diff --git a/internal/auth.go b/internal/auth.go
index 5906c594..99a17d33 100644
--- a/internal/auth.go
+++ b/internal/auth.go
@@ -113,8 +113,9 @@ func ValidateDomains(user string, domains CommaSeparatedList) bool {
 	if len(parts) < 2 {
 		return false
 	}
+	emailDomain := strings.ToLower(parts[1])
 	for _, domain := range domains {
-		if domain == parts[1] {
+		if domain == emailDomain {
 			return true
 		}
 	}
diff --git a/internal/auth_test.go b/internal/auth_test.go
index dd2ea305..f0e5fe6a 100644
--- a/internal/auth_test.go
+++ b/internal/auth_test.go
@@ -79,6 +79,11 @@ func TestAuthValidateUser(t *testing.T) {
 	v = ValidateUser("test@test.com", "default")
 	assert.True(v, "should allow user from allowed domain")
 
+	// Should match regardless of domain case
+	config.Domains = []string{"test.com"}
+	v = ValidateUser("test@TeSt.com", "default")
+	assert.True(v, "should allow user from allowed domain, regardless of case")
+
 	// Should block non whitelisted email address
 	config.Domains = []string{}
 	config.Whitelist = []string{"test@test.com"}