Domain control

Having a single company-managed subscription is the best way to advance team collaboration, ensure that content is created and stays in your subscription, and simplify security compliance.

Available on: Enterprise plan
Set up by: Company Admins/System Administrators

Domain control is a company-level feature that helps to manage users who sign up for Miro on their own. It works by monitoring the activity of users within your corporate domain(s) and providing you with several management options. 

With Domain control you can:

• Uncover user activity within your domain(s) and invite them to join your Enterprise subscription
• Prevent users within your domain(s) from creating their own subscriptions
• Automatically add newly registered users within your domain(s) to designated teams

As soon as you verify your company domains as a part of the Domain control setup, all the Miro users within your corporate domains become your Managed users. This gives you a larger control over your company’s employees' profiles. Learn more.

How to set up Domain control

Verify your domain

A domain can only be owned by one Enterprise subscription at a time. As a result, you need to follow these steps to verify each of your domains before Domain control can be used to manage users. 

Step 1. Add your domain(s) to Miro.

1. From your Miro dashboard, click on your avatar in the top-right corner
2. Click Settings then navigate to the Account section in the context menu on the left
3. Click Security, then under Domain control, click the Add a domain button
4. Type in your full domain name (ie yourcompany.com) and click Request verification

Domain control in Company settings

Step 2. Receive the verification code.

We'll send you an e-mail with a verification code (this may take some time). You will need this code for Step 3. 

The email will be from Miro Support and will have a ticket number in the subject. If you don't see this email, check your spam folder.

Step 3. Create a TXT-record.
Go to the DNS records of your domain and create a new TXT-record using the specifications below. Your IT personnel, a Domain Admin, or the Network team may be best suited to assist. Updating the TXT record can be done through the administration console or dashboard of the domain's hosting provider. List of DNS providers.

• Value/Answer/Description = “miro-verification=[INSERT CODE]”  
• Name/Host/Alias is left blank (or type @ to add a subdomain)
• Time to live (TTL) = “86400” (can also be inherited from the default configuration)
  

Creating a new TXT-record

Step 4. Wait for the record to become public.
It may take up to 72 hours for a new record to appear. Try Google Toolbox to check if the TXT-record starting with ‘miro-verification’ is listed for your domain. Here's what the result looks like when provided to us by Google:

Checking domain verification

Step 5. Let us know.
Using the email that was sent to you in step 2, reply to let us know that we can now verify your domain

Step 6. Leave the DNS-record.
After we complete the verification on our end, please do not remove the DNS-record for continuous verification

Rules when verifying domains

• You will need to create a separate record for each top-level domain and each subdomain you use

• If it's not possible for you to add 2 TXT records with the same name, you may imitate the address as a subdomain (i.e. instead of verifying yourdomain.com please verify mirovalidation.yourdomain.com)

• You should incorporate all the zones that are used for the verified domain configuration

• The FQDN is expected to be the same as your domain address

• We advise verifying both for internal and external DNS

Set up domain settings

Domain settings determine how newly registered users within your domain(s) are managed. 

After a domain is verified, click the three dots > edit domain settings to access the Domain control settings. You should choose the domain settings for each verified domain as well as designate any default teams.

Accessing Domain control settings

Here you will see options for handling new users to your domain:

• Auto-capture new users - this automatically adds users who sign up to Miro to this domain’s subscription with its default license type. You can also add users to default teams here.
• Block users from creating their own subscriptions - this option prohibits managed users within your domain(s) from creating any new teams outside of your subscription. The user(s) can still be invited to teams on your domain(s) and collaborate externally.

Domain control settings

Captured and Uncaptured Users

A user is considered Captured when they are (1) in your Enterprise subscription and (2) have your corporate email domain. This includes invited, deactivated users, and guests. 

An Uncaptured user is a user with your corporate email domain but is not in your Enterprise subscription.

Domain control is the only way to get visibility into the count of uncaptured users other than requesting a Domain audit from your Account Manager (you can request a domain audit from the Domain control settings).

The following 2 cases can increase the number of Uncaptured users:

• A new user registers with your domain(s) but does not join your Enterprise subscription — most likely because Domain control is set to Off
• You remove a user from the Enterprise subscription but the profile still exists

The following 2 cases can decrease the number of Uncaptured users:

• The Uncaptured user is added to your Enterprise subscription
• An invitation to an unregistered user expires after 30 days from the invitation date

Email updates by users

If your Enterprise claims a domain, any user from this domain will be unable to change their email address in Miro without the approval of the Company Admin. When trying to change the email, the user will get the error You cannot change your email to or from a domain belonging to an organization. The user is recommended to reach out to Miro support for assistance.