diff --git a/server/modules/authentication/google/authentication.js b/server/modules/authentication/google/authentication.js
index 23eb40af92a88e765f6b065f7fca5e3c6d028a46..d7ba3b323fda053c8e0f71027866bf2313148b49 100644
--- a/server/modules/authentication/google/authentication.js
+++ b/server/modules/authentication/google/authentication.js
@@ -9,27 +9,38 @@ const _ = require('lodash')
 
 module.exports = {
   init (passport, conf) {
-    passport.use('google',
-      new GoogleStrategy({
-        clientID: conf.clientId,
-        clientSecret: conf.clientSecret,
-        callbackURL: conf.callbackURL,
-        passReqToCallback: true
-      }, async (req, accessToken, refreshToken, profile, cb) => {
-        try {
-          const user = await WIKI.models.users.processProfile({
-            providerKey: req.params.strategy,
-            profile: {
-              ...profile,
-              picture: _.get(profile, 'photos[0].value', '')
-            }
-          })
-          cb(null, user)
-        } catch (err) {
-          cb(err, null)
+    const strategy = new GoogleStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
+      passReqToCallback: true
+    }, async (req, accessToken, refreshToken, profile, cb) => {
+      try {
+        if (conf.hostedDomain && conf.hostedDomain != profile._json.hd) {
+          throw new Error('Google authentication should have been performed with domain ' + conf.hostedDomain)
         }
-      })
-    )
+        const user = await WIKI.models.users.processProfile({
+          providerKey: req.params.strategy,
+          profile: {
+            ...profile,
+            picture: _.get(profile, 'photos[0].value', '')
+          }
+        })
+        cb(null, user)
+      } catch (err) {
+        cb(err, null)
+      }
+    })
+
+    if (conf.hostedDomain) {
+      strategy.authorizationParams = function(options) {
+        return {
+          hd: conf.hostedDomain
+        }
+      }
+    }
+
+    passport.use('google', strategy)
   },
   logout (conf) {
     return '/'
diff --git a/server/modules/authentication/google/definition.yml b/server/modules/authentication/google/definition.yml
index 70f2892de7ee87ea3f168292bdfc5f4f997652d9..51747c3766e71807002b4f442aa12d3126534599 100644
--- a/server/modules/authentication/google/definition.yml
+++ b/server/modules/authentication/google/definition.yml
@@ -22,3 +22,8 @@ props:
     title: Client Secret
     hint: Application Client Secret
     order: 2
+  hostedDomain:
+    type: String
+    title: Hosted Domain
+    hint: (optional) Only for G Suite hosted domain. Leave empty otherwise.
+    order: 3