![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 70%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello
Thank you for posting in Q&A forum.
There isn’t an existing Windows setting that “knows” about IMAP eligibility and then shows only those users on the logon screen. In a domain‐joined environment the Windows sign‐in experience (via the Credential Provider) is designed to show either a cached list of local users (for a workstation) or simply an “Other user” box (for domain accounts), not a filtered list based on external criteria such as an IMAP account.
You might consider if you want to display only the users eligible (such as IMAP–assignment or other criteria):
1. Custom Credential Provider:
Windows allows you to write your own Credential Provider using the Credential Provider API.
1-1 In a custom provider you could, for example, query Active Directory (or a custom data source) for users who are assigned a particular attribute or membership (say, a specific AD group or even a custom attribute that indicates IMAP–account assignment).
1-2 The provider would then display only those users in the logon UI.
1-3 When the user selects one of these accounts, the provider would then carry out the authentication.
2. Third–Party Solution:
There are commercial products and identity management solutions that sometimes offer “enhanced” logon experiences and may allow you to integrate custom eligibility criteria. Such solutions may already have mechanisms to combine domain authentication with other identity sources (like an IMAP server if that is supported on your end).
Note:
The custom Credential Provider is probably the most direct route if you need a login UI that directly reflects the eligibility criteria you’ve created. However, developing and supporting such a provider means you’ll be responsible for all the security risks and stability issues that might come up with a highly customized logon experience.
References:
https://learn.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.