Knowledge Drop

OAuth Error: User not in the authorized domain(s)

  • 7 July 2021
  • 1 reply

Userlevel 4

Last tested: Sep 26, 2019

This generally occurs when the user's email domain (eg hasn't been added to the 'Authorized Domain' list on the OAuth side.

This can also occur if the user's domain has not been verified on the GSuite / Oauth side.

Note that even if the user's email address ends in the correct domain (eg, that does not necessarily mean that it is registered with GSuite under the domain. The user must be registered with the correct GSuite account for that domain in order for the "hd" field to be passed in the Decoded ID Token that Looker receives from OAuth, which is the parameter used to match the user's domain against the Authorized Domain list on the OAuth side.

Screen Shot 2019-09-26 at 3.55.17 PM.png


This content is subject to limited support.                



1 reply

Userlevel 5

If the “hd” field in the JSON response of the Google Oauth test is empty, then make sure that the user has a managed account.