Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Verifying a domain

Written by
Updated at November 29, 2025

Note

This feature is at the Preview stage.

You can use only verified domains to add users.

To validate a domain, you must be its owner and have the credentials to modify DNS records on the website of your domain’s DNS provider.

Verifying a domain in a user pool

  1. Log in to Yandex Identity Hub using an administrator or organization owner account.
  2. In the left-hand panel, click User pools and select the user pool.
  3. Select the domain you need to verify.
  4. In the section that opens, you will see the details you will need to pass the domain rights check.
  5. After completing the verification, click Confirm.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Confirm that the domain belongs to you:

    1. Go to the DNS records management section on your domain's DNS provider's website:

    2. Add a TXT record with the following parameters:

      • Host or Subdomain: _yandexcloud-challenge.
      • Text or Value: The value field value you got after associating the domain.

    3. Wait for the DNS records to update. The update may take up to 72 hours.

  2. See the description of the CLI command for validating your domain in a user pool:

    yc organization-manager idp userpool domain validate --help

  3. Run this command:

    yc organization-manager idp userpool domain validate <pool_ID> <domain> \
  --name <domain>

    For example, validate my-domain.ru in my-federation:

    yc organization-manager federation saml validate-domain my-federation \
  --domain my-domain.ru

Use the Userpool.ValidateDomain REST API method for the Userpool resource or the UserpoolService/ValidateDomain gRPC API call.

Verifying a domain in an identity federation

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Confirm that the domain belongs to you:

    1. Go to the DNS records management section on your domain's DNS provider's website.

    2. Add a TXT record with the following parameters:

      • Host or Subdomain: _yandexcloud-challenge.
      • Text or Value: The value field value you got after associating the domain.

    3. Wait for the DNS records to update. The update may take up to 72 hours.

  2. See the description of the CLI command for validating your domain in a federation:

    yc organization-manager federation saml validate-domain --help

  3. Run this command:

    yc organization-manager federation saml validate-domain <federation_name_or_ID> \
  --domain <domain>

    Where --domain is your domain.

    For example, validate my-domain.ru in my-federation:

    yc organization-manager federation saml validate-domain my-federation \
  --domain my-domain.ru

Use the Federation.ValidateDomain REST API method for the Federation resource or the FederationService/ValidateDomain gRPC API call.

Previous
Associating a domain
Next
Getting a list of domains