This document describes ways to restrict users from signing up on your self-hosted Appsmith instance. This configuration is done by editing the Instance configuration.
The environment variable APPSMITH_SIGNUP_DISABLED should be set to true to disable signing up of new users. When set, the following facts hold:
- New, uninvited users cannot signup using the signup form or the OAuth buttons. Both modes of signing up are disallowed.
- New, invited users can still signup using either the form or the OAuth buttons.
{% hint style="success" %} The signup page will continue to show up but will throw an error when a user tries to sign up. This environment variable's value does not affect the login behavior of existing users. {% endhint %}
{% hint style="warning" %} The user email IDs entered on the form login or signup is not verified by email or otherwise. This can lead to a breach while giving or receiving access to applications, resetting your password, using the email ID in any of your applications, etc. Make sure the user email IDs used exist to avoid issues like these. {% endhint %}
The environment variable APPSMITH_SIGNUP_ALLOWED_DOMAINS can be used to restrict signups to emails belonging to only a specific set of domains. This field takes a comma-separated set of values.
Setting APPSMITH_SIGNUP_ALLOWED_DOMAINS=appsmith.com will allow [email protected] to sign up, but not [email protected].
Setting APPSMITH_SIGNUP_ALLOWED_DOMAINS=appsmith.com,gmail.com will allow both [email protected] and [email protected] to sign up, but not [email protected].
When this environment variable is set to one or more domains, the following facts hold:
- New, uninvited users cannot signup using the signup form or the OAuth buttons unless the email they use has a domain that's present in this environment variable.
- New, but invited users can still signup using the signup form or the OAuth buttons, even if their email **does not** have a domain in the environment variable.
{% hint style="success" %} This environment variable's value does not affect the login behavior of existing users {% endhint %}
{% hint style="danger" %} Accounts created via form signup are not validated via an email {% endhint %}
The environment variable APPSMITH_ADMIN_EMAILS can be set to a comma-separated list of email addresses, that will always be allowed to sign up, irrespective of the above two environment variables.
# Example docker configuration
[email protected],[email protected]These two email addresses will be able to sign up on the Appsmith instance irrespective of the APPSMITH_SIGNUP_ALLOWED_DOMAINSandAPPSMITH_SIGNUP_DISABLED configurations