Your organization
Access management
Domain claim
9min
this feature is available to enterprise customers claiming a domain prevents your members from accidentally creating their own self service accounts after you set up single sign on (sso), claim your email domain so {{product name}} can recognize your new users any new user who signs in with your claimed email domain gets a prompt to use sso you can provision your new members by creating a global provision that assigns all new members to a team you choose domain claim docid\ sox7tiacddv9bdkvh5kj2 to claim a domain domain claim docid\ sox7tiacddv9bdkvh5kj2 domain claim docid\ sox7tiacddv9bdkvh5kj2 domain claim docid\ sox7tiacddv9bdkvh5kj2 once verified, {{product name}} recognizes login and registration attempts using your email domain and redirects them to your sso add your domain on make click organization in the left sidebar click the sso tab click domain verification to expand that section click +add domain in the dialog box, for domain , enter your organization's domain for example acme com , mybusiness net click add the dialog box displays the verification code you need to add as a txt record to your domain's dns your verification code can be found at organization > sso > domain verification add your verification code to your domain's dns records once you have your verification, add it to your domain's dns records as txt the details vary based on your domain host the following steps describe the general process contact your domain host for detailed help in a separate browser window or tab, go to your domain host and sign in find the dns records section of your domain host possible names are dns management , name server management , control panel , advanced settings or similar find and select the option to add a new record use the following information to add a new record possible field name information to enter record type or type txt name , host, hostname, or alias leave blank or enter @ check with your domain host's support documentation for more information value, data, answer, destination, or points to paste your verification code from {{product name}} save your new record verify your domain on make after you add your verification to your dns, you can complete the process on {{product name}} click organization in the left sidebar click the sso tab click domain verification to expand that section find your domain on the list under actions , click verify your status changes to verified and the domain claim is successfully configured verification status status explanation and steps required unverified you have not yet verified your domain complete the steps in this article to resolve this status verifed you have successfully claimed your domain no further action required suspended you have disabled your sso configuration enable sso and try to verify again failed possible reasons include the dns is unavailable check with your domain host the dns record does not exist wait and try again if the problem continues, contact your domain host the dns record contains an incorrect value review the code you entered with your domain host and correct any errors another organization has verified the domain check that you do not have another organization with a domain claim provisioning new users without a claimed domain, you can use the sso settings to globally assign users to a team that you specify this provisioning happens when a new user logs in using your identity provider {{product name}} gets information such as the email address and user name from your identity provider during login after you claim a domain, you can use an api endpoint to create new users and assign them to specific teams create and provision users for enterprise sso you can create a new user in your organization and assign their sso external id by calling the post /users/user sso create endpoint the addusertodefaultssoteams parameter lets you define whether the new user is automatically added to the default team(s) designated in your sso configuration if the new user is not assigned to your default team(s), you can assign the new user to any team in your organization by using the api call post/users/{userid}/user team roles/{teamid} post /users/user sso create required permission users sso edit this endpoint creates a new user in your organization and assigns their sso external id in one api call use the addusertodefaultssoteams parameter to define whether the new user is automatically added to the team(s) designated as default in your sso configuration if the new user is not assigned to your default team(s), you need to assign new users to your teams parameter name data type required? description email string yes the user's email example john\@doe com name string yes the name of the user example john doe countryid integer yes the id of the user's country get the list of country ids with the api call get /enums/countries example 1 timezoneid integer no the id of the user's timezone get the list of the timezone ids with the api call get /enums/timezones example 113 language string no the language of the user's ui make supports english value en czech value cs localeid integer no the id of the user's locale get the list of locale ids with the api call get /enums/locales example 18 ssoid string yes the external id for sso you can associate any parameter in the sso payload to identify users, such as email or an id from your identity provider examples example employee\@example com 12example3456id78string90 organizationid integer yes the id of your organization example 22 addusertodefaultssoteams boolean no this parameter is deprecated the sso configuration in the ui has an option to not assign new users to a team example request { "email" "a example\@example com", "name" "anne example", "countryid" 1, "timezoneid" 113, "language" "cs", "localeid" 11, "ssoid" "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7", "organizationid" 54, "addusertodefaultssoteams false } example response { "user" { "user id" 86, "email" "a example\@example com", "name" "anne example", "country id" 1, "language" "cs", "locale id" 11, "timezone id" 113, "sso id" "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7", "organization id" 54 } } the response includes user id and organization id which you can map in a scenario to provision your users