Having a single company-managed subscription is the best way to advance team collaboration, ensure that content is created and stays in your account, and simplify security compliance.
Available on: Enterprise plan
Set up by: Company Admins/System Administrators
Domain control is a company-level feature that helps to manage users who sign up for Miro on their own. It works by monitoring the activity of users within your corporate domain(s) and providing you with several management options.
With Domain control you can:
- Uncover user activity within your domain(s) and invite them to join your Enterprise subscription
- Prevent users within your domain(s) from creating their own subscriptions
- Automatically add newly registered users within your domain(s) to designated teams
How to set up Domain control
Verify your domain
A domain can only be owned by one Enterprise account at a time. As a result, you need to follow these steps to verify each of your domains before Domain control can be used to manage users.
- Step 1. Add your domain(s) to Miro.
- Go to Settings > Company > Security > Domain control and click the Add a domain button. Type in your domain and click Request verification
Domain control in Company settings
- Step 2. Receive the verification code.
- We'll send you an e-mail with a verification code (this may take some time). You will need this code for Step 3.
- Step 3. Create a TXT-record.
- Go to the DNS records of your domain and create a new TXT-record using the specifications below. List of DNS providers.
- Value/Answer/Description = “miro-verification=[INSERT CODE]”
- Name/Host/Alias is left blank (or type @ to add a subdomain)
- Time to live (TTL) = “86400” (can also be inherited from the default configuration)
Creating a new TXT-record
- Step 4. Wait for the record to become public.
- It may take up to 72 hours for a new record to appear. Try Google Toolbox to check if the TXT-record starting with ‘miro-verification’ is listed for your domain. Here's what the result looks like when provided to us by Google:
- It may take up to 72 hours for a new record to appear. Try Google Toolbox to check if the TXT-record starting with ‘miro-verification’ is listed for your domain. Here's what the result looks like when provided to us by Google:
Checking domain verification
- Step 5. Let us know.
- Reply to our email to let us know that we can now verify your domain
- Step 6. Leave the DNS-record.
- After we complete the verification on our end, please do not remove the DNS-record for continuous verification
Rules when verifying domains
-
You will need to create a separate record for each top-level domain and each subdomain you use
-
If it's not possible for you to add 2 TXT records with the same name, you may imitate the address as a subdomain (i.e. instead of verifying yourdomain.com please verify mirovalidation.yourdomain.com)
-
You should incorporate all the zones that are used for the verified domain configuration
-
The FQDN is expected to be the same as your domain address
-
We advise verifying both for internal and external DNS
Set up domain settings
Domain settings determine how newly registered users within your domain(s) are managed.
After a domain is verified, click the three dots > edit domain settings to access the Domain control settings. You should choose the domain settings for each verified domain as well as designate any default teams.
Accessing Domain control settings
There are three options:
- Off (default setting): newly registered users with your domain(s) will have the chance to request to join your subscription. They won't be able to join or learn any details about it without Company Admin's approval. Company admins can configure how requests are managed
- Capture new users: all newly registered users with your domain(s) will automatically join your subscription. You choose one or more teams that they'll join by default. Captured users are provisioned the default account license
- Full control: works identical to Capture new users but also prohibits newly registered and existing users with your domain(s) from creating any new teams outside of your subscription. With this setting, the end-users will see no option to create or purchase new teams
Domain control settings
Captured and Uncaptured Users
A user is considered Captured when they are (1) in your Enterprise subscription and (2) have your corporate email domain. This includes invited, deactivated users, and guests.
An Uncaptured user is a user with your corporate email domain but is not in your Enterprise subscription.
Domain control is the only way to get visibility into the count of uncaptured users other than requesting a Domain audit from your Customer Success Manager (you can request a domain audit from the Domain control settings).
The following 2 cases can increase the number of Uncaptured users:
- A new user registers with your domain(s) but does not join your Enterprise subscription — most likely because Domain control is set to Off
- You remove a user from the Enterprise subscription but the profile still exists
The following 2 cases can decrease the number of Uncaptured users:
- The Uncaptured user is added to your Enterprise account
- An invitation to an unregistered user expires after 30 days from the invitation date