Docs

Verified domains

Verified domains can be used to streamline enrollment into an organization. For example, if the domain @clerk.com is verified, any user with an email address ending in @clerk.com can be automatically invited or be suggested to join an organization with that domain. The role assigned to this user will be the role set as the Default role in the organization settings page. The verified domains feature is useful for organizations that want to restrict membership to users with specific email domains.

A verified domain cannot be a disposable domain or common email provider. For example, you cannot create a verified domain for @gmail.com.

Warning

A verified domain can't be added if it's already in use for the organization's SSO.

Enable verified domains

Enabling verified domains applies to all organizations and cannot currently be managed on a per-organization basis.

In order to enable this feature:

  1. In the Clerk Dashboard, navigate to the Organizations Settings page.
  2. In the Verified domains section, check the Enable verified domains checkbox.
  3. The following setting will appear:
  • Enrollment mode - Choose between Automatic invitation and Automatic suggestion.

Enrollment mode

You can enable the following enrollment modes to be available for your application:

  • Automatic invitation - During sign-up, a user will receive an invitation for the organization if their email's domain matches the verified domain. The user will join the organization if they accept the automatic invitation.
  • Automatic suggestion - During sign-up, a user will receive a suggestion for the organization if their email's domain matches the verified domain. The user can request to join, and an administrator must accept this request before the user can join the organization.

Once a domain is added and verified in your organization, the user will have the option to select an enrollment mode from those you made available.

Adding and verifying domains

Domains can be added and verified under an organization by any user with the org:sys_domains:manage permission. By default, admins have this permission. The easiest way to add and verify domains is by using Clerk's [<OrganizationSwitcher />] component. In the General tab, there will be a Verified domains section.

Domains can be verified through an email verification code sent to an email that matches the domain. If the user adding the domain already has a verified email using that domain in their account, the domain will be automatically verified.

An application instance may only have one verified domain of the same name, and an organization may only have one domain of the same name (verified or unverified).

You can create up to 10 domains per organization to meet your needs. If you need more than 10 domains, contact support.

Custom flow

If Clerk's <OrganizationSwitcher /> does not meet your specific needs or if you require more control over the logic, you can use the Clerk API to add and verify a domain and update the domain's enrollment mode. Here's an example of how you can do this:

const { organization, domains } = useOrganization()

// create domain
const domain = await organization.createDomain('example.com')

// prepare email verification
domain.prepareAffiliationVerification({ affiliationEmailAddress: 'foo@example.com' })

// attempt email verification
domain.attemptAffiliationVerification({ code: '123456' })

// update domain enrollment mode
domain.updateEnrollmentMode({ enrollmentMode: 'automatic_invitation' })

Feedback

What did you think of this content?

Last updated on