Verified domains
Verified domains can be used to streamline enrollment into an organization. For example, if the domain @clerk.com
is verified, any user with an email address ending in @clerk.com
can be automatically invited or be suggested to join an organization with that domain. The role assigned to this user will be the role set as the Default role in the organization settings page. The verified domains feature is useful for organizations that want to restrict membership to users with specific email domains.
A verified domain cannot be a disposable domain or common email provider. For example, you cannot create a verified domain for @gmail.com
.
Enable verified domains
Enabling verified domains applies to all organizations and cannot currently be managed on a per-organization basis.
In order to enable this feature:
- In the Clerk Dashboard, navigate to the Organizations Settings page.
- In the Verified domains section, check the Enable verified domains checkbox.
- The following setting will appear:
- Enrollment mode - Choose between Automatic invitation and Automatic suggestion.
Enrollment mode
You can enable the following enrollment modes to be available for your application:
- Automatic invitation - During sign-up, a user will receive an invitation for the organization if their email's domain matches the verified domain. The user will join the organization if they accept the automatic invitation.
- Automatic suggestion - During sign-up, a user will receive a suggestion for the organization if their email's domain matches the verified domain. The user can request to join, and an administrator must accept this request before the user can join the organization.
Once a domain is added and verified in your organization, the user will have the option to select an enrollment mode from those you made available.
Adding and verifying domains
Domains can be added and verified under an organization by any user with the org:sys_domains:manage
permission. By default, admins have this permission. The easiest way to add and verify domains is by using Clerk's [<OrganizationSwitcher />
] component. In the General tab, there will be a Verified domains section.
Domains can be verified through an email verification code sent to an email that matches the domain. If the user adding the domain already has a verified email using that domain in their account, the domain will be automatically verified.
An application instance may only have one verified domain of the same name, and an organization may only have one domain of the same name (verified or unverified).
You can create up to 10 domains per organization to meet your needs. If you need more than 10 domains, contact support.
Custom flow
If Clerk's <OrganizationSwitcher />
does not meet your specific needs or if you require more control over the logic, you can use the Clerk API to add and verify a domain and update the domain's enrollment mode. Here's an example of how you can do this:
Feedback
Last updated on