This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Technical Support Solutions
- SSO Domain Verification Fails in Lansweeper Cloud
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
apiknowbler
Engaged Sweeper
Options
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
4 weeks ago
Summary
Description
When setting up Single Sign-On (SSO) in Lansweeper Cloud, users may encounter an issue where the domain verification for example.com fails even after adding the required DNS TXT record. The Lansweeper portal continues to show the status “Domain not verified.”
Cause
This problem typically occurs when the TXT record is not created at the root of the domain. Lansweeper’s verification process expects the TXT record under the base domain (e.g., example.com), not under a subdomain such as subdomain.example.com.
Additionally, DNS changes may take several minutes to propagate before verification succeeds.
Prerequisites
- Administrative access to your DNS management console.
- The verification string provided by Lansweeper Cloud during SSO setup.
- Access to a terminal command like
nslookupor an online DNS lookup tool to test DNS changes.
Troubleshooting Used
The following command was used to confirm whether the TXT record was visible:
nslookup -type=TXT subdomain.example.com 8.8.8.8
If the result does not display the expected verification key, the DNS record is either delayed in propagation or added to the incorrect level of the domain.
Resolution Steps
Log in to Your DNS Management Tool
Access DNS management for the root domain (for example, example.com).
Add the TXT Record at the Root Domain Level
Create a TXT record directly under example.com, not under a prefixed subdomain (subdomain).
Type: TXT
Name/Host: example.com
Value: [Your Lansweeper verification string]
TTL: 30 minutes (or default)
Wait for DNS Propagation
Allow sufficient time (up to 48 hours) for your DNS changes to propagate across all servers.
Verify DNS Visibility
Use a global DNS check such as MxToolbox or nslookup to confirm the TXT record is publicly visible.
Revalidate in Lansweeper Cloud
Go back to Settings → Single Sign-On → Verify Domain in Lansweeper Cloud and select Verify Domain.
Remove the TXT Record (Optional)
After successful domain verification, the TXT record can safely be removed.
Verification
Return to Single Sign-On settings in your Lansweeper Cloud portal:
- The domain should display as Verified and show a green check mark.
- You can now enable SSO for your users under the verified domain.
Additional Resources
Set up Lansweeper SSO
Step-by-step setup with IdP and TXT verification guidance.
https://community.lansweeper.com/t5/sites/set-up-lansweeper-sso/ta-p/64566
Common SSO Issues and Troubleshooting
Includes "Domain verification fails" and misconfiguration causes.
https://community.lansweeper.com/t5/quick-tech-solutions/sso-users-are-prompted-to-create-a-new-lans...
Summary
Creating the TXT record under the root of your domain (example.com) ensures Lansweeper can complete verification. Subdomain-level records are not recognized by the verification lookup. Once validated, SSO setup can proceed normally.
Labels:
No ratings
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now