---
title: "How can an organization define custom authentication methods based on company domain?"
description: "Once Ketryx Support verifies and configures a specific email domain for your organization, users trying to log in with an email address under that domain can use authentication methods defined specifically for your organization."
category: "Frequently Asked Questions"
section: "General"
keywords: ["domain", "authentication methods", "login", "email", "define custom", "authentication providers", "company", "okta"]
source_url: "https://support.ketryx.com/hc/en-us/articles/21758382028813-How-can-an-organization-define-custom-authentication-methods-based-on-company-domain"
last_reviewed: 2026-06-11
---

# How can an organization define custom authentication methods based on company domain?

> **In short:** Once Ketryx Support verifies and configures a specific email domain for your organization, users trying to log in with an email address under that domain can use authentication methods defined specifically for your organization.

Once Ketryx Support verifies and configures a specific _email domain_ for your organization, users trying to log in with an email address under that domain can use authentication methods defined specifically for your organization. Moreover, any new user logging in with a matching email address will automatically join your organization as a member.

Custom authentication methods include Okta as well as any [OpenID Connect](https://openid.net/developers/how-connect-works/)-compliant authentication provider. Organizations may also enable or disable authentication via email ("magic login links").

Once a custom authentication method is configured (e.g., for an organization with an email domain of `example.com`), the login process would look like the following:

1. User enters username@example.com on the Ketryx login page and presses Continue with emailCustom authentication methods are determined based on the email domain example.com
2. If there is only a single authentication method, that is initiated immediately without further user interaction (e.g., redirecting to Okta for login, and then back to Ketryx)
3. If there are multiple authentication methods configured for the organization, the user can choose one of them (which may include a button to retrieve a login link via email, as well as other authentication providers)
4. Once a new user is authenticated, they automatically become a member of the organization based on the email domain

Organization-specific authentication methods are configured using the advanced setting [Authentication providers](https://docs.ketryx.com/Nfv9ttHxYK0eaVZFq3wl/reference/advanced-settings#authentication-providers). [Contact Ketryx Support](https://www.ketryx.com/contact-us) for assistance with this configuration.

## Related articles

- [Which authentication methods does Ketryx support? What SSO methods are available?](which-authentication-methods-does-ketryx-support-what-sso-methods-are-available.md)
- [Can I invite other users from outside the company domain (e.g., auditors)?](can-i-invite-other-users-from-outside-the-company-domain-e-g-auditors.md)
- [How do you configure authentication via Okta?](how-do-you-configure-authentication-via-okta.md)
- [Why does the Ketryx login say \"User... not found. Please sign up first\" when trying to log in?](why-does-the-ketryx-login-say-user-not-found-please-sign-up-first-when-trying.md)
- [What is the process for adding a new user to Ketryx?](what-is-the-process-for-adding-a-new-user-to-ketryx.md)
