Keep Miro-created content within your subscription and ensure corporate security compliance with Domain control.
Available on: Enterprise plan
Set up by: Company Admins/System Administrators
Domain control allows Miro Admins to manage all users and ensure their usage falls within the boundaries of the subscription.
With Domain control, you can:
- request an audit to discover users outside your subscription and invite them to join the subscription
- establish policies and controls around how and what users can access in Miro, along with overall ownership over the user - for example, assigning them to teams, managing their content, analyzing their activities, and deleting the user.
- prevent users within your domain(s) from creating their own subscriptions
- automatically add newly registered users within your domain(s) to designated teams
How to set up Domain control
Each domain or subdomain you register can only be tied to one Enterprise subscription, you cannot share domains/subdomains across subscriptions. The process for verifying each domain or subdomain is as follows:
- Add your domain to Miro
- Receive a verification code from Miro
- Add the verification code to your domain’s TXT record
- Wait for the domain record to become public
- Notify Miro that the record is public and can be verified
⚠️ You must notify Miro that your domain record is public. Your domain will remain unverified until you do this step.
Verify your domain
✏️ If you have enabled the Block deactivated users company-level setting, when verifying a new domain all deactivated users from your newly verified domain will also be blocked.
Step 1. Add your domain(s) to Miro.
- From your Miro dashboard, click on your avatar in the top-right corner
- Got to Company settings > Security and compliance > Managed domains
- Click + Add a domain
- Type in your full domain name (yourcompany.com) and click Add domain
Note that you will receive communication through the email address that was signed into Miro when you requested domain verification. If you did not receive an email from us, check the account that was used to make the request.
Domain control in Company settings
Step 2. Receive the verification code.
We'll send you an e-mail with a verification code. We typically respond within 1-2 business days. Do not delete this email - you will need this code for Step 3. You will also need to respond to this email when your domain record is public.
The email will be from Miro Support and will have a ticket number in the subject. If you don't see this email, check your spam folder.
Step 3. Create a TXT-record
On your domain provider website (GoDaddy, Amazon, Cloudflare, etc), find your domain and go to the DNS records tab/section. Create a new TXT-record using the specifications below.
Your IT personnel, a Domain Admin, or the Network team may be best suited to assist. Updating the TXT record can be done through the administration console or dashboard of the domain's hosting DNS provider. List of DNS providers.
- Value/Answer/Description = “miro-verification=[INSERT CODE]”
- Name/Host/Alias is left blank (or type @ to add a subdomain)
- Time to live (TTL) = “86400” (can also be inherited from the default configuration)
Creating a new TXT-record
Step 4. Wait for the record to become public.
It may take up to 72 hours for a new record to appear. Try Google Toolbox to check if the TXT-record starting with ‘miro-verification’ is listed for your domain. Here's what the result looks like when provided to us by Google:
Checking domain verification
Step 5. Let us know.
Using the email that was sent to you in step 2, reply to let us know that we can now verify your domain.
Step 6. Leave the DNS-record.
After we complete the verification on our end, please do not remove the DNS-record as we may need this for future verification.
Rules when verifying domains
You will need to create a separate TXT-record for each top-level domain and each subdomain you use. Follow steps 1-3 above for each domain or subdomain you want to verify.
If it's not possible for you to add 2 TXT records with the same name, you may imitate the address as a subdomain (i.e. instead of verifying yourdomain.com please verify mirovalidation.yourdomain.com).
You should incorporate all the zones that are used for the verified domain configuration.
The Fully Qualified Domain Name (FQDN) is expected to be the same as your domain address. For example: www.mycompanydomain.com.
If you use internal and external DNS, we advise verifying both. This ensures no one is left out of domain control.
Set up domain settings
Domain settings determine how existing users and newly registered users within your domain(s) are managed.
After a domain is verified, click ... > Edit domain settings to access the Domain control settings.
Accessing Domain control settings
Here you will see options for handling new users to your domain:
- Auto-capture new users - this automatically adds users who sign up to Miro to this domain’s subscription with its default license type. Here you also define which teams the users will be added to (required).
- Block users from creating their own subscriptions - this option prohibits managed users within your domain(s) from creating any new teams outside of your subscription. The user(s) can still be invited to teams on your domain(s) and collaborate externally.
Domain control settings
Set up deactivation of managed users
For more control over your managed users, enable Block deactivated users.
Captured and Uncaptured Users
An Uncaptured user is a user with your corporate email domain but is not in your Miro Enterprise subscription.
Domain control is the only way to get visibility into the count of uncaptured users other than requesting a Domain audit from your Account Manager (you can request a domain audit from the Domain control settings).
Scenarios which can increase the number of Uncaptured users:
- A new user registers with your domain(s) but does not join your Enterprise subscription — most likely because Auto-capture or JIT is disabled.
- You remove a user from the Enterprise subscription but the profile still exists
Scenarios which can decrease the number of Uncaptured users:
- The Uncaptured user is added to your Enterprise subscription
- An invitation to an unregistered user expires after 30 days from the invitation date
Email updates by users
If your Enterprise claims a domain, any user from this domain will be unable to change their email address in Miro without the approval of the Company Admin. When trying to change the email, the user will get the error You cannot change your email to or from a domain belonging to an organization. The user is recommended to reach out to their Company Admin, who will contact Miro support for assistance.