Skip to content

Verify your company domain

Verifying your domain lets an employee type you@acme.com on the login page and get routed to your identity provider. Until a domain is verified, email-based sign-in won’t reach your IdP — KloudMate has no proof that you control the domain, so it won’t hand those users off.

You verify ownership by publishing a DNS TXT record that KloudMate looks up. This is the same kind of check you’ve done for email or other SaaS tools.

  • You must be the organization owner on a paid plan.
  • You need access to your domain’s DNS records (or someone who can add a TXT record for you).
  • You’ll usually want at least one connection added first, so sign-in has somewhere to go once the domain verifies.
  1. Open Settings → Single Sign-On and find the Verified domains card.
  2. In Company domain, type your domain — for example acme.com — and click Add domain.
  3. The domain appears in the list with a Pending badge and the DNS record you need to publish.

A pending domain shows the exact record to add. It has two parts:

  • Host / Name_kloudmate-verify.<your-domain> (for example _kloudmate-verify.acme.com).
  • Value — a one-time verification token.

Both fields have a copy button. At your DNS provider, create a new TXT record using these values. Leave the TTL at the default.

Pending domain with its DNS TXT record

How the host is entered varies slightly by DNS provider. Many providers append your domain automatically, so you enter only _kloudmate-verify as the host or name. If your provider expects the full record name, use _kloudmate-verify.acme.com. When in doubt, follow how your provider handles other TXT records.

Once the record is published, click Verify on the domain row.

DNS changes can take a few minutes — sometimes longer — to propagate. If verification doesn’t succeed on the first try, wait a bit and click Verify again. On success the badge switches from Pending to Verified and the verification date is shown.

A verified domain does two things:

  • Routes email-based sign-in. Anyone whose email ends in a verified domain is sent to your IdP when they sign in.
  • Brings members into SSO enforcement. Members on a verified domain must sign in through SSO from then on — password login is blocked for them. The owner keeps password access as a fallback, and collaborators on other domains aren’t affected. See Provisioning & enforcement for the full rules.

Use the delete (trash) icon on a domain row to remove it. KloudMate asks you to confirm, because members on that domain will no longer be able to sign in by typing their work email. Removing a domain doesn’t delete your connections — it only stops email-based routing for that domain.

What you seeLikely causeFix
TXT record not found or didn’t matchThe record isn’t published yet, has the wrong host/value, or DNS hasn’t propagatedRe-check the Host / Name and Value against the row, wait a few minutes, then click Verify again
Public email domains (gmail.com, etc.) can’t be usedYou entered a shared public domainUse a domain your company owns
This domain is already verified by another organizationAnother org claimed it firstContact support if the domain is yours

For sign-in-time errors, see the full Troubleshooting page.