DNS Made Easy supports SAML (Security Assertion Markup Language) authentication for an added level of security and convenience when logging in to the dashboard. This allows you to use the same login credentials for multiple SAML-supported websites. It also allows you to manage all company logins in one place and satisfies SOC 2 policies for corporate and enterprise-level users.
SAML within DNS Made Easy assists users with:
- A faster and more secure login process
- Managing company-wide logins
- User Permissions customization
Once SAML has been configured for your organization, a SAML login can be initiated from the DNS Made Easy side (SP-initiated login) by entering your SAML email in the username field as shown above.
Things to Know About SAML in DNS Made Easy
- SAML Activation:
- Please note that this feature is exclusively accessible through Corporate Membership. To upgrade your account to this membership level please contact firstname.lastname@example.org.
- When SAML (Security Assertion Markup Language) is activated, you can choose between Service Provider (SP) or Identity Provider (IDP) initiated log-in.
- Once SAML is enabled for a user account, the email address becomes the username/identifier.
- Logging in requires entering the email address with the domain name, which redirects to your IDP.
- Local log-in using the account is no longer possible after SAML activation.
- It's recommended to configure at least one "break glass" user to ensure regular log-in during IDP issues or outages.
- Permissions for SAML Users:
- Enabling SAML retains permissions for existing users.
- Newly provisioned SAML users have no permissions by default and require manual configuration through the control panel.
- User Accounts:
- The email address becomes the username for SAML-enabled accounts.
- For the "break glass" account, it's advisable to use a regular username without the domain name.
- SAML log-in is not applicable to the "break glass" account.
- User Provisioning:
- New users can be provisioned through the control panel (with the option to create standard or SAML users) or via your IDP, as JIT provisioning is supported.
- Permissions for Provisioned Users:
- Newly provisioned users have no permissions in the DNS Made Easy application by default.
- Future updates will enable assigning permissions through roles and groups from the IDP.
- SAML Setup Initiation:
- To start the SAML setup, complete the required fields in the provided Google Form, which includes the necessary information for your IDP configuration.
- Please send an email to email@example.com to notify our team of this request.
- Once we receive the form, our DevOps team will perform the installation on our service.
- Fresh SAML installations require a restart of the SAML service, so we schedule them on Tuesdays and Thursdays during the business week for system stability.
- Disabling SAML Users:
- Currently, there is no option to disable a SAML user through the control panel.
- Our UI Developers are working on implementing this feature in the future.
- If needed, provide the username, and I can contact our SAML administrator to disable SAML for that specific user on your account.
- User Recreation:
- Alternatively, you can provision the user within your IDP, and SAML SSO log-in should work.
- If necessary, you can delete and recreate the user in the control panel.
- The user will need to re-confirm their email address and potentially reset their password.
- SAML Activation Fee:
- The $250 SAML activation fee is a one-time charge for the entire account when SAML is enabled.
- It is not charged per SAML user but rather a one-time fee of $250.