I am setting up a small Galaxy server to be used in our research group. I wish to make it so only people from our institution can register a user account and use the server.

I see there is an option to hinder users from making accounts using disposable email addresses ( blacklist_file path parameter), however is there a way to create a whitelist of addresses?

Another question I have is regarding the grace period. I have left the parameter null, meaning that according to the tutorials users should not be able to login until they have verified their emails. However this does not seem to work, any idea why?

Thirdly, is there a way to limit the quota (volume of data) for unactivated users?

Thanks in advance for the answers/suggestions. Cheers.

If you just want a small group of users to be able to use the server then set allow_user_creation = False and create the accounts as the admin. You'll want to set require_login = True as well, to disable anonymous access.