Managing Multiple Domains In Foxpass
Foxpass, by default, allows any user in your organization to sign in via Google or Azure AD/Entra ID to create an account and get access to any systems you've integrated with Foxpass. Foxpass administrators can also add users via the management console.
Non-domain Users
If a user's email ends in a different domain than your Foxpass account's, that user is considered a "non-domain" user. For example, if your Foxpass account is for "abc.com" and you add a user with the email "[email protected]," that user would be considered a non-domain user.
Non-domain users should always use an email/password combination to log into the Foxpass console (instead of signing in via Google or Azure AD/Entra ID credentials). You may also want to exempt non-domain users from your Delegated Authentication integration if they are not a member of your root directory.
Using Multiple Domains
Some organizations may use multiple domains to manage their directory. If you have multiple domains, you can register your subdomains with Foxpass by going to the Sync page and navigating to the "Subdomain Sync " option.
Allowing Wildcard Subdomains
If your organization has users with multiple subdomains, you can include all subdomains by default. For example, if your organization is @example.com, any user with an email @.example.com would be considered a part of your organization, where can be anything. This would mean that [email protected] and [email protected] would both be considered in your organization.
To enable wildcard subdomain matching for Google or Azure AD/Entra ID, change the setting Subdomain Sync: Should Foxpass include users in your organization's other subdomains to 'All' on the Sync page.
Allowing Authorized Subdomains
Setting up subdomain sync
On the Sync page, you can enable subdomains option for Okta, Google, OneLogin, LDAP or Azure.
For Google or Azure AD/Entra ID, go to Subdomain Sync: Should Foxpass include users in your organization's other subdomains? option and select 'Yes' or 'All' depending on your use case.
If you select 'Yes' option, then you need to 'Authorize account for Domain Sync'.
Selecting 'All' will include all domains in the wildcard format *.foxpass.com. For example: contractors.foxpass.com or corporate.foxpass.com.
For Okta, OneLogin or LDAP go to Subdomain Sync: Should Foxpass include users in these subdomains? option and click 'Edit Subdomains'.
Add the desired subdomain and click 'Add' and then 'Done'.
Subdomains must be in the same Google Workspace or Azure AD/Entra ID account you used to set up Foxpass. Be sure that the Google Workspace or Azure AD/Entra ID account you use to sync subdomains with has the appropriate administrator permissions.
Once a domain is registered in Foxpass, any user with an email in that domain is considered a regular user in that account. For instance, if your Foxpass account is for "abc.com" and you register "xyz.com" as a subdomain, both "[email protected]" and "[email protected]" would be considered regular users.
If you add or remove a subdomain in Google Workspace or Azure AD/Entra ID, you must manually refresh the subdomains in Foxpass in order to sync the changes. Disabling a subdomain in Foxpass means that it will be skipped during any user or group sync processes.
Changing subdomains
If your company changes domains, you have a few options. If the new domain is under the same Google Workspace or Azure AD/Entra ID account, you can register the new domain as a subdomain and keep all your same settings. Then, you can simply sync in the new domain and we'll treat it as a part of your account.
If you would like to make the new domain your main account domain, contact us and we can help you change it. However, this will change all your base LDAP DNs, so any LDAP or server integrations you have with Foxpass will have to be reconfigured. This will also automatically change any email domains from the old domain to the new one.
Updated about 1 month ago