Configure DNSFilter with Single Sign-On (SSO) with any Identity Provider that supports the generic OpenID Connect (OIDC) authentication process, including Active Directory (AD)! 

Use this post for an assist with setting up AD SSO. See Microsoft's documentation if you have questions about how to configure your AD, Entra ID, or Azure environment.

🤝 MSP Callout

Add your CNAME SSO URL in the Home page URL field under branding & properties on the app registration. This way the app works from the microsoft.com My Apps dashboard.

Follow these steps to create a registration before configuring SSO within the DNSFilter dashboard.

1. Create an app registration
   1. Select Web for the platform
   2. Enter the DNSFilter static authentication callback URL in the URL field: https://auth.dnsfilter.com/login/callback
2. Assign Users and Groups for the Enterprise app
   1. Change the Assignment Required option to "yes"
3. Add a New Client Secret
   ⚡️ Pro Tip: To avoid being locked out of the DNSFilter dashboard, keep track of when this secret expires. Create a new AD secret and update it within the DNSFilter SSO configuration prior to expiration.
   1. Copy the client's Secret Value to the clipboard. This is the only time the client secret value is visible & available to copy. Store the app registration secret value in a secure location / secret vault
4. Copy these values to the clipboard to add during DNSFilter dashboard setup:
   - Application (client) ID
   - Client Secret Value (step 3 above)
   - OpenID Connect metadata document (found under Endpoints in the app registration) 

Navigate to the DNSFilter dashboard and follow the instruction to complete the SSO setup.