In the employee settings, under organization settings, you can create a list of domains to be used for employee accounts. This will prevent accounts from being created with random email addresses. For each domain in this list, you can determine whether single sign-on (SSO) shall be used.
To be able to perform the actions below, you need the access rights of an organization manager.
Add domains
Go to the settings tab under in the employees submenu. Enable restrictions for email addresses by choosing 'Yes', and then add one or more domains to the list.
It is only possible to list domains that were already added to the domains overview.
Single sign-on
For each added domain, you can make SSO mandatory. By default, SSO is deactivated. Click on the domain you want to edit and on the pencil icon behind ‘Single sign-on not configured’. The available SSO providers are Google or Microsoft.
This forces all BEX users with email addresses of this domain to log in through the chosen identity provider. Only enable this if you own this domain name, and never use it for general domains like 'gmail.com' or 'hotmail.com'. Don’t forget to secure your Google or Microsoft account well to protect your data and systems. Multi-factor authentication is the best way to go.
For more information on setting access rights to various PMS features, read: Access rights for employees