Verifying your domains
The first step to enabling SSO for your Claras account is to verify ownership of your domains - specifically the domains of your company email addresses. This is required for two reasons:
When a user goes to login, we know which provider to send them to
We can prevent users in your company from creating their own separate Claras account
You must have at least one verified domain against your account for SSO to work.
In Claras, navigate to Settings > SSO and click New Domain. Add the hostname of your company email address, and click Create Domain.
You'll be presented with a unique TXT record that needs to be created in your domain DNS settings. You can view the record again at any time under the three dot menu.
Claras will poll for the record until it is returned. Depending on your domain provider, this may take up to 24h.
Once we have received the TXT record and confirm it matches the expected value, the domain will show a green "Verified" badge. Here's what each badge means:
Active - Users with this domain in their email will be directed to your provider to initiate the SSO flow. They will also be blocked from creating their own account.
Verified - We can see a matching TXT record against your domain and know you own it.
Your verified domains will become Active when you enable your SSO provider, and likewise deactivate if SSO is disabled.
Once a domain has been verified, we periodically check the DNS records every 24h to ensure you still own the domain. This means you must not remove the DNS record even once it has been verified. If we are no longer able to see the TXT record against your domain, its verified status will be removed and all users with the Owner or Manager role will be notified via email.
To prevent disruptions to your team, the domain will remain Active for 7 days. Users will still be able to login using SSO as normal. You will also be sent follow-up emails every day until either:
The DNS record is restored
7 days have passed since we were last able to verify the domain
If the domain cannot be verified after 7 days, it will be deactivated and users with that email will no longer be able to login using SSO.
While you're waiting for your domains to be verified, you can start setting up your provider in Entra.
When a user goes to login, we know which provider to send them to
We can prevent users in your company from creating their own separate Claras account
You must have at least one verified domain against your account for SSO to work.
Setting up your domains
In Claras, navigate to Settings > SSO and click New Domain. Add the hostname of your company email address, and click Create Domain.
You'll be presented with a unique TXT record that needs to be created in your domain DNS settings. You can view the record again at any time under the three dot menu.
Claras will poll for the record until it is returned. Depending on your domain provider, this may take up to 24h.
Once we have received the TXT record and confirm it matches the expected value, the domain will show a green "Verified" badge. Here's what each badge means:
Active - Users with this domain in their email will be directed to your provider to initiate the SSO flow. They will also be blocked from creating their own account.
Verified - We can see a matching TXT record against your domain and know you own it.
Your verified domains will become Active when you enable your SSO provider, and likewise deactivate if SSO is disabled.
Maintaining verification
Once a domain has been verified, we periodically check the DNS records every 24h to ensure you still own the domain. This means you must not remove the DNS record even once it has been verified. If we are no longer able to see the TXT record against your domain, its verified status will be removed and all users with the Owner or Manager role will be notified via email.
To prevent disruptions to your team, the domain will remain Active for 7 days. Users will still be able to login using SSO as normal. You will also be sent follow-up emails every day until either:
The DNS record is restored
7 days have passed since we were last able to verify the domain
If the domain cannot be verified after 7 days, it will be deactivated and users with that email will no longer be able to login using SSO.
Next steps
While you're waiting for your domains to be verified, you can start setting up your provider in Entra.
Updated on: 12/05/2025
Thank you!