diff --git a/backend/src/routes/api/user.js b/backend/src/routes/api/user.js
index 3c0b2b18..42b0bc1b 100644
--- a/backend/src/routes/api/user.js
+++ b/backend/src/routes/api/user.js
@@ -55,11 +55,21 @@ const allowedDomains = new Set([
   "aucklanduni.ac.nz",
 ]);
 
+const allowedEmails = new Set([
+  "wdccvpstesting1@gmail.com",
+  "wdccvpstesting2@gmail.com",
+]);
+
 // handles a sign in request
 router.post(
   "/",
   handle(async (req, res) => {
-    if (!allowedDomains.has(req.body.email.split("@")[1])) {
+    const email = req?.body?.email || "";
+    if (
+      !(email.split("@").length > 1) &&
+      !allowedDomains.has(email.split("@")[1]) &&
+      !allowedEmails.has(email)
+    ) {
       throw new HttpError("Sign in with your UoA account", STATUS.FORBIDDEN);
     }
     if (!(await retrieveUserByEmail(req.body.email))) {