diff --git a/server/auth/github/github.go b/server/auth/github/github.go
index 7628526504ac4f34f48828893bda313e93065cb5..46cf76a97665bad865de69e675824b65d924b4c8 100644
--- a/server/auth/github/github.go
+++ b/server/auth/github/github.go
@@ -25,8 +25,10 @@ type Config struct {
 	whitelist    map[string]bool
 }
 
+var _ auth.Provider = (*Config)(nil)
+
 // New creates a new Github provider from a configuration.
-func New(c *config.Auth) (auth.Provider, error) {
+func New(c *config.Auth) (*Config, error) {
 	uw := make(map[string]bool)
 	for _, u := range c.UsersWhitelist {
 		uw[u] = true
diff --git a/server/auth/github/github_test.go b/server/auth/github/github_test.go
index b0c97d2829ea9e8af7dba3e0e2b4c05dcc6c7e4c..8c51f4f8f13021342f6a93eb87e56ea3c5ca2b16 100644
--- a/server/auth/github/github_test.go
+++ b/server/auth/github/github_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/nsheridan/cashier/server/auth"
 	"github.com/nsheridan/cashier/server/config"
 	"github.com/stretchr/testify/assert"
 )
@@ -14,25 +13,48 @@ var (
 	oauthClientSecret = "secret"
 	oauthCallbackURL  = "url"
 	organization      = "exampleorg"
+	users             = []string{"user"}
 )
 
 func TestNew(t *testing.T) {
 	a := assert.New(t)
 
-	p, _ := newGithub()
-	g := p.(*Config)
-	a.Equal(g.config.ClientID, oauthClientID)
-	a.Equal(g.config.ClientSecret, oauthClientSecret)
-	a.Equal(g.config.RedirectURL, oauthCallbackURL)
-	a.Equal(g.organization, organization)
+	p, _ := New(&config.Auth{
+		OauthClientID:     oauthClientID,
+		OauthClientSecret: oauthClientSecret,
+		OauthCallbackURL:  oauthCallbackURL,
+		ProviderOpts:      map[string]string{"organization": organization},
+		UsersWhitelist:    users,
+	})
+	a.Equal(p.config.ClientID, oauthClientID)
+	a.Equal(p.config.ClientSecret, oauthClientSecret)
+	a.Equal(p.config.RedirectURL, oauthCallbackURL)
+	a.Equal(p.organization, organization)
+	a.Equal(p.whitelist, map[string]bool{"user": true})
 }
 
-func TestNewEmptyOrganization(t *testing.T) {
-	organization = ""
-	if _, err := newGithub(); err == nil {
+func TestWhitelist(t *testing.T) {
+	c := &config.Auth{
+		OauthClientID:     oauthClientID,
+		OauthClientSecret: oauthClientSecret,
+		OauthCallbackURL:  oauthCallbackURL,
+		ProviderOpts:      map[string]string{"organization": ""},
+		UsersWhitelist:    []string{},
+	}
+	if _, err := New(c); err == nil {
 		t.Error("creating a provider without an organization set should return an error")
 	}
-	organization = "exampleorg"
+	// Set a user whitelist but no domain
+	c.UsersWhitelist = users
+	if _, err := New(c); err != nil {
+		t.Error("creating a provider with users but no organization should not return an error")
+	}
+	// Unset the user whitelist and set a domain
+	c.UsersWhitelist = []string{}
+	c.ProviderOpts = map[string]string{"organization": organization}
+	if _, err := New(c); err != nil {
+		t.Error("creating a provider with an organization set but without a user whitelist should not return an error")
+	}
 }
 
 func TestStartSession(t *testing.T) {
@@ -45,7 +67,7 @@ func TestStartSession(t *testing.T) {
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
 }
 
-func newGithub() (auth.Provider, error) {
+func newGithub() (*Config, error) {
 	c := &config.Auth{
 		OauthClientID:     oauthClientID,
 		OauthClientSecret: oauthClientSecret,
diff --git a/server/auth/google/google.go b/server/auth/google/google.go
index 643ecfe96cdddaf3064714f95e5e720327e92672..8c6f53bda128ff0893a2825eff70819e5b9e1f71 100644
--- a/server/auth/google/google.go
+++ b/server/auth/google/google.go
@@ -27,8 +27,10 @@ type Config struct {
 	whitelist map[string]bool
 }
 
