I really like the simplicity of adding a domain to my Emails sheet for the Whitelist privacy setting, but I’m thinking ahead about someone who may leave our organization and then I’d have to revoke their access to the app. If they previously signed in successfully with the organization’s domain, then as long as the app keeps them logged in, they’ll continue to have access to the app (even if their email address no longer actually exists — since it was removed from our servers).
My current setup to get around this is to have employees sign up for the app through a Google Forms submission. This form is embedded on our secure website and employees need a login to access the form. The form responses are then used to build my Whitelist and when someone leaves, I simply delete their form response — since they can no longer access the sign-up form, they can’t get back into the app.
What if the Email Whitelist could be set up to use a domain, but then an Email Blacklist could be developed to work in conjunction with the Whitelist to further restrict access when needed. If I use just a domain as my Whitelist, it makes it quicker for staff to sign up (no form to submit first), but then I’d need a way to boot people off the app if/when they leave the organization. Has anyone encountered this or have any other suggestions?