Exclude Users of a particular domain from App sign on policies

Is there any way in which we can exclude all the users part of a particular domain(say @xyz.com) from app sign-on policies for MFA at once? Instead of manually entering each user of that particular domain one by one.

The best way I know to accomplish this would be,

  • create a group for all of these users
  • setup a group rule for users whose email contains the domain and add them to the group
  • add the group to the application sign on policy and deny access

But this step also requires manually adding users to the group right?

Group Rules add users to a group automatically based off of your defined criteria


will check it out, thanks for the quick response!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.