Your organization
Access management
Domain claim
9 min
this feature is available to enterprise customers claiming a domain prevents your members from accidentally creating their own self service accounts after you set up single sign on (sso), claim your email domain so {{product name}} can recognize your new users any new user who signs in with your claimed email domain gets a prompt to use sso you can provision your new members by creating a global provision that assigns all new members to a team you choose domain claim /#create and provision users for enterprise sso to claim a domain domain claim /#add your domain on make domain claim /#add your verification code to your domains dns records domain claim /#verify your domain on make once verified, {{product name}} recognizes login and registration attempts using your email domain and redirects them to your sso add your domain on make click organization in the left sidebar click the sso tab click domain verification to expand that section click +add domain in the dialog box, for domain , enter your organization's domain for example acme com , mybusiness net click add the dialog box displays the verification code you need to add as a txt record to your domain's dns your verification code can be found at organization > sso > domain verification add your verification code to your domain's dns records once you have your verification, add it to your domain's dns records as txt the details vary based on your domain host the following steps describe the general process contact your domain host for detailed help in a separate browser window or tab, go to your domain host and sign in find the dns records section of your domain host possible names are dns management , name server management , control panel , advanced settings or similar find and select the option to add a new record use the following information to add a new record possible field name information to enter record type or type txt name , host, hostname, or alias leave blank or enter @ check with your domain host's support documentation for more information value, data, answer, destination, or points to paste your verification code from {{product name}} save your new record verify your domain on make after you add your verification to your dns, you can complete the process on {{product name}} click organization in the left sidebar click the sso tab click domain verification to expand that section find your domain on the list under actions , click verify your status changes to verified and the domain claim is successfully configured verification status true false 124false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type provisioning new users without a claimed domain, you can use the sso settings to globally assign users to a team that you specify this provisioning happens when a new user logs in using your identity provider {{product name}} gets information such as the email address and user name from your identity provider during login after you claim a domain, you can use an api endpoint to create new users and assign them to specific teams create and provision users for enterprise sso you can create a new user in your organization and assign their sso external id by calling the post /users/user sso create endpoint the addusertodefaultssoteams parameter lets you define whether the new user is automatically added to the default team(s) designated in your sso configuration if the new user is not assigned to your default team(s), you can assign the new user to any team in your organization by using the api call post/users/{userid}/user team roles/{teamid} post /users/user sso create required permission users sso edit this endpoint creates a new user in your organization and assigns their sso external id in one api call use the addusertodefaultssoteams parameter to define whether the new user is automatically added to the team(s) designated as default in your sso configuration if the new user is not assigned to your default team(s), you need to assign new users to your teams true false 175false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type false left unhandled content type example request { "email" "a example\@example com", "name" "anne example", "countryid" 1, "timezoneid" 113, "language" "cs", "localeid" 11, "ssoid" "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7", "organizationid" 54, "addusertodefaultssoteams false } example response { "user" { "user id" 86, "email" "a example\@example com", "name" "anne example", "country id" 1, "language" "cs", "locale id" 11, "timezone id" 113, "sso id" "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7", "organization id" 54 } } the response includes user id and organization id which you can map in a scenario to provision your users