Set up organizational domains

  • Updated

Opti ID uses the organization's DNS domains to enable just-in-time (JIT) user onboarding.

The Opti ID Admin Center page lets organizations configure their DNS domains so that a user can log in if they have an email whose domain matches any of the configured domains for your organization, even if the user was not explicitly provisioned from user management in the Opti ID Admin Center.

To configure DNS domains for your organization, follow these steps:

You must configure SSO settings (for Entra ID or Okta using SAML or OIDC) before organization DNS domains can work. Ensure the SSO settings are properly configured and verified before proceeding with these steps.
  1. As an administrator, log in to your organization's home dashboard (
  2. Click Admin Center.
  3. Go to Settings > SSO.
    The Single Sign-on (SSO) settings view displays.


  4. Click Edit Domains and enter your organization's DNS domains. If you configure more than one domain, separate them with commas, and ensure you enter only domains your organization owns.

    Do not configure social domains such as,,, and so on. Also, do not configure domains belonging to external organizations that you may have a relationship with, such as agencies or partnerships. If users in your organization use email addresses with social domains or domains belonging to external organizations, you must explicitly provision them from the user management page in the Admin Center.


  5. After the domains are entered, click Save. This configures the DNS domains for your organization, and users with email addresses whose domains match any of the ones configured can log in to Opti ID without first being explicitly provisioned. You will still need to provision users in groups for product access.

Social Domains

The following social domains are blocked. Attempting to add them returns an error.