The Managed domains feature facilitates the process of domain verification, which is necessary to prove ownership of a given domain and user accounts that are or will be registered with that domain. After a successful domain verification, Synerise will assign that domain to your workspace, automatically link the user accounts under that domain with your workspace and, as a result of the process, enable central management of user accounts in your workspace. 


<div class="admonition admonition-note"><div class="admonition-icon"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2.5"><path stroke-linecap="round" stroke-linejoin="round" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" /></svg></div><div class="admonition-body"><div class="admonition-content">

You may verify more than one domain, if required.

</div></div></div>


**Example**
Let's assume you are the owner of `example.org` domain and your users have accounts such as `john.doe@example.org` and `jane.doe@example.org`. After you verify the ownership of the `example.com` domain, all users with the email addresses within the @example.org domain will be managed in your workspace and you will have full rights to manage their accounts (see [Benefits](/docs/settings/identity-access-management/access-control/managed-domains#benefits) below for details). Users from other domains can be invited to the workspace as Guests and you will be able to remove their access to the workspace, but nothing else. 

However, the Guest accounts will still be forced to:
- have [two factor authentication](/docs/settings/identity-access-management/access-control/two-factor-authentication) enabled (if such configuration is enforced by the workspace)
- have their IP access added to [IP allow-listing](/docs/settings/identity-access-management/access-control/ip-allow-listing) (if configured for the workspace)

The domain verification can be done in two ways:
1. [Verifying a domain through adding a TXT entry to the DNS](/docs/settings/identity-access-management/access-control/managed-domains#verifying-domains-by-adding-a-txt-entry-to-the-dns)
2. [Verifying a domain through uploading an HTML file to your web server (HTTPS)](/docs/settings/identity-access-management/access-control/managed-domains#verifying-domains-by-uploading-an-html-file-to-your-web-server-https)


## Benefits
---
Once verified, a managed domain will let you perform the following actions on accounts from that domain:

- [reset a user's two factor authentication configuration](/docs/settings/identity-access-management/users#resetting-2fa) 
- [revoke access to a workspace](/docs/settings/identity-access-management/users#revoking-access)
- [delete user's account](/docs/settings/identity-access-management/users#deleting-accounts), in addition to revoking access to your workspace
- [set up Single Sign-On through SAML based Identity Provider](/docs/settings/identity-access-management/access-control/single-sign-on)

## Prerequisites
---
- You must be granted a set of permissions that allow access to Settings and editing within this hub.
- You must have access to domain management or to the root folder in the hosting behind the domain.

### Verifying domains by adding a TXT entry to the DNS

This verification method involves copying a TXT record and adding it to your DNS. After a positive domain verification, your DNS host will be checked for the added TXT record.  

If it's missing, you will be notified about the detected lack of the TXT record. As a consequence, the domain will remain unverified and wait for you to verify the ownership.

<figure>
<img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/docs/settings/_gfx/dns-method-verification.png" alt="DNS entry verification" class="medium" >
<figcaption> DNS entry verification </figcaption>
</figure>

In order to verify your domain ownership through a DNS entry:
1. Go to <img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/icons/settings-icon.svg" alt="Settings icon" class="icon" > **Settings > Access Control**.
2. In the **Manage domain** section, click **Show**.  
3. Click **Verify domain**.  
**Result**: A pop-up appears.
4. On the pop-up, select **DNS**.
5. Copy the verification code.
6. Go to your DNS host and add a new TXT record with the previously copied code (exemplary code: `synerise-domain-verification=d0b010a9-01de-4cba-af05-dffcf5c6beb3`):
    - Record type: TXT
    - Alias/Host/Name: leave it blank or enter `@` (depending on your provider)
    - Time to live: leave it at default
7. In the **Domain name** field, enter the name of the domain, for example, `synerise.com`, `test.com`, and so on.
8. Confirm by clicking **Verify**. 
    
   <div class="admonition admonition-warning"><div class="admonition-icon"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2.5"><path stroke-linecap="round" stroke-linejoin="round" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.964-.833-2.732 0L4.082 16.5c-.77.833.192 2.5 1.732 2.5z" /></svg></div><div class="admonition-body"><div class="admonition-content">

   DNS changes may take up to 24 hours to update depending on your DNS host. You may need to wait before your domains are verified.

   </div></div></div>

**Result**: Your domain is verified. User accounts with the verified domain become manageable in the workspace in <img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/icons/settings-icon.svg" alt="Settings icon" class="icon" > **Settings > Users**.

<figure>
<img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/docs/settings/_gfx/verified-domain.png" alt="Verified domain" class="large" >
<figcaption> A verified domain </figcaption>
</figure>

### Verifying domains by uploading an HTML file to your web server (HTTPS)

This method involves uploading an HTML file (which you can download from Synerise) to your web server. For security reasons, the system periodically checks the file. If it's not in the root folder, the domain will not maintain its verified status. 

Before you use this method, make sure that:
- You use HTTPS protocol (this is mandatory).
- You have an SSL certificate, as self-signed certificates won't work.

<figure>
<img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/docs/settings/_gfx/https-method-verification.png" alt="HTTPS entry verification" class="medium" >
<figcaption> HTTPS entry verification </figcaption>
</figure>

In order to verify your domain ownership by using an HTML file:
1. Go to <img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/icons/settings-icon.svg" alt="Settings icon" class="icon" > **Settings > Access Control**.
2. In the **Manage domain** section, click **Show**.  
3. Click **Verify domain**.  
**Result**: A pop-up appears.
4. On the pop-up, select **HTTPS**.
5. Download the verification file.
6. Upload it to the root folder of your domain's website.  
7. In the **Domain name** field, enter the name of the domain, for example, `synerise.com`, `test.com`, and so on.
8. Confirm by clicking **Verify**. 

**Result**: Your domain is verified. User accounts with the verified domain become manageable in the workspace in <img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/icons/settings-icon.svg" alt="Settings icon" class="icon" > **Settings > Users**.

<figure>
<img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/docs/settings/_gfx/verified-domain.png" alt="Verified domain" class="large" >
<figcaption> A verified domain </figcaption>
</figure>


### Deleting a verified domain

To remove a verified domain, click **Remove** next to the domain and verify that you want to remove it. 

When you remove a domain from your list of verified domains, the users with that domain can no longer be managed.