diff --git a/spec/controllers/admin/domain_allows_controller_spec.rb b/spec/controllers/admin/domain_allows_controller_spec.rb
deleted file mode 100644
index 036d229091..0000000000
--- a/spec/controllers/admin/domain_allows_controller_spec.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe Admin::DomainAllowsController do
-  render_views
-
-  before do
-    sign_in Fabricate(:user, role: UserRole.find_by(name: 'Admin')), scope: :user
-  end
-
-  describe 'GET #new' do
-    it 'assigns a new domain allow' do
-      get :new
-
-      expect(response).to have_http_status(200)
-    end
-  end
-
-  describe 'POST #create' do
-    it 'blocks the domain when succeeded to save' do
-      post :create, params: { domain_allow: { domain: 'example.com' } }
-
-      expect(flash[:notice]).to eq I18n.t('admin.domain_allows.created_msg')
-      expect(response).to redirect_to(admin_instances_path)
-    end
-
-    it 'renders new when failed to save' do
-      Fabricate(:domain_allow, domain: 'example.com')
-
-      post :create, params: { domain_allow: { domain: 'example.com' } }
-
-      expect(response).to render_template :new
-    end
-  end
-
-  describe 'DELETE #destroy' do
-    it 'disallows the domain' do
-      service = instance_double(UnallowDomainService, call: true)
-      allow(UnallowDomainService).to receive(:new).and_return(service)
-      domain_allow = Fabricate(:domain_allow)
-      delete :destroy, params: { id: domain_allow.id }
-
-      expect(service).to have_received(:call).with(domain_allow)
-      expect(flash[:notice]).to eq I18n.t('admin.domain_allows.destroyed_msg')
-      expect(response).to redirect_to(admin_instances_path)
-    end
-  end
-end
diff --git a/spec/system/admin/domain_allows_spec.rb b/spec/system/admin/domain_allows_spec.rb
new file mode 100644
index 0000000000..1c462ff7cc
--- /dev/null
+++ b/spec/system/admin/domain_allows_spec.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Admin::DomainAllows' do
+  let(:user) { Fabricate(:user, role: UserRole.find_by(name: 'Admin')) }
+  let(:domain) { 'host.example' }
+
+  before do
+    Fabricate :account, domain: domain
+    Instance.refresh
+    sign_in user
+  end
+
+  around do |example|
+    original = Rails.configuration.x.limited_federation_mode
+    Rails.configuration.x.limited_federation_mode = true
+
+    example.run
+
+    Rails.configuration.x.limited_federation_mode = original
+  end
+
+  describe 'Managing domain allows' do
+    it 'saves and then deletes a record' do
+      # Visit new page
+      visit new_admin_domain_allow_path
+      click_on I18n.t('admin.domain_allows.add_new')
+      expect(page)
+        .to have_content(I18n.t('admin.domain_allows.add_new'))
+
+      # Submit invalid with missing domain
+      fill_in 'domain_allow_domain', with: ''
+      expect { submit_form }
+        .to not_change(DomainAllow, :count)
+      expect(page)
+        .to have_content(/error below/)
+
+      # Submit valid with domain present
+      fill_in 'domain_allow_domain', with: domain
+      expect { submit_form }
+        .to change(DomainAllow, :count).by(1)
+      expect(page)
+        .to have_content(I18n.t('admin.domain_allows.created_msg'))
+
+      # Visit instance page and delete the domain allow
+      visit admin_instance_path(domain)
+      expect { delete_domain_allow }
+        .to change(DomainAllow, :count).by(-1)
+      expect(page)
+        .to have_content(I18n.t('admin.domain_allows.destroyed_msg'))
+    end
+
+    def submit_form
+      click_on I18n.t('admin.domain_allows.add_new')
+    end
+
+    def delete_domain_allow
+      click_on I18n.t('admin.domain_allows.undo')
+    end
+  end
+end