Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lightdash.com/llms.txt

Use this file to discover all available pages before exploring further.

Cloud Pro

Cloud Enterprise

Verified domains are part of per-organization SSO settings. Contact the Lightdash team if you don’t see the Verified domains panel in your settings.

What are verified domains?

A verified domain is a domain your organization has proven it owns by receiving a one-time passcode at an email address on that domain. Verified domains are the source of truth for SSO routing: when a user signs in with an email on a verified domain, Lightdash sends them to the SSO provider you’ve configured for your organization. Only one organization can hold a verified domain at a time — verification is first-come, first-served. Use verified domains when you want to:
  • Route users on your domain to your organization’s SSO provider.
  • Restrict an individual SSO method (Google, Okta, Azure AD, OneLogin, Generic OIDC) to a subset of your organization’s domains.
Verified domains control SSO routing only. They are separate from allowed email domains, which control which users can auto-join your organization.

Verify a domain

You must be an organization admin to verify a domain.
  1. In your Lightdash instance, click your initials at the top right and select Organization settings.
  2. Open the Verified domains panel.
  3. Click Add domain, then select Email.
  4. Enter an email address on the domain you want to verify (for example, admin@yourcompany.com). Public email providers like gmail.com or outlook.com aren’t accepted.
  5. Click Send code. Lightdash emails a 6-digit one-time passcode to that address.
  6. Enter the code before the on-screen timer expires. If the code expires or you exceed the attempt limit, request a new one.
Once verified, the domain appears in the list with a Verified badge.

Remove a verified domain

In the Verified domains panel, click Remove next to the domain. Removing a verified domain stops Lightdash from routing that domain’s users to your SSO providers and frees the domain so another organization can claim it.
If an SSO method is configured to route only a subset of verified domains (see below), removing the underlying verified domain also removes it from that subset.

Routing SSO methods to verified domains

Each SSO method in your organization (Google, Okta, Azure AD, OneLogin, Generic OIDC) routes users by email domain. In the SSO method’s settings panel:
  • Leave Override organization domains off to route all of your organization’s verified domains to this method. This is the default and works for most setups.
  • Turn Override organization domains on to restrict this method to a subset of your verified domains. You can only select domains that are already verified.
If you don’t have any verified domains yet, the override field links you back to the Verified domains panel.