### Problem to solve & Further details Validating a domain would solve a couple of issues: * Public Groups Verification * When a developer downloads a project’s code, they should be confident that they’re downloading the code that they think they are. * To give developers more confidence that a given group is the official home of the open-source project. Group admins can verify their ownership of one or more domains via their group’s settings. * If the email is verified, the group should receive a Verified badge, indicating that we’ve confirmed the group’s ownership of the domains on their profile. * Email verification for Enterprise Provisioned Accounts * When an account is created by SCIM/SAML, the end user still needs to validate their email. * This leads to frustration since it can lead to onboarding delays. * If the enterprise can prove that they own a domain, we can skip the email validation step since we're sure that the email account is owned by the organization that manages that group. * Account ownership and group membership management * Our [new terms of service](https://about.gitlab.com/privacy/2021-update-faq/#whats-changed-in-the-subscription-agreement) state that an account with an enterprise email address belongs to that enterprise. * If domain ownership is proven we can consider features like: * Placing restrictions on sign-ups so that individual users can't create accounts with those domains through the regular sign-up process. * Auto-inviting users to a group upon successful sign up if their email matches the verified domain. * Allowing group administrators to look for existing users whose email matches their domain and add them to their group. ### What does success look like, and how can we measure that?    #### Requirements questions - How do we automate the validation process in the future? - what does it mean to "validate" an organization - What documents or (other object) does an organization need to submit as proof? - Is this process (reclaiming accounts) a retroactive process only? - Once enabled can an organization proactively block creation of accounts on `gitlab.com` with specific email addresses?