization must have at least one verified domain before this policy has any effect.
When this policy is enabled:
[email protected]) cannot add personal email addresses (e.g. [email protected]) to their Pivot account.Members with email addresses at domains not verified by your organization are completely unaffected by this policy.
From the sidebar, click your profile picture, then select Organization admin and choose your organization. Navigate to the Domains and Security tab.
If you haven’t already, add and verify your organization’s domain. The policy only applies to verified domains. See Adding a Domain for instructions.
Under the security settings, enable Control Pivot accounts for all members that have verified organization email addresses. The policy takes effect immediately for new actions.
Enabling the policy does not affect existing users who already have mixed personal and organizational email addresses on their account. It only prevents new violations going forward. Before enabling this policy, you may want to:
When the policy is disabled, all email restrictions are lifted. Members can freely add personal or organizational email addresses to their accounts, and invitations can be accepted regardless of existing email addresses.
This policy is a prerequisite for using the SCIM integration. SCIM-based member management requires that your organization has full control over member accounts, which this policy enforces.
Was this guide helpful?