Limit auth to certain domain only

On the backend you can add security rules to the database

Restrict Firebase authentication to a certain domain

{
"rules": {
".read": "auth.token.email.matches(/.*@example.com$/)",
".write": "auth.token.email.matches(/.*@example.com$/)"
}
}

How do I create firestore rules based on users email domain?

rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /podcasts/{podcast=**} {
function isValidEmail(){
return (request.auth.token.email.matches('.*@example[.]com$') &&
request.auth.token.email_verified)
}
allow read, write: if isValidEmail();
}
}
}