diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index e45f22ae0..f54becc53 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -7,6 +7,7 @@ class Users::SessionsController < Devise::SessionsController
 
   layout 'login', only: [:new, :create]
 
+  before_action :redirect_to_agent_connect_if_mandatory, only: [:create]
   before_action :restore_procedure_context, only: [:new, :create]
   skip_before_action :redirect_if_untrusted, only: [:reset_link_sent]
   # POST /resource/sign_in
@@ -117,4 +118,13 @@ class Users::SessionsController < Devise::SessionsController
 
     redirect_to root_path, notice: I18n.t('devise.sessions.signed_out')
   end
+
+  def redirect_to_agent_connect_if_mandatory
+    return if !AgentConnectService.enabled?
+
+    return if !AgentConnectService.email_domain_is_in_mandatory_list?(params[:user][:email])
+
+    flash[:alert] = "La connexion des agents passe à présent systématiquement par AgentConnect"
+    redirect_to agent_connect_path(force_agent_connect: true)
+  end
 end
diff --git a/app/services/agent_connect_service.rb b/app/services/agent_connect_service.rb
index 6b2dc6ba1..f06749173 100644
--- a/app/services/agent_connect_service.rb
+++ b/app/services/agent_connect_service.rb
@@ -3,6 +3,8 @@
 class AgentConnectService
   include OpenIDConnect
 
+  MANDATORY_EMAIL_DOMAINS = ['beta.gouv.fr', 'modernisation.gouv.fr']
+
   def self.enabled?
     ENV['AGENT_CONNECT_BASE_URL'].present?
   end
@@ -45,6 +47,10 @@ class AgentConnectService
     "#{AGENT_CONNECT[:end_session_endpoint]}?#{h.to_query}"
   end
 
+  def self.email_domain_is_in_mandatory_list?(email)
+    email.strip.split('@').last.in?(MANDATORY_EMAIL_DOMAINS)
+  end
+
   private
 
   # TODO: remove this block when migration to new domain is done
diff --git a/app/views/agent_connect/agent/index.html.haml b/app/views/agent_connect/agent/index.html.haml
index d83c40f8c..6187bf8de 100644
--- a/app/views/agent_connect/agent/index.html.haml
+++ b/app/views/agent_connect/agent/index.html.haml
@@ -26,36 +26,36 @@
                   %p
                     = link_to t('.whats_agentconnect'), 'https://agentconnect.gouv.fr/', target: '_blank', rel: "noopener"
 
+            - if !params[:force_agent_connect]
+              %p.fr-hr-or= t('views.shared.france_connect_login.separator')
 
-            %p.fr-hr-or= t('views.shared.france_connect_login.separator')
+              %fieldset.fr-mb-0.fr-fieldset{ aria: { labelledby: 'new-account-legend' } }
+                %legend.fr-fieldset__legend#new-account-legend
+                  %h2.fr-h6= I18n.t('views.users.sessions.new.subtitle')
 
-            %fieldset.fr-mb-0.fr-fieldset{ aria: { labelledby: 'new-account-legend' } }
-              %legend.fr-fieldset__legend#new-account-legend
-                %h2.fr-h6= I18n.t('views.users.sessions.new.subtitle')
+                = render Dsfr::AlertComponent.new(state: :info, size: :sm, extra_class_names: 'fr-mb-2w') do |c|
+                  - c.with_body do
+                    = t('views.users.sessions.new.for_tiers_alert')
 
-              = render Dsfr::AlertComponent.new(state: :info, size: :sm, extra_class_names: 'fr-mb-2w') do |c|
-                - c.with_body do
-                  = t('views.users.sessions.new.for_tiers_alert')
+                .fr-fieldset__element
+                  %p.fr-text--sm= t('utils.asterisk_html')
 
-              .fr-fieldset__element
-                %p.fr-text--sm= t('utils.asterisk_html')
+                .fr-fieldset__element
+                  = render Dsfr::InputComponent.new(form: f, attribute: :email, input_type: :email_field, opts: { autocomplete: 'email' }) do |c|
+                    - c.with_label { t('.pro_email') }
 
-              .fr-fieldset__element
-                = render Dsfr::InputComponent.new(form: f, attribute: :email, input_type: :email_field, opts: { autocomplete: 'email' }) do |c|
-                  - c.with_label { t('.pro_email') }
+                .fr-fieldset__element
+                  = render Dsfr::InputComponent.new(form: f, attribute: :password, input_type: :password_field, opts: { autocomplete: 'current-password' })
 
-              .fr-fieldset__element
-                = render Dsfr::InputComponent.new(form: f, attribute: :password, input_type: :password_field, opts: { autocomplete: 'current-password' })
+                  %p= link_to t('views.users.sessions.new.reset_password'), new_user_password_path, class: "fr-link"
 
-                %p= link_to t('views.users.sessions.new.reset_password'), new_user_password_path, class: "fr-link"
+                .fr-fieldset__element
+                  .auth-options
+                    .flex-no-shrink
+                      = f.check_box :remember_me
+                      = f.label :remember_me, t('views.users.sessions.new.remember_me'), class: 'remember-me'
 
-              .fr-fieldset__element
-                .auth-options
-                  .flex-no-shrink
-                    = f.check_box :remember_me
-                    = f.label :remember_me, t('views.users.sessions.new.remember_me'), class: 'remember-me'
-
-                .fr-btns-group= f.submit t('views.users.sessions.new.connection'), class: "fr-btn"
+                  .fr-btns-group= f.submit t('views.users.sessions.new.connection'), class: "fr-btn"
 
           %hr