In this article
DNSFilter user accounts with Super Admin permissions or higher use this article to configure single sign-on (SSO) for their organization.
SSO can be configured with any Identity Provider (IdP) that supports the generic OpenID Connect (OIDC) authentication process. The SSO feature is available to all DNSFilter plans at no extra charge.
Our Community hosts some tips for configuring SSO with Active Directory, Google Workspace, Okta, and other common OpenID Connection compatible apps. See the platform developer's documentation for additional support.
Warnings associated with adding or deleting SSO
Adding SSO
Topic |
Details |
Existing user accounts Admin or lower are deactivated. |
Non-Owner or non-Super Admin user accounts on the Users dashboard that previously authenticated via email/password will no longer be associated to the organization and will not be able to sign in using email/password. If the SSO connection is deleted in the future, these users will need to be manually invited again via the Users dashboard. |
New Users cannot be added to the organization via email invitation. |
Users simply need to navigate to the configured vanity URL and authenticate with the IdP to access the organization. The Add User button disappears once SSO is configured. |
Deleting SSO
Topic |
Details |
Owners or Super Admins must manually re-add user's email sign in. |
User accounts Admin or lower that had email/password authentication prior to enabling SSO will not regain that access when SSO is disabled. Owners/Super Admins must invite the users again via the Users dashboard. |
SSO users will no longer be able to sign in using the vanity URL. |
Attempting to navigate to the deleted vanity URL will bring users to the DNSFilter email/password login page. These users will receive an error message because their IdP credentials will not be valid. |
🚨 Important: These SSO users can attempt to reset their password from the DNSFilter login page, but will never receive an email because they do not have an account registered in the dashboard. Re-add the user's to the dashboard to resolve the issue. |
Configure SSO in the DNSFilter dashboard
Complete these steps once the IdP is configured and you have the IdP information to setup SSO.
- In the DNSFilter dashboard, navigate to Organization and select Settings
- Tab to Single Sign-On
- Select Configure Single Sign-On
- Select an identity provider
- Enter the IdP information
- Select the Default Role for authenticated users
- Customize the Sign-On text button (optional)
- Select Save
The dashboard will refresh and display the SSO configuration details. Use the Vanity URL for the organization single sign-on.
Account Owners will always be able to log in through both SSO and their username/password by default, allowing them access to the DNSFilter dashboard even in the event of an issue with their IdP.
Super Admins can be configured to also have this capability: add Super Admins before enabling SSO with username/password permissions. Once SSO is enabled, they will be able to log in through both SSO and their username/password.
Comments
0 comments
Please sign in to leave a comment.