SSO Domain Validation

Article author
Jing Wen Ng
  • Updated

To ensure a secure and trusted SSO (Single Sign-On) setup, domain verification is now a required step before activating SSO on Remote. This process confirms that your company owns the domain being used for authentication.

How Does It Work?

1. Access Security Settings

Navigate to your company's security configuration:

  1. Log into your administrative account
  2. Go to Company Settings
  3. Click on the Security card
  4. Select Single Sign-On (SSO)
    Single sign on
     

Note: If you haven't verified at least one domain, the SSO functionality will be disabled.

2: Add Your Domain

  1. Click the "Add Domain" button
  2. Enter your domain name (e.g., yourcompany.com)
  3. Click "Add Domain and Continue"
    Add domain
     

3: Generate and Copy the TXT Record

Once you've added your domain, the system will generate a unique TXT record. This record serves as proof of ownership.

  1. The system displays a unique TXT record value
  2. Click the "Copy" button to copy this record to your clipboard (If you're unsure how to do this, please refer to your DNS provider’s documentation or contact your IT administrator.)
  3. Keep this window open – you'll need to return here after updating your DNS
    Screenshot 2025-06-27 at 08.21.03-mh (2).png

Important: Each domain receives its own unique TXT record. If you're verifying multiple domains, each will have a different verification code.

4. Configure the TXT Record in Your DNS:

A DNS TXT record has two fields you need to fill in:

  • Name/Host field: Enter @ or leave blank (some providers auto-fill this)
  • Value/Content field: Paste the ENTIRE string from Remote, including the equals sign

Example Configuration:

Name/Host: @
Value/Content: remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165

⚠️ Important: The equals sign (=) is NOT a separator between name and value fields. It's part of the value itself. The entire string remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165 goes in the VALUE field.

Common DNS Provider Examples:

GoDaddy:

  • Type: TXT
  • Host: @
  • TXT Value: remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165

Cloudflare:

  • Type: TXT
  • Name: @ (or yourcompany.com)
  • Content: remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165

AWS Route 53:

  • Record name: Leave blank or enter your domain
  • Record type: TXT
  • Value: "remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165" (with quotes)

If you're unsure about your specific DNS provider, consult their documentation or contact your IT administrator.

5: Verify Your Domain

After adding the TXT record to your DNS:

  1. Return to the verification window
  2. Click "Verify Domain"
  3. The system will check if the TXT record matches
    Screenshot 2025-06-27 at 08.21.03-mh (3).png

Verification Timeline: usually it takes a few minutes to propagate, but sometimes could take up to 72 hours. If it takes longer than that, please ensure domain / TXT record etc is added correctly

If verification fails immediately, don't worry – DNS propagation takes time. Try again in 15-30 minutes.

Who Is Affected and Why Is This Important?

This update affects all companies using or setting up SSO for their organization. Domain validation secures your SSO configuration, safeguarding against unauthorized access. In the future, we'll require domain validation before the SSO setup, so we strongly recommend completing this process as soon as possible if you're setting up SSO.

To access the Zendesk help center using Remote SSO credentials, you'll need to verify your domain. This additional step enhances security and simplifies access across platforms.

Frequently Asked Questions

How long does domain validation take?

It can take up to 72 hours for the system to verify your domain after you add the TXT record to your DNS.

What happens if I disable SSO and re-enable it?

If you disable SSO, any domains you’ve already verified will remain verified. You can re-enable SSO at any time without needing to verify the domain again. However, if you delete the verified domains from the SSO dashboard, you’ll need to add and verify your domain again before SSO can be activated.

Can I have multiple domains in my SSO setup?

Yes, you can configure SSO with multiple domains. Each domain must be added and verified individually before it can be used in your SSO configuration. Make sure to complete the domain verification process for every domain you plan to include.

Why isn't my domain verifying after adding the TXT record?

  • Incorrect TXT record format
    • ✅ Correct: The entire string in the VALUE field: remote-domain-verification=566077b8-318a-47ae-8592-2446b692e165
    • ❌ Wrong: Using only the code part: 566077b8-318a-47ae-8592-2446b692e165
    • ❌ Wrong: Splitting at the equals sign
  • Common mistakes to avoid:
    • Missing the equals sign (=) - it's part of the value, not a separator
    • Adding extra spaces before or after the record
    • Using the wrong name/host field (should be @ or blank)
    • Adding the record to a subdomain instead of the root domain

Still having issues?

Double-check that:

  1. You've added the record to the same domain you declared in your SSO configuration
  2. You've waited a few minutes for the DNS changes to take effect
  3. There are no extra spaces before or after the TXT record

If you have any questions or need further assistance, please contact us.

Was this article helpful?

1 out of 1 found this helpful

Submit a request

Related articles

Comments

0 comments

Article is closed for comments.