Allow List & Block List

Allow List & Block List


The Access Control feature allows you to easily manage who is and isn't allowed to log in to your app. Access can be gated in 2 ways: explicitly allowing only certain emails and domains through with Allow List, or blocking certain emails and domains with Block List.

This feature is compatible with some OAuth providers (see Social Login), and not currently compatible with WebAuthn.

#Allow List

The Allow List lets you specify emails and domains that can access your site. The max list size for Allow List is 20k entries. Sample use cases are mailing lists, private organizations or message boards.


By default this list is empty, which means that everyone is allowed access, however once valid entries are specified in this list, only those emails + domains will be allowed to access your app.

#Block List

The Block List lets you specify emails and domains you wish to block from accessing your app. The max list size for Block List is also 20k entries. Useful for most apps, forums, message boards, social media, etc.


The entries in this list take precedence over the entries in the Allow List. If an email (or domain wildcard) is specified in the Block List would otherwise be granted access by the Allow List, the email would still be blocked.


  • Accepts email addresses or domain wildcards
  • Separate entries with spaces, commas, or line breaks
  • Pulling from a CRM? Export emails as a single-column CSV; copy + paste

#Social Login

We are only able to gate email access for OAuth providers that return a user's email inside the OAuth user info response.

The following is a list of OAuth providers that require additional steps or verification for your app to support email access.

  • Twitter
  • Microsoft
  • Bitbucket
  • LinkedIn

Did you find what you were looking for?

Did you find what you were looking for?