Exclude Users of a particular domain from App sign on policies

Hi,
Is there any way in which we can exclude all the users part of a particular domain(say @xyz.com) from app sign-on policies for MFA at once? Instead of manually entering each user of that particular domain one by one.
Thanks

Hello,
The best way I know to accomplish this would be,

  • create a group for all of these users
  • setup a group rule for users whose email contains the domain and add them to the group
  • add the group to the application sign on policy and deny access

But this step also requires manually adding users to the group right?

Group Rules add users to a group automatically based off of your defined criteria

https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-rules.htm

will check it out, thanks for the quick response!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.