I use AWS Cognito, which in of itself is free. However, this does require an appsheet enterprise plan.

I also have some webhooks to the AWS API gateway. With this someone can create a user in the app, and everything is handled from there by AWS.

AppSheet provides no automated / programmatic method for interacting with the user whitelist within AppSheet. Users must be added, removed, or otherwise managed manually here. The only path forward is with an enterprise plan and domain authentication, as Grant mentions.

One system I had created in the past involved:

1. Allowing all signed in users to the application;
2. Have users create their own record in the user table upon first login; and
3. Use security filters to ensure data security for users without credentials.

The obvious drawback with the above solution is there is no convenient way for preventing users from logging into the application, or otherwise controlling your monthly userbase. It also lacks a certain level of polish that can be achieved with the domain authentication alternatives.

I believe reading the white-listed users from a table source is not so easy in terms of oAuth protocols and creating secure tokens for users. As AppSheet licences and tracks the users via email and oAuth, it shall occur before the user having access to the app. I belive users login duration might increase as well even there’s a way to read the user data/email from the any table - either a sheet or SQL. When dealing with a large number of user set where a domain auth or any auth pool i.e. Cognito, Azure etc. is needed, enterprise or business subscription seems inevitable. But I should admit that even with a small number of user pool i.e. 10-20 using the AppSheet Editor to whitelist the user is a bit cumbersome.

Ideal : all users are able to create an account and subscribe from the app. I use security filters for data security. I discarded this option because it is too expensive under the PRO plan. I’d have to pay $10 for any user that opens the app, even if they don’t subscribe.

Unfortunately, users logged in via domain authentication are tracked the same as users logging in via the appsheet whitelist. Domain authentication only streamlines the user signup and management processes. There may be some differences depending on the business plan you work out with AppSheet, but for the most part your monthly active users will still be tracked and billed similar to the Pro plan.

@Jonathon that’s helpful to know.

My thinking right now is that domain authentication will help me make sure that only users that have a subscription can open the app. So I need a flow outside of appsheet for subscription > account creation

@maiga
In a B2C or B2B app, it’s not so easy and yet possible to control provided any user have a valid cloud associated email address. In general, these kinda users request that they should be able to authenticate even with a social media account i.e. Facebook or they want to create their own account with a simple username and pwd combination. Unfortunately the only way to go with this kinda app schema is using an oAuth pool i.e. AWS Cognito, OKTA or OpenID. For this; you need to subscribe to Business Plan where the cost is $15K per annum and it paid annually not monthly. With this subscription, you get 100 user licence and for 3rd party oAuth pool integration like Cognito you need additional add-on subscription besides the Business Plan. With a 100 user licence and additional add-on subscriptions, I assume your annual BP cost will be around $20-$25K. Also may be remind you that when your userbase exceeds 100 licence, you need to subsribe to an additional 100 licence which is around $5-7K per annum. When your userbase increases, your data size will increase too and you will need to switch to Google Cloud SQL and that will also bring some additional costs depending on your SQL VM setup on Google Cloud.

Provided this will be the way to go, I may advise to very carefully model your Capex and CF from the very beginging.