Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Setting up a domain in an identity federation

Written by
Updated at October 29, 2025

Note

This feature is at the Preview stage.

A domain allows you to authenticate through Login Discovery. When authenticating, a user with your domain will be redirected to your identity federation.

Associating a domain

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command to associate a domain with a federation:

    yc organization-manager federation saml add-domain --help

  2. Run this command:

    yc organization-manager federation saml add-domain <federation_name_or_ID> \
  --domain <domain>

    Where --domain is your domain.

    Result:

    done (1s)
domain: example. com
status: NEED_TO_VALIDATE
status_code: organization/domain-diagnostics#need-to-validate
created_at: "2025-10-09T06:40:18.704791371Z"
validated_at: "1970-01-01T00:00:00Z"
challenges:
- created_at: "2025-10-09T06:40:18.704791371Z"
updated_at: "2025-10-09T06:40:18.704791371Z"
type: DNS_TXT
status: PENDING
dns_challenge:
name: _yandexcloud-challenge. example. com
type: TXT
value: TlHc5HKJDeQIgPqaoiiSXxgy3CWFD+MLMJJP********

    Save the value as you will need it to validate the domain.

Getting a list of domains

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for getting a list of domains in a federation:

    yc organization-manager federation saml list-domains --help

  2. Run this command:

    yc organization-manager federation saml list-domains <federation_name_or_ID>

Viewing information about a domain

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for viewing information about a domain in a federation:

    yc organization-manager federation saml get-domain --help

  2. Run this command:

    yc organization-manager federation saml get-domain <federation_name_or_ID> \
  --domain <domain>

    Where --domain is your domain.

Deleting a domain

You cannot delete the default domain or a domain with associated users.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting a domain from a federation:

    yc organization-manager federation saml delete-domain --help

  2. Run this command:

    yc organization-manager federation saml delete-domain <federation_name_or_ID> \
  --domain <domain>

    Where --domain is your domain.

    For example, delete my-domain.ru from my-federation:

    yc organization-manager federation saml delete-domain my-federation \
  --domain my-domain.ru
Previous
Renewing a Yandex Cloud SAML certificate
Next
Creating a user pool