Skip to main content

Domain claim

Claiming a domain prevents your members from accidentally creating their own self-service accounts. After you set up single sign-on (SSO), claim your email domain so Make can recognize your new users. Any new user who signs in with your claimed email domain gets a prompt to use SSO. You can provision your new members by:

To claim a domain:

Once verified, recognizes login and registration attempts using your email domain and redirects them to your SSO.

Add your domain on Make

  1. Go toMake > your organization > SSO.

  2. Click Domain verification to expand that section.

  3. Click + Add domain. A dialog opens.

  4. Under Domain enter your organization's domain. Examples: acme.com, mybusiness.net

  5. Click Add.

The dialog displays the verification you need to add as a TXT record to your domain's DNS. You can click copyLogo.png to copy your code to your clipboard.

Get your verification code

After you add your domain on Make, verify your domain with your verification code.

Once you add your domain, the dialog gives you the verification code you need. If you did not copy it, you can find your code later:

  1. Go to Make > your organization > SSO.

  2. Click Domain verification to expand that section.

  3. Find your domain on the list.

  4. Click the copy icon next to your verification.

Your code is in your clipboard, ready to paste where needed.

Or

  1. Go to Make > your organization > SSO.

  2. Click Domain verification to expand that section.

  3. Find your domain on the list.

  4. Under Actions, click .

  5. Select Info.

A dialog appears with your verification code.

Add your verification code to your domain's DNS records

Once you have your verification, add it to your domain's DNS records as TXT. The details vary based on your domain host.

The following steps describe the general process. Contact your domain host for detailed help.

  1. In a separate browser window or tab, go to your domain host and sign in.

  2. Find the DNS records section of your domain host. Possible names are DNS ManagementName Server ManagementControl PanelAdvanced Settings or similar.

  3. Find and select the option to add a new record.

  4. Use the following information to add a new record:

    Possible field name

    Information to enter

    Record type or Type

    TXT

    Name, Host, Hostname, or Alias

    Leave blank or enter @

    Note

    Check with your domain host's support documentation.

    Value, Data, Answer, Desination, or Points to

    Paste your Verification code from Make.

  5. Save your new record.

Verify your domain on Make

After you add your verification to your DNS, you can complete the process on Make.

  1. Go to Make > your organization > SSO.

  2. Click Domain verification to expand that section.

  3. Find your domain on the list.

  4. Under Actions, click Verify.

Your status changes to Verified and domain claim is successfully configured.

Verification status

Status

Explanation and steps required

Unverified

You have not yet verified your domain. Complete the steps in this article to resolve this status.

Verifed

You have successfully claimed your domain. No further action required.

Suspended

You have disabled your SSO configuration. Enable SSO and try to verify again.

Failed

Possible reasons include:

The DNS server is unavailable.

Check with your domain host

The DNS record does not exist.

Wait and try again.

If the problem continues, contact your domain host.

The DNS record contains an incorrect value.

Review the code you entered with your domain host and correct any errors.

Another organization has verified the domain.

Check that you do not have another organization with a domain claim.

Provisioning new users

Without a claimed domain, you can use the SSO settings to globally assign users to a team that you specify. This provisioning happens when a new user logs in using your identity provider. Make gets information such as email address and user name from your identity provider during login.

After you claim a domain, you can use an API endpoint to create new users and assign them to specific teams.

Create and provision users for Enterprise SSO

You can create a new user in your organization and assign their SSO external ID by calling the POST /users/user-sso-create endpoint. The addUserToDefaultSsoTeams parameter lets you define whether the new user is automatically added to the default team(s) designated in your SSO configuration. If the new user is not assigned to your default team(s), you can assign the new user to any team in your organization by using the API call POST/users/{userId}/user-team-roles/{teamId}.

POST /users/user-sso-create

Required permission: users sso edit

This endpoint creates a new user in your organization and assigns their SSO external ID in one API call. Use the addUserToDefaultSsoTeams parameter to define whether the new user is automatically added to the team(s) designated as default in your SSO configuration. If the new user is not assigned to your default team(s), you need to assign new users to your teams.

Parameter name

Data type

Required?

Description

email

string

Yes

The user's email.

Example: [email protected]

name

string

Yes

The name of the user.

Example: John Doe

countryId

integer

Yes

The ID of the user's country. Get the list of country IDs with the API call GET /enums/countries.

Example: 1

timezoneId

integer

No

The ID of the user's timezone. Get the list of the timezone IDs with the API call GET /enums/timezones.

Example: 113

language

string

No

The language of the user's UI. Make supports:

English (value en)

Czech (value cs)

localeId

integer

No

The ID of the user's locale. Get the list of locale IDs with the API call GET /enums/locales.

Example: 18

ssoId

string

Yes

The external ID for SSO. You can associate any parameter in the SSO payload to identify users, such as email or an ID from your Identity provider.

Examples:

[email protected]

12EXample3456id78string90

organizationId

integer

Yes

The ID of your organization.

Example: 22

addUserToDefaultSsoTeams

Warning

Deprecated

boolean

No

This parameter is deprecated. The SSO configuration in the UI has an option to not assign new users to a team.

Example request:

{
    "email": "[email protected]",
    "name": "Anne Example",
    "countryId": 1,
    "timezoneId": 113,
    "language": "cs",
    "localeId": 11,
    "ssoId": "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7",
    "organizationId": 54,
    "addUserToDefaultSsoTeams: false
}

Example response:

Note

The response includes user_id and organization_id which you can map in a scenario to provision your users.

{
    "user": {
        "user_id": 86,
        "email": "[email protected]",
        "name": "Anne Example",
        "country_id": 1,
        "language": "cs",
        "locale_id": 11,
        "timezone_id": 113,
        "sso_id": "a1e8af1bd9b4d2c602fb8c687182633c6854b0e7",
        "organization_id": 54
    }
}