- 25 Jan 2023
- 5 Minutes to read
- DarkLight
Manage Enterprise domain control in InVision V7
- Updated on 25 Jan 2023
- 5 Minutes to read
- DarkLight
InVision Enterprise provides a central hub for your organization’s work and collaboration. Content in the Enterprise account can be secured to company standards as well as managed and monitored by Enterprise admins.
Despite having an Enterprise InVision account, you might find that individual employees continue to sign up for and work in an unrelated personal InVision account—potentially leaving the Enterprise without direct visibility or control over the company assets. Domain control gives Enterprise teams a way to help prevent this.
How does domain control work?
Domain control helps protect your Enterprise assets by identifying and preventing employees of the organization from signing up for personal accounts using email domains controlled by your organization. To enable domain control, an Enterprise admin needs to add and verify a new domain (or domains).
After the admin has completed the domain verification steps and InVision has verified the domains belong to your organization, anyone who tries to create a separate InVision account using the corporate email address associated with the Enterprise will get prompted to request access to the Enterprise account instead. Only domains owned or controlled by your organization may be submitted for domain control.
Once the new user requests access to the Enterprise, the Enterprise owner will receive an email with a link to invite that user to the Enterprise team.
Verifying a domain
If you're an owner or admin of an InVision V7 Enterprise, there are two ways you can verify domains for your organization:
- Verification file upload
- DNS TXT record
To access your domain control settings:
- Sign in to your InVision Enterprise account here:
your-team-name
.invisionapp.com - In the lower-left corner, click the expandable team tray, and then click Settings.
- Scroll down to Domain Control and click Change.
Verification file upload
To verify a domain by uploading a unique HTTP verification file, open your domain control settings in InVision, and then complete these steps:
- Below the Verifying a domain heading, click the File upload tab.
- In step 1 of the in-app instructions, click the from here link.
- Locate the root director folder of the domain you want to verify, and upload the unique HTTP verification file you downloaded in step 5 (of theseinstructions).Note: You'll need to work with your organization's internal IT team to add the file to your root directory folder, and then return to InVision for the following steps.
- Below the Domains heading, click + New domain.
- In the Domain field, enter the URL.
- Click the Verification method dropdown and select File upload.
- Click Verify.
DNS TXT record
To verify a domain by adding the TXT record to the other DNS records for the domain, open your domain control settings in InVision, and then complete these steps:
- Below the Verifying a domain heading, click the DNS TXT record tab.
- Below step 1 of the in-app instructions, click Copy.
- Locate the DNS records for the domain, and paste TXT record you copied.You'll need to work with your organization's internal IT team to manage the DNS records, which can take up to 72 hours to propagate, and then return to InVision for the following steps.
- Below the Domains heading, click + New domain.
- In the Domain field, enter the URL.
- Click the Verification method dropdown and select DNS.
- Click Verify.
Other questions about domain control?
Here are answers to a few important questions we’ve received about domain control.
What if my Enterprise has more than one corporate email domain?
You can verify each domain as needed. Just repeat the verification steps above for each domain. Once you’ve verified each domain, anyone using an email for one of your controlled domains will be unable to create a new team and will, instead, get directed to request access to the Enterprise team.
What if my company uses more than one InVision Enterprise account (i.e., multiple subdomains)?
You can enable domain control on each Enterprise Account. If multiple Enterprise accounts have verified the same corporate domain, during the InVision sign-up process, anyone with an email from that domain can then choose to request access to one of the Enterprise accounts.
To avoid potential confusion for your employees, we recommend limiting the number of Enterprise accounts that control a single corporate email domain.
What if my Enterprise uses SSO? Can users still request access?
During the InVision sign-up process, any user with a controlled email domain will see teams with SSO enabled; however, rather than getting prompted to request access, they’ll be prompted to sign-in via SSO. And, depending on your SSO configuration, users can either be auto-provisioned to your team or redirected to your internal access provisioning workflow.
Is there any way users can still create personal accounts with corporate email addresses?
Users typically create personal accounts when they sign up for InVision from the homepage, most often because they’re unaware their company even has an Enterprise account. Domain control helps solve this problem.
To support cross-team and cross-company collaboration use cases, however, employees with Enterprise-controlled emails can still use the controlled email to accept invites to collaborate with non-Enterprise accounts.
What’s the difference between domain control and approved domains?
While domain control and approved domains sound rather similar, the two features actually solve separate needs, which boil down to two principles:
- Available for teams on any InVision plan, approved domains make it easier to join a team: Anyone with an email domain that’s included on a team’s approved domains list can join that team without invitation or approval.
- Available to Enterprise teams, domain control prevents the creation of unwanted teams: It’s not possible for anyone with an Enterprise-controlled email domain to create new teams. Instead, they’re restricted to working within the teams created and managed by the Enterprise.
Can my Enterprise enable both domain control and approved domains?
Yes, it’s possible to use both the domain control and approved domains features simultaneously.
Enabling domain control and approved domains for an email domain gives you the benefits of both features:
- Users signing up to InVision with a controlled domain cannot create new teams—they must join the Enterprise team.
- Because you’ve marked these domains as approved, these users don’t need to request access—and won’t need to spend time approving requests from new users with an approved email domain. They can simply join the Enterprise team and start working.
How can I change the way users request access to InVision?
To reconfigure the way new users can request to join your Enterprise team:
- Sign in to your InVision Enterprise account here:
your-team-name
.invisionapp.com - In the lower-left corner, click the expandable team tray, and then click Settings.
- Scroll down to Request Access and click Change.
- Choose your preferred method:
- To have requests sent by email, select Requests to join the team will be sent to the email of your choosing. Then, enter the email address that should receive requests.
- To prompt new users with custom instructions, select Set a custom message that explains how a user can request access. Then, enter the message you want users to see.
- Click Update.