Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

• When configuring Enterprise SSO, we can only specify exact domain. Is it possible to add support for a regex expression value? We would like the ability to ignore email variants (emails with same domain but with + sign in the username) and login with a password in those cases instead of redirecting to external IDP.

Hey Mitch,
as far as I know this is not possible at the moment.
IMO it would be a good addition in general.

Just out of curiosity, why do you want to disallow the email variants from using the SSO?

I think some of our admins and QA members have accounts aside from their main account, which have different settings. It allows them to still get emails arriving at the same address as their main account. Also, we haven't really implemented 'impersonation' yet, so it allows them to login to an account associated with another customer. I think the feature is optional, but nice to carry over from our current provider.