Skip to content
Claras Support home
Claras Support home

Verifying your domains

This guide explains how to verify domain ownership for SSO, maintain verification status, and troubleshoot common issues.

Overview

The first step to enabling SSO for your Claras account is verifying ownership of your email domains. This verification serves two essential purposes: it tells us which identity provider to route users to during login, and it prevents team members from creating separate Claras accounts outside your organisation's control.

At least one verified domain is required for SSO to function.

Setting up your domains

Navigate to Settings > SSO in Claras and click New Domain. Enter the hostname of your company email address (for example, yourcompany.com.au) and click Create Domain.

Claras will generate a unique TXT record that you'll need to add to your domain's DNS settings. You can view this record again at any time through the three-dot menu next to your domain.

Once you've added the TXT record, Claras automatically checks for it periodically. Depending on your domain provider and DNS propagation, verification typically completes within minutes but may take up to 24 hours.

When Claras successfully detects the matching TXT record, your domain displays a green "Verified" badge. Here's what each status means:

  • Active: Users with this email domain are automatically directed to your identity provider for SSO login. They're also prevented from creating standalone accounts.

  • Verified: Claras has confirmed the TXT record matches and recognises you as the domain owner.

Your verified domains become Active when you enable your SSO provider, and deactivate if you disable SSO.

Maintaining verification

After initial verification, Claras checks your DNS records every 24 hours to confirm continued ownership. This means the TXT record must remain in your DNS settings permanently, not just during initial setup.

If Claras can no longer detect the TXT record, the domain loses its verified status and all users with Owner or Manager roles receive an email notification. To prevent service disruption, the domain remains Active for a 7-day grace period during which users can still log in normally via SSO.

During this grace period, you'll receive daily reminder emails until one of two outcomes occurs:

  • You restore the DNS record and verification resumes

  • The 7-day grace period expires

If the domain remains unverified after 7 days, it deactivates completely. Users with that email domain will no longer be able to access Claras through SSO until verification is restored.

Next steps

While waiting for domain verification to complete, you can begin setting up your provider in Entra to prepare the rest of your SSO configuration.

Last updated 12th May 2024 by Connor

Powered by Plain