MyKinsta is two control planes stacked on top of each other: a per-user side that handles your login, 2FA, and notifications, and a per-company side that handles billing, ownership, domains, and DNS. Most account and domain problems on Kinsta come from confusing the two, or from the free Cloudflare integration colliding with a Cloudflare account you already had. This guide covers the account, security, and domain decisions in the order they come up, with links to the step-by-step how-tos for each one.
What This Guide Covers
This is the account and domain management hub for Kinsta on Hoos Hosting. It explains how MyKinsta splits user settings from company settings, how to harden access with 2FA, how to move company ownership to a different person, how to add and verify a domain (including the Cloudflare integration quirks), and how Kinsta DNS works alongside your registrar. For the full host overview (plans, pricing, support, performance tools) start with the parent Kinsta hosting guide. For caching, CDN, Redis, and APM, the sibling Kinsta WordPress optimization guide picks up where this one stops.
How MyKinsta Splits User, Company, and Site Settings
Three tabs in the MyKinsta sidebar drive everything in this hub:
- User Settings. Your personal login, password, email address, two-factor authentication, and notification preferences. Every user in a Kinsta account has their own User Settings, even if they only have read-only access to one site.
- Company Settings. The legal entity: billing, tax details, payment methods, and the single Company Owner. Only the owner can close the account or transfer ownership. Administrators can do everything else, including adding and removing users, but they cannot delete the company.
- Site / Domains. Per-site domain configuration, the Cloudflare integration toggle, and the DNS records for each domain hosted through Kinsta DNS.
The reason this split matters: agencies that bill clients through the client's Kinsta account usually want the client to be Company Owner (so billing follows them) and the agency to be Administrator (so the agency can manage sites without owning the bill). Getting this wrong on day one is the most common reason for a messy handover six months later.
Securing Your MyKinsta Account with Two-Factor Authentication
Two-factor authentication on Kinsta is set per user, not per company, which catches new admins off guard. The owner enabling 2FA on their own account does not enable it on anyone else's. Every administrator and team member should turn it on individually from their User Settings. Kinsta supports authenticator apps (Authy, Google Authenticator, 1Password, Bitwarden) and the standard time-based one-time password format, so any TOTP app or password manager works. The full walkthrough lives in how to enable two-factor authentication on MyKinsta.
If your team uses an identity provider, Kinsta also offers SAML single sign-on on enterprise plans, which lets you manage MyKinsta access through Okta, Microsoft Entra ID, Google Workspace, OneLogin, Auth0, Duo, or JumpCloud. SSO replaces individual 2FA enrolment with whatever MFA your IdP enforces, which is the cleaner pattern once a team is more than a handful of people.
Transferring Company Ownership and Managing Users
The Company Owner role has exactly one exclusive permission that administrators do not get: the ability to close the company account. Everything else, including adding users, changing roles, and updating billing, is also available to administrators. That makes ownership transfer relatively safe, but the transfer has to happen through the right path: the new owner must already exist as an administrator in the company, the current owner triggers the transfer from Company Settings, and the change takes effect immediately. The detailed steps and the gotchas (the new owner cannot have pending invitations, for example) are in how to transfer company ownership on Kinsta.
For client handovers where the agency built the site and is handing it back, the safest sequence is: add the client as administrator, verify they can log in and access MyKinsta, then transfer ownership to them. This keeps the agency's user account active for any future maintenance the client buys, while moving billing and final control to the client.
Adding a Domain to Kinsta (and the Cloudflare Wrinkle)
Adding a domain in MyKinsta is straightforward on a clean slate: Domains, Add Domain, paste in the hostname, and Kinsta generates a kinstavalidation TXT record you add at your registrar to prove ownership. Once the TXT propagates, Kinsta verifies the domain and the free Cloudflare integration turns on automatically, proxying the domain through Cloudflare's enterprise network for CDN, DDoS protection, and free SSL with wildcard support.
The complication shows up when the domain is already proxied through a separate Cloudflare account (the orange-cloud icon at Cloudflare). Two Cloudflare proxy layers on the same hostname create a DNS loop and the Kinsta integration silently fails to take over. The fix is to either move the proxy from your Cloudflare account to Kinsta's (set DNS-only / grey cloud at your account first) or use the bring-your-own-Cloudflare option Kinsta supports on enterprise plans. The full step-by-step for the first path is in how to enable Kinsta's Cloudflare integration on an existing domain, including how to verify the integration is live (look for the Cloudflare badge in the MyKinsta Domains tab) and when it is safe to remove the verification TXT record.
