Domain-based validation for external emails¶
Domain-based validation protects your organization from sending notifications to unauthorized or unrelated email domains.
With this feature, tenant administrators can only add external email addresses that match a domain on their Allowed Domains list.
Subdomains are also supported. For example, if example.com is allowed, user@sub.example.com is also valid.
Your list of allowed domains is managed by CyberArk Support. This ensures that only verified, trusted domains can receive notifications from your account.
When you create your account, the domain of the first user's account is automatically added to the Allowed Domains list. For example, if the first user is user@example.com, the domain example.com gets added to the Allowed Domains list.
Any new external email you add must use that domain (or one of its subdomains). Lists of allowed domains are scoped to your account and aren't shared or reused across accounts. This ensures that notifications sent from your account only go to approved domains, improving security and compliance.
To modify allowed domains, you must contact CyberArk Support.
If you try to add an external email from a domain that isn’t allowed, you'll see an error message and won't be able to add the address.
Features and benefits¶
Restricting external notifications to approved domains provides several benefits, including:
- Improves security by preventing notifications from being sent to untrusted or unintended recipients.
- Reduces configuration errors and accidental use of unauthorized addresses.
- Keeps management simple: Support handles verification, while you maintain full visibility of approved domains.
Limitations¶
- Trial tenants are automatically limited to the domain of the first registered user.
- Top-level public domains (for example, gmail.com, yahoo.com) aren't allowed.
- Subdomains of an allowed domain are valid.
- Lists of allowed domains are tenant-specific and isolated.
- No self-service option is available for managing allowed domains. You must contact support to manage allowed domains.
- If you delete your account, your domain list is also deleted.
- If your account has existing external email addresses, they remain valid and aren't affected.