Coming Soon! We’re launching a new sub-community within the Google Cloud Community dedicated to cloud security: The Google Cloud Security Community. In preparation for the launch, this site will be in read only mode from 22 September 12am PST - 23 September 7pm PST

OAuth Error: User not in the authorized domain(s)

Knowledge Drop

Last tested: Sep 26, 2019

This generally occurs when the user's email domain (eg hasn't been added to the 'Authorized Domain' list on the OAuth side.

This can also occur if the user's domain has not been verified on the GSuite / Oauth side.

Note that even if the user's email address ends in the correct domain (eg, that does not necessarily mean that it is registered with GSuite under the domain. The user must be registered with the correct GSuite account for that domain in order for the "hd" field to be passed in the Decoded ID Token that Looker receives from OAuth, which is the parameter used to match the user's domain against the Authorized Domain list on the OAuth side.

Screen Shot 2019-09-26 at 3.55.17 PM.png

This content is subject to limited support.                


If the “hd” field in the JSON response of the Google Oauth test is empty, then make sure that the user has a managed account.

Version history
Last update:
‎07-07-2021 01:15 PM
Updated by: