Workspaces on Range’s Premium and Enterprise plans have the option to customize their login and authentication settings to suit their specific needs. These settings control how users at your organization are allowed to sign up for Range, who can be invited, and what authentication methods can be used.
Your account manager or a support representative can make any changes for you.
Range supports the following authentication methods:
If you wish to disable certain authentication methods for your workspace, please reach out to support.
Range supports automatic domain binding and just in time account creation.
Domain binding means that if you create a workspace with your work email email@example.com, anyone at acme-corp.com will be able to sign into your workspace. If however, you signed up with firstname.lastname@example.org then there will be no domain binding and all users will need to be explicitly invited.
You can see the current configuration on the workspace settings screen.
Range can support multiple domains for your employees, reach out to our support team to have new domains added.
If you wish to prevent new users at your company from joining your Range workspace, reach out to our support team. There are two ways of achieving this:
By default, any Range user can invite someone else into your workspace.
Range can be configured to only allow users that match a set of email domains. This would allow email@example.com to be invited but prevent firstname.lastname@example.org from being invited. Each authentication method can be restricted independently. So for example, you could allow an invite to any Google user while locking Microsoft invites to your domain.
If you need full control over access to Range, we recommend connecting Okta or One Login via OpenIDConnect and then have your account manager disable all other authentication methods.
Range accounts can be closed on the user settings page which will instantly take effect and prevent users from accessing information.
Users authenticated via Google and OIDC, who then have their respective upstream accounts closed, may take 2 hours for sessions to expire.
Users can be programmatically disabled using the UpdateUserState (https://www.range.co) API with an admin’s API key.