Security, SSO, and access
earn how to control access to your workspace and track activity inside it. Claim and verify your company's email domain, choose how people join, connect Single Sign-On, restrict which sign-in methods are allowed and approve access requests.
Security, SSO, and access
The security area is where you control how people get into your workspace and keep a record of what happens inside it. As an Admin, you can verify your company's email domain, connect Single Sign-On, decide which sign-in methods are allowed, and review an audit log.
💡 Claiming your domain and turning on SSO is the single biggest step toward a secure, hands-off workspace. The right people join automatically and sign in with your company's existing login.
What's in this article?
- Claiming your email domain
- Choosing how people join
- Single Sign-On (SSO)
- Restricting sign-in methods
- Approving access requests
- The audit log
- FAQs
Claiming your email domain
Claiming a domain (like yourcompany.com) tells Model Match that you control it, so people with matching email addresses are handled the way you choose.
- In the security area, let's claim your domain.
- Add the verification record to your DNS using the token shown.
- Come back and verify. Once DNS checks out, the domain is yours.
You can unclaim a domain later if needed.
Choosing how people join
Once a domain is verified, set its join policy for people with a matching email:
- Auto-join. They're added to the workspace automatically.
- Request access. They ask, and an Admin approves.
- Invite only. They join only when you invite them.
🧠 Auto-join is great for fast onboarding inside a trusted company domain. Use request-access when you want a human check first.
Single Sign-On (SSO)
Connect your identity provider so your team signs in with your company's existing credentials instead of a separate Model Match login. SSO is configured per workspace from the security area.
Restricting sign-in methods
Limit which login methods are allowed, for example requiring everyone to sign in through SSO. This keeps access consistent with your company's security policy.
Approving access requests
When your join policy is request access, incoming requests land here for an Admin to approve or deny.
FAQs
Do I need to claim my domain to use SSO? Domain claiming and SSO work together to control access. Claim and verify your domain first, then configure how people sign in.
What if I can't add DNS records myself? Send the verification record to whoever manages your company's DNS. Once it's in place, come back and verify.
Can I require everyone to use SSO? Yes. Restrict sign-in methods so SSO is the only allowed path.
Who can see the audit log? Admins and the Owner.
Someone with our domain joined unexpectedly. Your join policy is probably set to auto-join. Switch it to request-access or invite-only.