Allowed domains for app connections

Zapier Enterprise account admins can use the Allowed domains feature to control which email domains are permitted for OAuth app connections in the account. You choose which domains to approve, and Zapier enforces them when users connect apps through OAuth.

This article explains what Allowed domains does, what it covers, and how to set it up.

Beta

This is a closed beta feature. It's available for use, but still in active development and may change.

What is Allowed domains?

Allowed domains is a feature that lets Enterprise admins specify which email domains are approved for OAuth app connections in their Zapier account. Users can then only connect accounts that use emails from the permitted domains. To ensure connections work seamlessly, include the below Zapier domains as well, as they're used during OAuth connection flows:

• zap.com
• zapier.com

Prerequisites

• Your account must be on an Enterprise plan.
• You must have an admin, super admin, or owner role.

Note

Currently, allowed domains are entered as plain text and do not need to be verified domains.

What apps does Allowed domains cover?

Allowed domains apply to OAuth-enabled app connections on Zapier. When you add a domain, any app that authenticates through OAuth using that domain is covered. The following apps are currently supported by the Allowed domains feature:

• Gmail

Note

Allowed domains control which email domains are permitted for OAuth authentication. It does not restrict which apps your team can use. To manage which apps are available in your account, use app access settings.

Why use Allowed domains?

Allowed domains help admins ensure that team members only connect their organization's accounts to Zapier — not personal accounts. For example, without Allowed domains, a team member could connect their personal Gmail account and use it in Zaps. With Allowed domains enabled, only accounts on your approved domains are permitted, blocking personal and unauthorized accounts.

Set up Allowed domains

1. Go to the Admin Center.
2. In the Admin Center sidebar, in the Governance section, select App connections.
3. In the Allowed domains section, click the dropdown menu and select Allow specific domains.
4. Enter your approved domains as comma-separated values (for example, example.com, zap.com, zapier.com).
5. Click Save changes.

Once enabled, all new OAuth connections for supported apps will be restricted to the domains on your list, and this change will be recorded in your audit log. Existing connections are not affected.

Limitations

• Allowed domains are only available on Enterprise plans. If you downgrade, you'll lose access to this feature.
• Allowed domains apply to OAuth connections only. It does not affect API key connections and incoming and outgoing webhooks.
• If your organization uses IP allowlisting, those settings are managed separately.
• Existing app connections are not affected. Only connections made after the setting is enabled are subject to the list.

Related articles

• Connect your app accounts to Zapier
• Manage access to apps in Zapier
• Review your account in the Admin Center