Deutsch Español Français 日本語 Português do Brasil

Articles in this section

Domain control

Sean
  • Updated

Keep Miro-created content within your subscription and ensure corporate security compliance with Domain control. 

Available on: Enterprise plan
Set up by: Company Admins/System Administrators

Domain control allows Miro Admins to manage all users and ensure their usage falls within the boundaries of the subscription.

With Domain control, you can:

  • request an audit to discover users outside your subscription and invite them to join the subscription
  • establish policies and controls around how and what users can access in Miro, along with overall ownership over the user - for example, assigning them to teams, managing their content, analyzing their activities, and deleting the user.
  • prevent users within your domain(s) from creating their own subscriptions
  • automatically add newly registered users within your domain(s) to designated teams

How to set up Domain control

Process overview

Each domain or subdomain you register can only be tied to one Enterprise subscription, you cannot share domains/subdomains across subscriptions. The process for verifying each domain or subdomain is as follows:

  1. Add your domain to Miro
  2. Receive a verification code from Miro
  3. Add the verification code to your domain’s TXT record
  4. Wait for the domain record to become public
  5. Notify Miro that the record is public and can be verified
⚠️ You must notify Miro that your domain record is public. Your domain will remain unverified until you do this step.

Verify your domain

✏️ If you have enabled the Block deactivated users company-level setting, when verifying a new domain all deactivated users from your newly verified domain will also be blocked. 

Step 1. Add your domain(s) to Miro.

  1. From your Miro dashboard, click on your avatar in the top-right corner
  2. Got to Company settings > Security and compliance > Managed domains
  3. Click + Add a domain
  4. Type in your full domain name (yourcompany.com) and click Add domain

Note that you will receive communication through the email address that was signed into Miro when you requested domain verification. If you did not receive an email from us, check the account that was used to make the request.

Add-a-domain-Image1.pngDomain control in Company settings

Step 2. Receive the verification code.

We'll send you an e-mail with a verification code. We typically respond within 1-2 business days. Do not delete this email - you will need this code for Step 3. You will also need to respond to this email when your domain record is public.

The email will be from Miro Support and will have a ticket number in the subject. If you don't see this email, check your spam folder.

Step 3. Create a TXT-record
On your domain provider website (GoDaddy, Amazon, Cloudflare, etc), find your domain and go to the DNS records tab/section. Create a new TXT-record using the specifications below.
Your IT personnel, a Domain Admin, or the Network team may be best suited to assist. Updating the TXT record can be done through the administration console or dashboard of the domain's hosting DNS provider. List of DNS providers.

    • Value/Answer/Description = “miro-verification=[INSERT CODE]”  
    • Name/Host/Alias is left blank (or type @ to add a subdomain)
    • Time to live (TTL) = “86400” (can also be inherited from the default configuration)

create_a_txt_record.jpg
Creating a new TXT-record

Step 4. Wait for the record to become public.
It may take up to 72 hours for a new record to appear. Try Google Toolbox to check if the TXT-record starting with ‘miro-verification’ is listed for your domain. Here's what the result looks like when provided to us by Google:

results_from_Google.jpg
Checking domain verification

Step 5. Let us know.
Using the email that was sent to you in step 2, reply to let us know that we can now verify your domain.

Step 6. Leave the DNS-record.
After we complete the verification on our end, please do not remove the DNS-record as we may need this for future verification.

Rules when verifying domains

  • You will need to create a separate TXT-record for each top-level domain and each subdomain you use. Follow steps 1-3 above for each domain or subdomain you want to verify.

  • If it's not possible for you to add 2 TXT records with the same name, you may imitate the address as a subdomain (i.e. instead of verifying yourdomain.com please verify mirovalidation.yourdomain.com).

  • You should incorporate all the zones that are used for the verified domain configuration.

  • The Fully Qualified Domain Name (FQDN) is expected to be the same as your domain address. For example: www.mycompanydomain.com.

  • If you use internal and external DNS, we advise verifying both. This ensures no one is left out of domain control.

Set up domain settings

Domain settings determine how existing users and newly registered users within your domain(s) are managed. 

After a domain is verified, click ... > Edit domain settings to access the Domain control settings

Edit-domain-settings-Image4.pngAccessing Domain control settings

Here you will see options for handling new users to your domain:

  • Auto-capture new users - this automatically adds users who sign up to Miro to this domain’s subscription with its default license type. Here you also define which teams the users will be added to (required).
  • Block users from creating their own subscriptions - this option prohibits managed users within your domain(s) from creating any new teams outside of your subscription. The user(s) can still be invited to teams on your domain(s) and collaborate externally.

Domain-control-Configuration-auto-capture-users-Image5.pngDomain control settings

Set up deactivation of managed users

For more control over your managed users, enable Block deactivated users.

Captured and Uncaptured Users

A user is considered Captured when they are (1) in your Enterprise subscription and (2) have your corporate email domain. This includes invited, deactivated users, and guests

An Uncaptured user is a user with your corporate email domain but is not in your Miro Enterprise subscription.

Domain control is the only way to get visibility into the count of uncaptured users other than requesting a Domain audit from your Account Manager (you can request a domain audit from the Domain control settings).

Scenarios which can increase the number of Uncaptured users:

Scenarios which can decrease the number of Uncaptured users:

  • The Uncaptured user is added to your Enterprise subscription
  • An invitation to an unregistered user expires after 30 days from the invitation date

Email updates by users

If your Enterprise claims a domain, any user from this domain will be unable to change their email address in Miro without the approval of the Company Admin. When trying to change the email, the user will get the error You cannot change your email to or from a domain belonging to an organization. The user is recommended to reach out to their Company Admin, who will contact Miro support for assistance. 

Frequently asked questions

Can I use domain control with a subdomain?
Yes, subdomains are treated as separate entities from primary domains. This means you’ll need to go through the process above for each subdomain you want to verify.
I want to use SSO with domain control. How do I do this?
SSO authentication is set up separately from domain control. You can set these up in either order, it’s your preference. 
I haven't gotten any email from Miro and I don't know what to do next. Can you help me?
We send the verification code and domain verification confirmation to the email of the person who was logged into Miro and requested to add the domain. If this isn’t you or that person is no longer available, you’ll need to delete the domain and re-add it. We cannot transfer the request to another email address.
My domain name is changing or I want to add a subdomain. How do I enable this with my current DC setup?
If your domain name changes, you can remove the domain and re-start the verification process with the new domain (or start the process for any subdomains you add). All of these entities are treated separately, so the process must be done for each.
Where do I find the DNS records for my domain?
Whichever domain provider you’re using will have this information. If you’re not sure who registered your domain, you can go to who.is and search for the domain. Login to the domain provider site and look for a domains section. Inside of this space you’ll find a DNS tab or section. Your DNS record will be located here.
I don't see the "Domain Control" option in Security.
This is because you’re either: not on the Enterprise plan, or not the Company Admin for your plan. Please check with your plan admin for more details.
Can I delete the TXT record for my domain once it’s been verified?
Deleting your TXT record will not cause your domain control to stop working; we do strongly recommend you keep it, however, in case we need to re-verify your domain at a later point in time.
Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles