Enforce OAuth for Google Emails
Within flows, you might have included a condition block to force SSO on specific users that are enabled for it, as described here.
Thinking along the same lines, if you would like to force a particular user to use OAuth by checking if their email address domain is from a specific MX domain like Google for example, you can do that with a special block in Flows. This guide will show you how to implement that.
Note
If you're unfamiliar with MX hostname records, you can read about them on Cloudflare's docs.
How to Check Email Address for Google Domain
- Head over to your flows, and select the one you want to integrate this feature with.
- Select an Action block from the Blue +, called Load Mail Provider Hostname. This block will look up and return the DNS email exchange hostname record, which is used to direct email to a specific mail server.
- Then, to utilize the information returned from the Load Mail Provider block, add a conditional block and search for the mailProviderHost attribute:
- You can implement whatever logic you would like, however, if you would like to check for a Google hostname specifically, the block should look like this:
Note
If you would like to implement this feature, with other domains besides Google, you will need to know the MX domain hostname for your particular website. Then, in the conditional block, you can include your domain name here (you do not need to include a domain suffix such as .com).
- Finally, connect the blocks together, add the rest of your flow logic, and you're done!
Final Result
As an example, this flow forces a user to log in via Google if the email address is a Google domain, or sign them up using normal OTP if the email domain is something else:
If you have any other questions about Descope or our flows, feel free to reach out to us!