meinGPT LogomeinGPT Docs
WebsitePlatform Login
User GuidePrompting GuideAdmin GuideRollout GuidePrivacy & SecurityIntegrationsAPI

Access & Login Security

Login methods, domain verification, white-label, and Entra ID sync

This page is where you configure how users sign in, which email domains are auto-joined into your workspace, and whether Microsoft Entra groups sync with your meinGPT teams.

You find it under Settings β†’ Access. It is only visible to workspace admins.

Allowed email domains

Users who register with an email on a verified domain are added to your workspace automatically. This replaces one-by-one invitations and at the same time keeps employees from spinning up their own trial accounts on the company email.

Add and verify a domain

  1. Click Add domain and enter e.g. yourcompany.com. The domain starts in status Unverified β€” auto-join is still off.
  2. The verification dialog shows a Host, a Type (TXT), and a Value. Add this entry to the DNS configuration of your domain.
  3. Back in meinGPT, click Check now. DNS entries usually propagate within 5 minutes β€” if the check fails immediately, wait a moment and retry.
  4. After a successful check, the domain switches to Verified, and new registrations with that email suffix are auto-joined from then on.

Suggested domains: If members with a particular email domain are already in the workspace, meinGPT proactively suggests it ("X members already use this domain"). You can accept the suggestion with a click, but still need to publish the DNS TXT entry before auto-join kicks in.

Add existing users retroactively

When you click the "Apply to existing users" icon on a verified domain, meinGPT lists every person outside this workspace who already has an email on that domain. You can add them all as viewers in one step. Existing memberships in other workspaces are untouched.

Remove a domain

Removing a domain stops auto-join β€” existing memberships are not removed. If you add the domain back later, you have to re-verify it via DNS TXT.

Recommendation

Add domains early so employees don't spin up parallel trial workspaces on the company domain in the meantime.

Custom domain (white-label)

You can reach your workspace from your own hostname, e.g. chat.yourcompany.com instead of app.meingpt.com. This is a paid add-on and is set up together with our team.

A custom domain is useful when:

  • you want to present meinGPT to your employees under your own brand
  • you want a stable company URL in onboarding material and internal communications
  • your SSO security policy requires avoiding third-party hostnames

What happens during setup (together with our team):

  • DNS entry on your side (CNAME or A-record pointing to our endpoint)
  • TLS certificate on our side via Let's Encrypt
  • Microsoft and Google SSO use our central callback address; new custom domains no longer need separate OAuth redirect URIs
  • origin allow-list updated on our backend for CORS and Stripe redirects

To start the conversation: open Access & Login Security β†’ Custom domain in workspace settings and click "Contact sales", or email enterprise@meingpt.com directly.

Authentication methods

This is where you decide which methods users can use to register and sign in to your workspace. Three methods are available β€” all three are enabled by default:

  • Email (magic link) β€” passwordless sign-in via a one-time link sent to the user's email
  • Google β€” sign-in via Google account (particularly handy for Google Workspace customers)
  • Microsoft β€” sign-in via Microsoft account (personal, school, or work). Works without any further configuration; an Entra setup is not required for this β€” see the next section if you additionally want to sync groups.

At least one method must stay enabled β€” meinGPT prevents you from disabling the last one.

Below the toggles you find a pre-generated login URL of the form app.meingpt.com/auth?login=microsoft,email. It lists the currently enabled methods as URL parameters. Visitors who open this link only see the pre-selected options on the sign-in page β€” other methods stay hidden.

Typical use: hand a Microsoft-only link to your workforce so employees don't accidentally create a parallel account via magic link on their personal address. The URL updates automatically as you toggle methods on or off.

Entra ID sync

If you use Microsoft Entra ID (formerly Azure AD), you can link Entra groups to your meinGPT teams. Memberships are then applied automatically β€” removing someone from the Entra group also removes them from the meinGPT team.

This section only appears once your workspace is enabled for Entra sync. Reach out to us if you don't see it and need it.

One-time authorization

  1. Click Authorize. A Microsoft popup opens asking for admin consent on your tenant β€” this step must be performed by someone with Microsoft admin rights.
  2. Once consent is granted, meinGPT stores the tenant ID. No separate manual configuration is needed.

Enable group synchronization

The switch next to the section title controls whether Entra groups are actually synced. On first activation or after tenant changes, meinGPT may require a re-authorization β€” the banner "Re-authorization may be required" indicates this. In that case, just click Re-authorize again.

Which Entra group is wired to which meinGPT team is configured in team settings afterwards (see Team management β†’ Entra sync).

Restrict access additionally on the Microsoft side

If you want to limit meinGPT access to specific Entra groups, that's done on the Microsoft side via Conditional Access: block the "meinGPT" application for everyone and explicitly grant access to the chosen groups. This complements the authentication toggles in meinGPT but does not replace them.

Technical Deep Dive

Usage Limits

Configure usage limits in the workspace, edit usage tiers, and manage upgrade requests

Assistant Governance

Tool and integration policies for assistants

On this page

Allowed email domainsAdd and verify a domainAdd existing users retroactivelyRemove a domainRecommendationCustom domain (white-label)Authentication methodsPre-filtered login linkEntra ID syncOne-time authorizationEnable group synchronizationRestrict access additionally on the Microsoft sideTechnical Deep Dive