Configure a custom email domain Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005ufqsaq&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fconfigure-a-custom-email-domain-968174767
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Configure a custom email domain
Published: Jan 31, 2018   -   Updated: Jun 22, 2018

 

 

okta-doc-source

This is an Early Access feature. To enable it, please contact Okta Support.

Configure a custom email domain


Settings > Email & SMS

You can configure a custom email domain so that email Okta sends to your end users appears to come from an address that you specify instead of the default Okta sender noreply@okta.com. This allows you to present a more branded experience to your end users. You can switch to a different custom domain or easily revert to the default Okta email domain. However, only one email domain can be in use at a time.

Okta sends your super admins a confirmation email once your custom domain is configured and operating correctly. To help ensure continuous operation, Okta polls your custom email domain once every 24 hours. If a problem occurs, Okta alerts super admins via email, and Okta-generated emails are sent from the default domain noreply@okta.com until the problem is resolved.


Prerequisites
  • Only qualified administrators with access to the DNS records of your public custom domain should attempt these procedures.
  • Okta strongly recommends that your organization implement the Sender Policy Framework (SPF) to prevent sender address forgery. If you already implement SPF in your custom domain, be aware that you must update the SPF record as described in this procedure.

Procedure
  1. Go to Settings > Email & SMS.
  2. Click the Sender link. Screenshot

    CustomEmail_SenderLink_254x228

  3. Select a sender in the Configure Email Sender dialog box. Screenshot

    CustEmailDomain_ConfigEmailSender_422x317

    If you select Custom email domain, enter or edit information in the following fields:

    1. Email address to send from
    2. Name of sender
    3. Mail domain to send from.

      Important: You must enter a unique subdomain that your organization has dedicated for Okta to send mail from. Later in this procedure, you will add this subdomain to your SPF record as an include-statement to show that you allow Okta to send mail from this subdomain.

  4. Save your changes.
    • The Save button appears if you chose noreply@okta.com, or if you chose a custom email domain and your org's DNS records do not need to be updated. You are finished after you click Save.
    • The Save & View Required DNS Records button appears if you chose a custom email domain and your org's DNS records need to be updated before your settings can take effect. After you click the button, the DNS records that you need to update are shown.
  5. Update your DNS records using the provided values. Screenshot

    CustEmailDomain_DNS records_426x276

  6. Click a DNS update option:
    • I've updated the DNS records — Okta begins polling your DNS records until it detects your updates (up to 24 hours). Your configuration is pending until the DNS updates are detected.
    • I will update the DNS records later — Your records are not polled and your configuration is incomplete until you update the relevant DNS records and click I've updated the DNS records. You can view the list of records that require an update at any time.
  7. Add the SPF record to your DNS zone (root domain).

    If your root domain already has an SPF record, Okta strongly recommends that you update it as described below to help prevent spoofers from sending mail that appears to have been sent from your domain.

    An SPF record specifies the mail servers that your organization has authorized to send mail from your domain.

    For example, if you only send mail from Microsoft Office 365, your SPF record will have an include-statement like this:

    example.com TXT      v=spf1 include:spf.protection.outlook.com -all

    To complete this procedure, you must add another include-statement that specifies the host shown in the first CNAME row in the Configure Email Sender dialog box. (This is also the domain that you specified in the Mail domain to send from field.)

    Screenshot

    CustEmailDomain_DNS records_hostname_cropped_472x143

    Add the host to the existing record to configure a combined SPF record like this:

    example.com TXTv=spf1 include:oktamail.example.com include:spf.protection.outlook.com -all


Known Issues
  • If you already send emails through SendGrid, you cannot configure Okta to send emails through that same domain.
  • You cannot have more than 10 DNS lookups in your SPF record.

Top