Domain capture is a feature that blocks users in your domain from creating a Read account unless they are invited to join your Workspace. This helps ensure that everyone in your organization who is using Read belongs to your Workspace, and as a result, follows the same default settings, permissions, and policies that you've configured for your Workspace.
Domain capture is only available to Enterprise+ customers, and can be enabled from your Workspace settings.
How domain capture works
There are two different ways that domain capture can be implemented with Read; this article describes the more basic method, however if you are also using SAML with Read, you should read Enforcing SAML for users in your domain. With both methods, you will need to first verify your ownership of the domain(s) you want to capture.
The basic version of domain capture simply prevents users from creating new accounts unless they've been invited to join your Workspace. Once invited, they'll receive an email with a link to create their account, and when they do, they will automatically get added to your Workspace.
Without an invitation, anyone whose email domain matches one of your verified domains will receive an error when they try to create an account:
Notably, however, pre-existing accounts in your domain(s) can continue using Read without any impact, even if they don't belong to your Workspace. If you would like help deactivating specific user accounts after setting up domain capture, please reach out to Read Support.
Domain capture with SAML
If you have SAML enabled, there's an additional setting you can turn on for a version of domain capture that works with SAML. The setting is called "Enforce SAML on Verified Domains", and you can learn more about it here: Enforcing SAML for users in your domain
In addition to letting you manage who should and shouldn't be allowed to create a Read account, it will automatically block pre-existing users in your domain from logging in to Read if they aren't authorized via SAML.
How to enable domain capture
Prerequisites
In order to turn on domain capture, you'll need:
- a Read Workspace with the Enterprise+ subscription
- someone who is an admin in your Workspace
- someone who can modify your domain's DNS records
Step-by-step instructions
- Have a Workspace admin go to Manage Workspace > Settings and expand the Advanced (Enterprise+ Required) section:
- Click on "Add Domain" to add your domain. You can repeat this process later if you have multiple. You do not need to include any http:// or www. before your domain name.
-
After adding a domain, you'll then need to verify ownership of it. Click the "Verify" button next to your domain and a dialog like this will pop up:
- Copy the unique verification code from this dialog.
- Go to and log in to your domain registrar.
- Create a new TXT record in your DNS configuration with your verification code in it.
-
We recommend creating a new record in this format (pasting the code in without the square brackets):
read-ai-verification = [verification code copied from Workspace settings]
- The steps to update your DNS configuration will vary depending on your domain registrar, but should be a relatively easy task for someone on your IT team.
-
- Go back to your Read Workspace settings and click on "Verify Domain".
- Note that this might not work right away - DNS changes usually propagate within a few hours, but can sometimes take up to 72 hours.
- If you have additional domains, you can repeat the previous steps to add as many as needed.
- Lastly, toggle on "Enable Domain Capture" from your Workspace settings:
Note that a domain can only be claimed by a single Read Workspace; once you verify a domain for your Workspace, nobody else will be able to add it to their Workspace.
If you also use SAML with Read and enable the "Enforce SAML on Verified Domains" setting, that will take precedence over the basic "Enable Domain Capture" setting.