+var _ auth.Provider = (*Config)(nil)
+
 // New creates a new Google provider from a configuration.
-func New(c *config.Auth) (auth.Provider, error) {
+func New(c *config.Auth) (*Config, error) {
 	uw := make(map[string]bool)
 	for _, u := range c.UsersWhitelist {
 		uw[u] = true
diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go
index 781cf6f24338fc2294a9fa14220da4178c8aad3f..b3d26334a9224b79612ed3cc915e26ece47eded7 100644
--- a/server/auth/google/google_test.go
+++ b/server/auth/google/google_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/nsheridan/cashier/server/auth"
 	"github.com/nsheridan/cashier/server/config"
 	"github.com/stretchr/testify/assert"
 )
@@ -14,27 +13,42 @@ var (
 	oauthClientSecret = "secret"
 	oauthCallbackURL  = "url"
 	domain            = "example.com"
+	users             = []string{"user"}
 )
 
 func TestNew(t *testing.T) {
 	a := assert.New(t)
-
-	p, _ := newGoogle()
-	g := p.(*Config)
-	a.Equal(g.config.ClientID, oauthClientID)
-	a.Equal(g.config.ClientSecret, oauthClientSecret)
-	a.Equal(g.config.RedirectURL, oauthCallbackURL)
-	a.Equal(g.domain, domain)
+	p, err := newGoogle()
+	a.NoError(err)
+	a.Equal(p.config.ClientID, oauthClientID)
+	a.Equal(p.config.ClientSecret, oauthClientSecret)
+	a.Equal(p.config.RedirectURL, oauthCallbackURL)
+	a.Equal(p.domain, domain)
+	a.Equal(p.whitelist, map[string]bool{"user": true})
 }
 
-func TestNewWithoutDomain(t *testing.T) {
-	domain = ""
-
-	if _, err := newGoogle(); err == nil {
+func TestWhitelist(t *testing.T) {
+	c := &config.Auth{
+		OauthClientID:     oauthClientID,
+		OauthClientSecret: oauthClientSecret,
+		OauthCallbackURL:  oauthCallbackURL,
+		ProviderOpts:      map[string]string{"domain": ""},
+		UsersWhitelist:    []string{},
+	}
+	if _, err := New(c); err == nil {
 		t.Error("creating a provider without a domain set should return an error")
 	}
-
-	domain = "example.com"
+	// Set a user whitelist but no domain
+	c.UsersWhitelist = users
+	if _, err := New(c); err != nil {
+		t.Error("creating a provider with users but no domain should not return an error")
+	}
+	// Unset the user whitelist and set a domain
+	c.UsersWhitelist = []string{}
+	c.ProviderOpts = map[string]string{"domain": domain}
+	if _, err := New(c); err != nil {
+		t.Error("creating a provider with a domain set but without a user whitelist should not return an error")
+	}
 }
 
 func TestStartSession(t *testing.T) {
@@ -49,12 +63,13 @@ func TestStartSession(t *testing.T) {
 	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID))
 }
 
-func newGoogle() (auth.Provider, error) {
+func newGoogle() (*Config, error) {
 	c := &config.Auth{
 		OauthClientID:     oauthClientID,
 		OauthClientSecret: oauthClientSecret,
 		OauthCallbackURL:  oauthCallbackURL,
 		ProviderOpts:      map[string]string{"domain": domain},
+		UsersWhitelist:    users,
 	}
 	return New(c)
 }
diff --git a/server/auth/testprovider/testprovider.go b/server/auth/testprovider/testprovider.go
index 3d2b13a49845065e3d67a36a696adac5753ea8e8..e30b04aaa58e8cae689cb47b6b992ead3ebe02f4 100644
--- a/server/auth/testprovider/testprovider.go
+++ b/server/auth/testprovider/testprovider.go
@@ -15,8 +15,10 @@ const (
 // Config is an implementation of `auth.Provider` for testing.
 type Config struct{}
 
+var _ auth.Provider = (*Config)(nil)
+
 // New creates a new provider.
-func New() auth.Provider {
+func New() *Config {
 	return &Config{}
 }