Alpha has D360 embedded and will access the platform via SSO. Alpha is a single URL that our clients will access, they will then be routed and SSO into the correct URL for the specific clients D360 instance. However there is a (small) risk that once signed in to Alpha and a trust token established that they could get routed to the wrong D360 environment. To eliminate this we would like to have a domain whitelist for each D360 install. So a Bank of America user having logged into alpha will not get access to allianz D360 environment because the BOA.com domain is NOT set up within the Allianz D360 app