Many organizations control more than just their primary domain. For Box admins, validating their Box managed users who do not use the organization's primary domain for their Box accounts requires extra work.
The Domain Management list allows you to verify Internet domains that you own and control to simplify your user and content management and to help prevent security breaches.
Adding those domains in the Domain Management list, automates the validation process. This also prevents unscrupulous people from outside the organization attempting to create Box accounts using email addresses in those domains.
The validation of a domain requires the existence of a unique code added to a DNS (domain name system) record for the domain. This means you must have access to your domain host.
Adding a Managed Domain
Note
Only primary admins, not co-admins, can add managed domains. Managed domains consist of only second-level and top-level domains, also known as a root domains, and do not include hostnames or subdomains.
Adding a managed domain consists of three separate tasks:
- Add the domain and get a unique code (also known as a hash).
- Create a new DNS record for the domain with the unique code.
- Validate the domain.
To add the domain:
- Go to Admin Console > Enterprise Settings > Custom Setup.
- In the Domain Management section, click Add Domain.
- Enter the domain name, which is the second-level and top-level domain identifier, also known as a root domain. (This is typically what would follow the @ in an email address.)
- Click Next Step.
- Click Copy. The unique code is copied to your clipboard. You may want to open a blank text document and paste the code there for use in the next task.
- Click Submit. The domain is added to the list with a status of Incomplete Setup.
To create a new DNS record for the domain:
Note
The exact steps differ depending on your hosting provider.
- Go to the administration console or dashboard of your domain's hosting provider.
- Go to where the domain is managed.
- Go to where the DNS records for the domain are kept.
- Add a TXT record with the following information:
- Host: The
@character, which means this is for the top-level domain. - Value: The code (hash) that was copied previously.
- Host: The
- Save the record.
To validate the domain:
- Go to Admin Console > Enterprise Settings > Custom Setup.
- In the Domain Management section, next to the domain you want to verify, which should show a status of Incomplete Setup, click the 3-dot button, and then click Refresh Status.
Box pings the domain to verify the existence of the DNS record with the correct code, and if verified, updates the status to Complete.
Deleting a Managed Domain
Note
Only primary admins, not co-admins, can delete managed domains.
You should delete a domain from the Domain Management list only if you have no managed users with accounts containing email addresses with that domain. Deleting such a domain results in the users losing access to shared links.
If you have SSO enabled for your organization, you cannot delete such a domain from the Domain Management list until all managed users containing email addresses with that domain change the email address in their accounts to a different email address with a different domain. Depending on how your SSO is configured, admins may be able to make this change, or users may be required to make this change themselves.
To delete a managed domain:
- Go to Admin Console > Enterprise Settings > Custom Setup.
- In the Domain Management section, find the domain you want to delete.
- Click the 3-dot button and then Remove Domain. If any managed have with email addresses in this domain, you will receive a warning that they will no longer have the access to shared links after you delete the domain. Tick the checkbox to confirm.
- Click Remove Domain to finish.