You can restrict user sign-in to certain email domains by using Ory Actions to add extra validation during the sign-up process. This allows you to control exactly who can sign up. For example, you can prevent users from signing up when their email domain doesn't match a certain value. This way, you can allow only users from certain organizations to sign up. To implement this, you would use flow-interrupting webhooks to add this validation to sign-up and registration flows. Unfortunately, the exact code or configuration to achieve this is not provided in the knowledge sources. However, you can refer to the [Flow-interrupting webhooks documentation](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#flow-interrupting-webhooks) to learn more about how to use them. Additionally, Ory Identities allows you to configure hooks that run before and after a Login Flow. This may be helpful if you'd like to restrict logins to certain conditions or logic. You can read more about hooks in the [Hook Documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks). Please note that you would need to have a good understanding of how webhooks and hooks work in Ory, and possibly some programming knowledge to implement this feature. If you need further assistance, you might want to consider reaching out to the Ory community or seeking help from a developer. Sources: - [Customize login and registration behavior](https://www.ory.sh/docs/identities/sign-in/actions) - [Hooks in Ory Identities](https://www.ory.sh/docs/kratos/self-service/flows/user-login#hooks)

The validation logic for Ory Actions, such as restricting user sign-in to certain email domains, would typically reside in a third-party service. This is because Ory Actions are designed to integrate with external systems and services. When an event occurs in your Ory-powered application, such as a user registration, it can trigger an Ory Action that calls a webhook to your third-party service. This service would then execute the custom validation logic and return the result to Ory. The third-party service could be a serverless function on a platform like AWS Lambda, Google Cloud Functions, or Azure Functions. It could also be a service running on your own servers. The key requirement is that the service must be able to receive HTTP requests from Ory and respond with the appropriate data. To set up an Ory Action, you would use the Ory Network Console to specify the URL of your third-party service, the HTTP request method, and any necessary authentication parameters. Once the action is set up, it will be triggered by the specified events in your Ory-powered application. Please note that the exact steps to set up an Ory Action and the code for the validation logic are not provided in the knowledge sources. You would need to refer to the relevant documentation or seek help from a developer to implement this feature. Sources: - [Ory Actions Overview](https://www.ory.sh/docs/kratos/hooks/configure-hooks) - [Creating Actions on the Ory Network](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#creating-actions-on-the-ory-network)