RahalCorporate
CompaniesConcepts

Domain Verification

How email domain verification enables secure user onboarding

Domain Verification

Domain verification connects your company's email domains to Rahal, allowing employees to sign up and join your company automatically.

How It Works

When you verify a domain, Rahal recognizes email addresses from that domain as belonging to your company:

Verified Domains

A company can have multiple verified domains. This is useful for:

  • Multiple Email Domains — Organizations with multiple domains (e.g., acme.com, acme.net)
  • Acquisitions — Adding acquired company domains
  • Regional Variations — Country-specific domains (e.g., acme.co.uk)

Adding Verified Domains

Domains are configured in the company settings as a comma-separated list. For example: acme.com, acme.net, acme.co.uk

Domain matching is exact and case-insensitive. ACME.COM and acme.com are treated identically.

Domain Matching Logic

When a user signs up or logs in via OAuth:

  1. Extract Domain — Parse the email to get the domain portion
  2. Find Company — Search for a company with this domain in verifiedDomains
  3. Check Status — Verify the company is active and not deleted
  4. Apply Settings — Honor the company's auto-signup setting

Matching Rules

ScenarioDomainVerified DomainsMatch?
Exact matchuser@acme.comacme.com✅ Yes
Case variationuser@ACME.COMacme.com✅ Yes
Subdomainuser@sales.acme.comacme.com❌ No
Different domainuser@other.comacme.com❌ No

Subdomains are NOT automatically included. If you need sales.acme.com, add it explicitly to verified domains.

Security Considerations

Domain Ownership

Only add domains you actually own. Rahal does not perform technical domain verification (like DNS records). The security model assumes:

  • Company admins are trusted to add only legitimate domains
  • Platform administrators can audit domain claims

Email Verification

Even with domain verification, Rahal still requires email verification for password-based signups:

  1. User signs up with company email
  2. Verification email sent
  3. User clicks verification link
  4. Account becomes accessible

OAuth signups (Google, Microsoft) bypass email verification since the provider already verified the email.

Common Use Cases

Single Domain Company

Most companies have one email domain (e.g., acme.com). All employees with @acme.com emails can join the company.

Multi-Domain Organization

Large organizations may have multiple domains (e.g., acme.com, acme.net, acme-corp.com).

Allowing Subdomains

To support subdomains, add each one explicitly (e.g., acme.com, sales.acme.com, engineering.acme.com).

Troubleshooting

User Can't Find Their Company

  • Verify the domain is spelled correctly in company settings
  • Check the company is active (not deactivated or deleted)
  • Ensure the user is using the exact domain (not a subdomain)

Duplicate Domain Error

Each domain can only be associated with one company. If a domain is already claimed:

  • Check if another company has this domain
  • Contact platform administrators to resolve conflicts

Company Concepts

Key concepts for company management in Rahal

Auto-Signup

Configure automatic user activation for verified email domains

On this page

Domain VerificationHow It WorksVerified DomainsAdding Verified DomainsDomain Matching LogicMatching RulesSecurity ConsiderationsDomain OwnershipEmail VerificationCommon Use CasesSingle Domain CompanyMulti-Domain OrganizationAllowing SubdomainsTroubleshootingUser Can't Find Their CompanyDuplicate Domain Error