Learn how domain verification, SAML, and SCIM work in organizations with workspaces.
Available on plans:
Free
Professional
Team
Enterprise
Domain verification
When you verify a domain at the organization level, it applies to all workspaces in the organization. Domain verification is configured at the organization level only. Any workspace can use the verified domain for SAML authentication and SCIM provisioning.
SAML and SCIM configuration
SAML and SCIM are configured at the organization level only. One SAML app in your identity provider (IdP) covers all workspaces in the organization.
- Configure SAML once at the organization level.
- Configure SCIM once at the organization level.
- Users provisioned via SCIM are added to the organization. An admin must then add them to a user group that has access to a workspace before they can use Zapier.
- If you have the same user in the organization and one or more workspaces, Zapier assumes they are defined in the same identity provider (IdP) and that the external_id and other user data match.
Domain access settings
Your domain access setting determines how users join your organization:
- Only invited members (default): Users must receive an invitation, be autoprovisioned via SCIM, or authenticate through your SAML app. Users who attempt to sign up without an invitation will be blocked.
- Anyone at a verified domain can join: Users with an email address matching your verified domain can join automatically when they sign up on Zapier.com. No invitation is required.
How users access workspaces
Being a member of the organization does not automatically grant access to workspaces. Users must be added to a user group that is mapped to a workspace before they can access that workspace.
Learn more about managing members and User Groups.