diff --git a/website/developer-docs/setup/website-dev-environment.md b/website/developer-docs/setup/website-dev-environment.md
index 58387024d..fd9e259cb 100644
--- a/website/developer-docs/setup/website-dev-environment.md
+++ b/website/developer-docs/setup/website-dev-environment.md
@@ -17,5 +17,5 @@ Depending on platform, some native dependencies might be required. On macOS, run
 
 1. Clone the git repo from https://github.com/goauthentik/authentik
 2. Run `make website-install` to install the website development dependencies
-3. Run `website-watch` to start a development server to see and preview your changes
+3. Run `make website-watch` to start a development server to see and preview your changes
 4. Finally when you're about to commit your changes, run `make website` to run the linter and auto-formatter.
diff --git a/website/docs/policies/working_with_policies/whitelist_email.md b/website/docs/policies/working_with_policies/whitelist_email.md
new file mode 100644
index 000000000..3cb3f0e7a
--- /dev/null
+++ b/website/docs/policies/working_with_policies/whitelist_email.md
@@ -0,0 +1,23 @@
+---
+title: Whitelist email domains
+---
+
+To add specific email addresses to an allow list for signing in through SSO or directly with default policy customization,
+follow these steps:
+
+1. In the Admin interface, navigate to **Customization > Policies** and modify the default policy named `default-source-enrollment-if-sso`.
+
+2. Add the following code snippet in the policy-specific settings under **Expression** and then click **Update**.
+
+```python
+allowed_domains = ["example.net", "example.com"]
+current_domain =request.context["prompt_data"]["email"].split("@")[1]
+if current_domain in allowed_domains:
+  email = request.context["prompt_data"]["email"]
+  request.context["prompt_data"]["username"] = email
+  return ak_is_sso_flow
+else:
+  return ak_message("Access denied for this email domain")
+```
+
+This configuration specifies the `allowed_domains` list of domains for logging in through SSO, such as Google OAuth2. If your email is not in the available domains, you will receive a 'Permission Denied' message on the login screen.
diff --git a/website/sidebars.js b/website/sidebars.js
index 994f0d284..adfdd7041 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -183,7 +183,20 @@ module.exports = {
                 type: "doc",
                 id: "policies/index",
             },
-            items: ["policies/expression"],
+            items: [
+                {
+                    type: "category",
+                    label: "Working with policies",
+                    items: ["policies/working_with_policies/whitelist_email"],
+                    link: {
+                        type: "generated-index",
+                        title: "Working with policies",
+                        slug: "policies/working_with_policies",
+                        description: "Overview of policies configuration",
+                    },
+                },
+                "policies/expression",
+            ],
         },
         {
             type: "category",