Domain Verification
Enterprise customers can verify domain ownership (eg. mycompany.com) for their organizations. Domain verification will allow organizations to claim a domain, supporting features such as automatic SSO action, allowing easier and faster login. Domains can be verified with a valid and unique-to-Bitwarden DNS TXT record.
Once a domain's ownership has been verified, users with that domain (eg. @mycompany.com) will be able to bypass the login with SSO step that would require the SSO identifier to be entered during login. Additionally, members of organizations that have claimed a domain will have their email automatically verified when onboarded.
In order to verify domain ownership, Bitwarden must verify that:
No other organization has claimed or verified the domain.
Your organization has ownership of the domain.
In order to verify ownership of the domain, Bitwarden will use a DNS TXT record. To verify a domain:
Log in to the Bitwarden web app and open the Admin Console using the product switcher ():
Product switcher Navigate to Settings → Domain verification:
Domain verification On the Domain verification screen you will see a list of active domains, along with status checks and options. If you have no active domains, select New domain.
In the pop-up window, enter a Domain name.
note
Be sure that the format of the text entry does not include
https://orwww..Copy the DNS TXT record and add it to your domain.
Select Verify domain.
You can manage and view the status of your domains from the Domain verification page.
Select the domain name, or the menu located on the right side of the domain item if you wish to edit, or delete a domain.
The menu provides additional options to Copy DNS TXT records, and to manually verify domain if automatic verification was not successful during the new domain setup.
Domains will have a status of UNVERIFIED or VERIFIED.
warning
Bitwarden will attempt to verify the domain 3 times during the first 72 hours. If the domain has not been verified within 7 days after the 3rd attempt, the domain will be removed from your organization.
Domain setup activities will be logged in the organization event logs. To view events, navigate to Reporting → Event logs in the Admin Console.
Now that your domain has been claimed by your organization, you can login without an SSO identifier:
Open the login page on your preferred Bitwarden client.
Enter your email containing the domain that was claimed (eg.
@mydomain.com) and select Continue.Select Enterprise single sign-on.
You will be redirected to your identity provider page, from here, use your SSO credentials to complete the login process.