Verify Domains for Secure SSO Authentication

  • Updated
  • Updated
Avatar
Written by Charissa F.
  • Updated
Required plan:
Required plan:

Domain verification ensures that only authorized domains are used for Single Sign-On (SSO) authentication, enhancing security by preventing unauthorized access.

You should verify all domains that will be used for authentication using SSO or user email logins. Only verified domains can be used for login, and unverified domains may prevent users from accessing Samsara.

Perform this workflow before configure your Single Sign-On (SSO) provider.

Note

You must be a domain administrator to add a TXT record to your DNS provider.

  1. Log in to the Samsara dashboard.

  2. Select the Settings icon ( gear icon ) at the bottom of your Fleet menu to view dashboard settings.

  3. Select Single Sign-On.

  4. Add a new domain.

    1. Enter your domain name (for example yourcompany.com) in the Domain Verification section.

    2. Click Add Domain.

    3. Ensure the domain is entered correctly without typos and excludes any prefix such as http or https.

  5. Obtain the verification code.

    A unique verification code is generated and displayed next to your domain. Copy the verification code, for the next step. The verification code is the full string shown on your dashboard, including the ‘code=’ prefix.

    Note

    The verification code is case-sensitive and should be copied and pasted exactly as shown in the Samsara dashboard. However, domain names themselves are not case-sensitive. For example, if you verify samsara.com in all lowercase, a user with an email address like User@Samsara.com (with a capital “S”) will still be able to log in without any issues.

  6. Add a TXT record to your DNS provider.

    1. Log in to your DNS provider’s management console.

      For more information about adding TXT records, see the instructions for the following common DNS providers:

    2. Navigate to the DNS Management or DNS Settings section.

    3. Add a new TXT Record with the following details:

      • Type: TXT

      • Name/Host: samsara_verify.[yourdomain.com]

        Note

        If your DNS provider does not accept the naming convention samsara_verify—for example, if it does not support underscores—you may alternatively name the DNS record samsara-verify or samsaraverify.

        If you use one of these alternative naming conventions, the Samsara dashboard will still display samsara_verify. However, this will not impact your ability to verify the domain, and you can proceed with domain verification as expected.

      • Value/Text: Paste the verification code from Samsara.

      • TTL: Set it to your desired value. A shorter TTL may result in faster propagation.

    4. Save the new TXT record.

  7. Verify the domain in Samsara.

    Tip

    DNS propagation can take up to 48 hours. We recommend waiting until your DNS record propagates before attempting to verify the domain.

    1. Return to the Samsara dashboard.

    2. In the Domain Verification section, click on the Verify button next to your domain.

      Samsara will verify for the TXT record in your DNS settings and display a green check mark next to your domain name if verification is successful.

      verification-domain-success.png

      Note

      This example displays the domain as samsarian.com, but yours will reflect your domain name.

    3. If domain verification fails, check the following:

      • Ensure the correct verification code is added to your DNS TXT record.

      • Check with your DNS provider to confirm the record has fully propagated.

      • Verify there are no typos or extra spaces in the record, and ensure the full string, including "code=", is included.

      • If you recently updated the DNS record, wait until the TXT record is propogated and try again.

  8. Proceed to configure Single Sign-On (SSO) Authentication for the verified domain.

    If you’re still experiencing issues even after verifying that all required attributes are correctly mapped, please reach out to our support team for assistance.

Troubleshoot Domain Verification Issues

Symptom

After completing the domain verification workflow, users see the following error.

Domainfailed.jpg

The domain for this email has not yet been verified. Please let your org administrator know

Possible Causes

  • TXT record could not be found.

  • The verification code did not match.

  • There is no access to the DNS provider.

  • The domain for this email has not yet been verified.

  • Incorrect mapping of required user attributes, such as email or name.

Solution

If your domain is verified but users are still seeing this error:

  • Ensure the user’s email matches the verified domain exactly.

  • See Single Sign-On (SSO) Authentication to ensure that required user attributes are correctly mapped in your identity provider settings.

  • If you’re still experiencing issues even after verifying that all required attributes are correctly mapped, please reach out to our support team for assistance.

Feedback

Was this article helpful?
3 out of 6 found this helpful
Have more to say? We want to hear it!
Have more questions? Submit a request
Return to top

Comments

0 comments

Please sign in to leave a comment.

Related articles

Articles in this section

©2024 Samsara Inc.

Chat with us