Domain Verification
Enterprise customers can verify domain ownership (eg. mycompany.com
) for their organizations. Domain verification will allow organizations to claim a domain, supporting features such as automatic SSO action, allowing easier and faster login. Domains can be verified with a valid and unique-to-Bitwarden DNS TXT record.
Once a domain's ownership has been verified, users with that domain (eg. @mycompany.com
) will be able to bypass the login with SSO step that would require the SSO identifier to be entered during login. Additionally, members of organizations that have claimed a domain will have their email automatically verified when onboarded.
In order to verify domain ownership, Bitwarden must verify that:
No other organization has claimed or verified the domain.
Your organization has ownership of the domain.
In order to verify ownership of the domain, Bitwarden will use a DNS TXT record. This DNS TXT record must be kept active and available at all times, as Bitwarden will continually check for it.
To verify a domain:
Log in to the Bitwarden web app and open the Admin Console using the product switcher:
Product switcher Navigate to Settings → Domain verification:
Domain verification On the Domain verification screen you will see a list of active domains, along with status checks and options. If you have no active domains, select New domain.
In the pop-up window, enter a Domain name.
note
Be sure that the format of the text entry does not include
https:
//
orwww.
.Copy the DNS TXT record and add it to your domain.
Select Verify domain.
You can manage and view the status of your domains from the Domain verification page.
![Verified domain](https://res.cloudinary.com/bw-com/image/upload/f_auto/v1/ctf/7rncvj1f8mw7/1sgIhVJzsRce0VyNIvH1ze/404de5c70b32fbb31876d90c60fd0ab4/Screenshot_2023-03-07_at_9.58.39_AM_copy.png?_a=BAJFJtWI0)
Select the domain name, or the
menu located on the right side of the domain item if you wish to edit, or delete a domain.The
menu provides additional options to Copy DNS TXT records, and to manually verify domain if automatic verification was not successful during the new domain setup.Domains will have a status of UNVERIFIED
or VERIFIED
.
warning
Bitwarden will attempt to verify the domain 3 times during the first 72 hours. If the domain has not been verified within 7 days after the 3rd attempt, the domain will be removed from your organization.
Domain setup activities will be logged in the organization event logs. To view events, navigate to Reporting → Event logs in the Admin Console.
Now that your domain has been claimed by your organization, you can login without an SSO identifier:
Open the login page on your preferred Bitwarden client.
Enter your email containing the domain that was claimed (eg.
@mydomain.com
) and select Continue.Select Enterprise single sign-on.
You will be redirected to your identity provider page, from here, use your SSO credentials to complete the login process.