Trusted Domains

Trusted Domains are used to restrict how users signup and login to the WarpStream Console. This includes disabling signups for new accounts using a certain email domain or requiring all authentication to be done via SSO.

Adding a Trusted Domain

To add a trusted domain navigate to your "Team" in the WarpStream Console sidebar and click on "Trusted Domains" in the top right. Once in the Trusted Domains UI you can use the "Add Domain" button to add the domain.

Once a domain is added, ownership must be verified before any enforcements can be put in place.

Verifying a Trusted Domain

Domain verification is done via TXT records. Every domain added to WarpStream will require a unique TXT record. In the Trusted Domains UI, under Operations and clicking verify will show the unique TXT record needed for this domain.

1. Sign in to your domain name host provider in a separate browser window.

2. Go to the DNS records for your domain.

3. Add a new TXT record with the following values:

Example of a verification code:

warpstream-verification=84IFEgv7xSyVKsYiWH2Rrg==

Editing a Trusted Domain

Once a domain is added you can edit the domain to add the following access restrictions:

When enabled these access restrictions are only enforced once a domain is verified.

• Disable Signup

  • Users will not be able to signup for a new account with an email matching the trusted domain. They will only be able to signup if invited to an existing team by another user.

• Require SSO

  • Users will not be able to signup or login via password with an email matching the trusted domain regardless if they were invited to an existing team. All users will be required to login via SSO.

  • If SSO is not properly configured for the team all users with an email matching the trusted domain will be locked out of the WarpStream Console. Please make sure SSO is properly setup and verified working before enabling this restriction.