Skip to main content

Signup Restriction

This document describes ways to restrict users from signing up on your self-hosted Appsmith instance. This configuration is done by editing the Instance configuration.

Disable Sign-up

The environment variable APPSMITH_SIGNUP_DISABLED should be set to true to disable signing up of new users. When set, the following facts hold:

  1. New, uninvited users cannot signup using the signup form or the OAuth buttons. Both modes of signing up are disallowed.
  2. New, invited users can still signup using either the form or the OAuth buttons.
tip

The signup page will continue to show up but will throw an error when a user tries to sign up. This environment variable's value does not affect the login behavior of existing users.

caution

The user email IDs entered on the form login or signup is not verified by email or otherwise. This can lead to a breach while giving or receiving access to applications, resetting your password, using the email ID in any of your applications, etc. Make sure the user email IDs used exist to avoid issues like these.

Email domains white-list

The environment variable APPSMITH_SIGNUP_ALLOWED_DOMAINS can be used to restrict signups to emails belonging to only a specific set of domains. This field takes a comma-separated set of values.

Setting APPSMITH_SIGNUP_ALLOWED_DOMAINS=appsmith.com will allow homer@appsmith.com to sign up, but not bart@gmail.com.

Setting APPSMITH_SIGNUP_ALLOWED_DOMAINS=appsmith.com,gmail.com will allow both homer@appsmith.com and bart@gmail.com to sign up, but not lisa@outlook.com.

When this environment variable is set to one or more domains, the following facts hold:

  1. New, uninvited users cannot signup using the signup form or the OAuth buttons unless the email they use has a domain that's present in this environment variable.
  2. New, but invited users can still signup using the signup form or the OAuth buttons, even if their email **does not** have a domain in the environment variable.
tip

This environment variable's value does not affect the login behavior of existing users

danger

Accounts created via form signup are not validated via an email

Administrator emails

The environment variable APPSMITH_ADMIN_EMAILS can be set to a comma-separated list of email addresses, that will always be allowed to sign up, irrespective of the above two environment variables.

# Example docker configuration
APPSMITH_ADMIN_EMAILS=homer@appsmith.com,marge@yahoo.com

These two email addresses will be able to sign up on the Appsmith instance irrespective of the APPSMITH_SIGNUP_ALLOWED_DOMAINSandAPPSMITH_SIGNUP_DISABLED configurations