Allow only Organization and Whitelisted users to Signup

We are building an enterprise document management system. So we only want to allow only users who belong to our organization or whitelisted emails.

We will use Cognito Pre-Signup Hook to validate the email address and accordingly allow users to continue.

Cognito Pre-signup Trigger

Here is the Lambda code which does the validation.

const whitelistedDomains = ['appgambit.com'];
const whitelistedEmails = [];

exports.handler = async (event, context, callback) => {    
    // Split the email address so we can compare domains
    const userEmail = event.request.userAttributes.email;
    const userDomain = userEmail.split("@")[1];
    
    console.log(`Validating domain ${userDomain} and email ${userEmail}`);
    if(whitelistedEmails.indexOf(userEmail) < 0){
        if (whitelistedDomains.indexOf(userDomain) < 0) {
            throw new Error('EMAIL_DOMAIN_ERR')
        }
    }

    // Return to Amazon Cognito
    return event;
};

You can configure your Cognito pool to use the above lambda function.

Cognito Pre sign-up Lambda Trigger

Now if you try to use an email that is not in the whitelist, you should see an error message. I am returning an error code EMAIL_DOMAIN_ERR and showing the proper message on the UI side.

At this point, the whole application will only accept only whitelisted signups. So this is now ready to use and share with your users.