Connecting a Domain with Multiple IP Addresses
Most Kinsta sites point a single A record at a single Kinsta IP, but multi-region setups, geo-failover, and wildcard A records all need the domain to resolve to more than one IP. Kinsta supports this, but the domain verification path is different because the standard Cloudflare-based check expects a single A record. The workaround uses CNAME flattening and a slightly different add-domain sequence so verification passes before the multi-IP DNS goes live. The detailed steps, including how to confirm both IPs are serving traffic, are in how to add a domain pointing to multiple IP addresses on Kinsta.
The same approach also handles the case where you want a wildcard A record (*.example.com) covering arbitrary subdomains, which is common for SaaS apps that route by subdomain. Kinsta does not document the multi-IP and wildcard paths together in their knowledge base, so the how-to fills that gap.
Choosing Between Kinsta DNS and Your Registrar's Nameservers
Every Kinsta plan includes Kinsta DNS, a managed DNS service running on Amazon Route 53 with global anycast resolution. You get it free, you can manage all standard record types (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS), and the resolver speed is competitive with any premium DNS service. The trade-off is whether to point your registrar's nameservers at Kinsta or keep your existing DNS host (Cloudflare DNS, Route 53 directly, Google Domains DNS, etc.).
Use Kinsta DNS when you want a single pane of glass for DNS and hosting, when the site lives entirely on Kinsta, or when you do not have a strong reason to keep DNS elsewhere. Keep your existing nameservers when you have email at the same domain that depends on MX records you do not want to migrate, when you run multiple sites across hosts and prefer one DNS provider, or when an automated system at your DNS host (a Terraform pipeline, an SaaS that manages DNS, a TXT-based verification system) would break if records moved. If you do migrate, copy every existing record into Kinsta DNS first, then change nameservers at the registrar; doing it in the reverse order causes downtime because the new nameservers go live with empty zones.
Notifications, Billing Alerts, and Who Gets What Email
MyKinsta sends several distinct categories of email: site uptime and resource alerts, security warnings, billing receipts and dunning notices, weekly performance summaries, and product update announcements. The notification preferences are per user, so the Company Owner is not automatically opted into the same notifications as administrators or developers. For a single-operator account this rarely matters; for an agency, it means the person who needs to know a client's site is down might not get the alert unless they enable that category on their own user. The settings tab and the rules for routing each category are walked through in how to manage MyKinsta notifications.
Billing notifications are the exception: dunning emails (failed payment, expiring card) go to the Company Owner's email address regardless of their notification preferences. Make sure the owner's email is one that gets read every day, not a shared inbox or a forwarding address that might bounce.
Common Account and Domain Problems and Their Fixes
A few patterns come up repeatedly in support tickets:
- "My Cloudflare integration is not working." Almost always because the domain is still proxied through a separate Cloudflare account. Set DNS-only (grey cloud) there, wait for DNS propagation, then re-verify in MyKinsta.
- "Domain verification keeps failing." The
kinstavalidationTXT record was added at the wrong host. It belongs on the apex (or the exact subdomain being verified), not on_kinstavalidationor any prefixed host. Check withdig TXT example.com. - "I cannot transfer ownership." The intended new owner has not accepted their administrator invitation yet, or they still have a pending invitation that needs to be revoked and re-sent after acceptance.
- "My 2FA codes do not work." The device clock has drifted. TOTP relies on synchronised time; resync the authenticator app or use the password-manager TOTP that pulls from network time.
- "I lost access to my authenticator." Use the recovery codes generated when 2FA was enabled. If those are also lost, Kinsta support can disable 2FA after identity verification, but that path is slow on purpose.
- "DNS changes are not taking effect." Check whether the record is in Kinsta DNS or at your old DNS host; once you change nameservers, edits at the old host stop having any effect even though the dashboard still lets you make them.
If you are still evaluating Kinsta before committing, the Kinsta review covers the broader pros and cons (price, support quality, the Google Cloud Platform infrastructure, the trade-off versus other managed WordPress hosts). For a quick start, the Kinsta plans page has the current pricing and a 30-day money-back guarantee on all tiers.
