Skip to content

Verify and Lock Your Email Domain

When someone on your team signs up for a free Pactly trial using their work email, they create a separate account on your company’s domain that your admins don’t control. Later, when you try to add that same person to your real account, the add fails because their email is already in use elsewhere. Verifying and locking your domain stops these stray accounts from being created in the first place.

This article covers the two-step setup: verifying that you own a domain (Pactly emails a 6-digit code to an address on it), then locking that domain so no one outside your account can sign up with it. Both live in Company settings.

A locked domain means only your account can register Pactly users on that email domain. This solves two recurring problems:

  • Stray trial accounts. A colleague self-signs-up for a trial on yourcompany.com, creating an account your admins can’t see or manage. When you later try to add them properly, the email collides and the add is blocked. Locking the domain prevents the self-signup.
  • A foundation for SSO. Domain locking is what makes “everyone on our domain must sign in through our identity provider” enforceable. If you plan to roll out Microsoft Entra ID sign-in, verify and lock your domain first.

Verification has to come first: only verified domains can be locked.

Verification proves you control the domain. Pactly sends a 6-digit code to an email address on that domain; entering the code confirms ownership.

  1. In Account settings → Company, scroll to Verify a domain.
  2. In Email address, enter any address on the domain you want to verify, for example [email protected]. The domain part is what gets verified.
  3. Click Send verification code. Pactly emails a 6-digit code to that address.
  4. Check that inbox, then enter the code in Verification code and click Verify domain.

While a verification is in progress, the panel shows Verification pending for that domain, with a Resend verification code link if the email doesn’t arrive. You can cancel a pending verification and start over with a different address.

Once verified, the domain becomes available to lock in the panel above.

Locking is a checkbox per verified domain. A locked domain blocks new Pactly account creation on that domain by anyone outside your account.

  1. In Account settings → Company, scroll to Lock company domain(s).
  2. Under Lock domains, check the box next to each verified domain you want to lock. A locked domain shows a closed-padlock icon; an unlocked one shows an open padlock. Only verified domains appear here, so if the list is empty, verify a domain first.
  3. Optionally, fill in Locked domain message. This is the text shown to anyone who tries to sign up on the locked domain, so use it to point them at the right next step, for example: “Contact your IT team to be added to the company Pactly account.”
  4. Click Update domain lock settings to save.

To unlock a domain later, uncheck its box and save again.

Once a domain is locked:

  • Self-registration on that domain is stopped, and the person sees your Locked domain message.
  • New people now come in only through User management, not self-signup. See Add and Manage Users.
  • Adding a user whose email is not on a verified domain still works. Pactly shows an Unverified email domain warning and asks you to confirm with Add anyway, so external collaborators can still be added deliberately.

Locking does not retroactively remove accounts that already exist on the domain. If a stray trial account was created before you locked the domain, that account still exists and its email is still taken. Contact Pactly support to have a leftover account cleaned up so you can add the person to your account.

Locking a domain controls who can create an account on it. It does not, on its own, force those users to sign in through your identity provider. The two settings work together:

  • Lock the domain so only your account owns it. Do this first, since SSO builds on a locked domain.
  • Configure SSO (Microsoft Entra ID), then choose whether password sign-in stays available as a fallback. That choice is what determines whether people on your domain must use SSO.

SSO setup is covered in a separate Administration article.

Chat with us

We typically reply within a few minutes