Zapier Enterprise account admins can set up allowed domains to control which email domains are permitted for OAuth app connections in the account. You choose which domains to approve, and Zapier enforces them when users connect apps through OAuth.
This article explains what allowed domains are, what they cover, and how to set them up.
Available on plans:
Free
Pro
Team
Enterprise
BetaThis is a closed beta feature. It's available for use, but still in active development and may change.
What are allowed domains?
Allowed domains let Enterprise admins specify which email domains are approved for OAuth app connections in their Zapier account. Users can then only connect accounts that use emails from the permitted domains.
Prerequisites
- Your account must be on an Enterprise plan.
- You must have an admin, super admin, or owner role.
NoteAllowed domains are entered as plain text and do not need to be verified domains.
What apps does allowed domains cover?
Allowed domains apply to OAuth-enabled app connections on Zapier. When you add a domain, any app that authenticates through OAuth using that domain is covered. The following apps currently support allowed domains:
- Gmail
Allowed domains control which email domains are permitted for OAuth authentication. They do not restrict which apps your team can use. To manage which apps are available in your account, use app access settings.
Why use allowed domains?
Allowed domains help admins ensure that team members only connect their organization's accounts to Zapier — not personal accounts. For example, without allowed domains, a team member could connect their personal Gmail account and use it in Zaps. With allowed domains enabled, only accounts on your approved domains are permitted, blocking personal and unauthorized accounts.
Set up allowed domains
- Go to the Admin Center.
- In the Admin Center sidebar, in the Governance section, select App connections.
- In the Allowed domains section, click the dropdown menu and select Allow specific domains.
-
Enter your approved domains as comma-separated values (for example,
example.com, zap.com, zapier.com).-
To ensure connections work seamlessly, include the following Zapier domains, as they're used during OAuth connection flows:
zap.comzapier.com
-
To ensure connections work seamlessly, include the following Zapier domains, as they're used during OAuth connection flows:
- Click Save changes.
Once enabled, all new OAuth connections for supported apps will be restricted to the domains on your list, and this change will be recorded in your audit log. Existing connections are not affected.
Limitations
- Allowed domains are only available on Enterprise plans. If you downgrade, you'll lose access to this feature.
-
Allowed domains apply to OAuth connections only. It does not apply to:
- Apps that authenticate using API keys instead of OAuth.
- Incoming and outgoing webhooks connections operate independently of allowed domains.
- If your organization also uses IP allowlisting, those settings are managed separately.
- Existing app connections are not affected. Only connections made after the setting is enabled are subject to the list.