Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Associating a domain

Written by
Updated at November 29, 2025

Note

This feature is at the Preview stage.

You can associate a domain with a user pool or federation, which allows authentication through the Login Discovery system. When authenticating, a user with your domain will be redirected to your federation or user pool.

To use a domain in a user pool or federation, domain ownership must be verified via a DNS record.

Warning

You can only associate each domain with one user pool or one federation.

Associating a domain with a user pool

  1. Log in to Yandex Identity Hub using an administrator or organization owner account.
  2. In the left-hand panel, click User pools and select the user pool.
  3. In the top-right corner, click Add domain.
  4. Enter the domain name.
  5. Click Add.

To use the domain to add new users, have it verified.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command to associate a domain with a user pool:

    yc organization-manager idp userpool domain add --help

  2. Run this command:

    yc organization-manager idp userpool domain add <pool_ID> <domain>

    Result:

    done (1s)
domain: example. com
status: NEED_TO_VALIDATE
status_code: organization/domain-diagnostics#need-to-validate
created_at: "2025-10-09T06:40:18.704791371Z"
validated_at: "1970-01-01T00:00:00Z"
challenges:
- created_at: "2025-10-09T06:40:18.704791371Z"
updated_at: "2025-10-09T06:40:18.704791371Z"
type: DNS_TXT
status: PENDING
dns_challenge:
name: _yandexcloud-challenge. example. com
type: TXT
value: TlHc5HKJDeQIgPqaoiiSXxgy3CWFD+MLMJJP********

    Save the value as you will need it to validate the domain.

Use the Userpool.AddDomain REST API method for the Userpool resource or the UserpoolService/AddDomain gRPC API call.

Associating a domain with a federation

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command to associate a domain with a federation:

    yc organization-manager federation saml add-domain --help

  2. Run this command:

    yc organization-manager federation saml add-domain <federation_name_or_ID> \
  --domain <domain>

    Where --domain is your domain.

    Result:

    done (1s)
domain: example. com
status: NEED_TO_VALIDATE
status_code: organization/domain-diagnostics#need-to-validate
created_at: "2025-10-09T06:40:18.704791371Z"
validated_at: "1970-01-01T00:00:00Z"
challenges:
- created_at: "2025-10-09T06:40:18.704791371Z"
updated_at: "2025-10-09T06:40:18.704791371Z"
type: DNS_TXT
status: PENDING
dns_challenge:
name: _yandexcloud-challenge. example. com
type: TXT
value: TlHc5HKJDeQIgPqaoiiSXxgy3CWFD+MLMJJP********

    Save the value as you will need it to validate the domain.

Use the Federation.AddDomain REST API method for the Federation resource or the FederationService/AddDomain gRPC API call.

Previous
Deleting a user pool
Next
Verifying a domain