Allow the Use of Nonstandard Email Domains

Apache components included in the Authentication Manager appliance prevent the use of nonstandard email domains, such as .bank, .law, and .sms. Authentication Manager allows the nonstandard .local domain.

To use other nonstandard domains, you must edit the Authentication Manager file on each primary and replica instance.

Before you begin

The rsaadmin operating system password for the primary instance is required.


  1. Log on to the primary instance appliance with the User ID rsaadmin and the current operating system password:
    • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using the SSH client.
    • On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
    • On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
  2. Change directories:

    cd /opt/rsa/am/utils/resources

  3. In a text editor, such as the vi editor, open the file.
  4. If the validDomainList line does not exist, only the .local nonstandard domain is supported, and you must add validDomainList to support additional nonstandard domains:


    Where nonstandard is the name of the nonstandard domain. For example, to support a .sms and a .local email domain, you would enter validDomainList=.sms;.local;

    You can add more than one nonstandard domain. Separate each name with a semicolon.

  5. Save your changes. For example, in the vi editor, type :wq!.
  6. Change directories:

    cd /opt/rsa/am/server

  7. Restart Authentication Manager services:

    ./rsaserv restart all

    The nonstandard domains are listed in /opt/rsa/am/utils/resources/

  8. The file is not replicated. If you promote a replica instance, you must repeat this procedure, unless you prepare for promotion by repeating these steps on each Authentication Manager instance in your deployment.

After you finish

If you have a web tier, you must update each web-tier server. For instructions, see Update the Web Tier to Allow the Use of Nonstandard Email Domains.