Security Assertion Markup Language (SAML) provides the solution for providing both Authentication and Authorization services for UltraDNS customers. By sharing security credentials between customers and our Security Services team(s) at UltraDNS, we are able to transition your users’ internal login credentials to an UltraDNS Managed Services Portal (UI Portal) username. Once successfully completed, we are able to create a Single Sign On (SSO) relationship between our services and systems.
We highly recommend you review the SAML Quick Start Guide to avoid any confusion or errors in your SAML request, as you will need to reach out to Customer Support for further assistance as your SAML details cannot be updated once they have been submitted.
Please note that if you have configured Account Level Allowed IP (ranges) for your account, these do not currently apply to SAML users, as the IP authentication check is done by the Identity Provider (IDP), not UltraDNS.
Initiating SAML Setup
To create a request to get SAML initiated for your account:
-
Click on Accounts from the left-hand navigation menu.
-
Select the Account Name that you want to enable SAML for.
-
Click the SAML tab.
-
Complete each of the required fields for all three sections:
-
Customer Contact Information – Support will reach out to the person listed if any assistance or issues arise during the SAML submission and provisioning process.
-
Federation Related Information - Download the sample XML metadata file so that you can copy the format exactly before uploading your data.
-
Please use the corresponding NameID Format option that matches how your internal login IDs are currently formatted. This option will determine how your new SAML logins are generated.
-
-
DNS Related Information – Please provide your unique company name (or a unique version of your company name) to complete the URL that will be issued to allow your users to log in.
-
Allow the owner of the account dual access – If you (as the Admin) need to retain access to the UI Portal, as well as getting access via SAML (SSO), check the box for dual access.
-
If you opt not to check the box, you will no longer be able to log in directly to the UltraDNS Managed Services Portal.
-
-
-
-
Click Submit SAML Setup Request when finished.
Please note that submitting inaccurate or invalid data during the SAML Setup process will delay and cause further complications for our Support team to provision the SAML process. Please ensure that all of the information you are providing is accurate, and matches the required format being requested. |
Once your SAML request has been submitted, and email will be sent to the Primary Point of Contact’s email address you provided. Please verify the information in the email is correct, and retain the vanity URL provided, as this will be the URL that you and your users will use to access the UI Portal moving forward. For further assistance, please refer to the SAML Quick Start Guide found on the Support page of the UI Portal.
Please wait a few minutes before trying to log in using the vanity URL that has been emailed to you. While you wait for the email confirmation, please continue through this guide for the final steps of setup.
After your submission has been processed, the UltraDNS Users Details section will appear with the list of your users currently found on the UltraDNS UI Portal. Your users’ details will be displayed in one of two different formats, which is determined by the NameID Format type that you selected.
UltraDNS Users Details
The UltraDNS Users Details section displays the SAML features for your users based upon existing UI Portal details, and the NameID Format field type that you selected during the initial SAML setup request.
-
UltraDNS Current User Details
-
Name – The user’s name on the UI Portal.
-
UDNS Username – The current username for the UI Portal.
-
Email – The current email address for the UI Portal.
-
-
SSO
-
New UDNS Username – Displays what the user’s new UI Portal login will be.
-
API Access Only – Displays if the designated user will ONLY have access to the API. Otherwise, the user will ONLY have access to the UI portal.
-
If you selected Username from the NameID Format drop-down menu, an additional field will appear in the SSO section.
-
SSO
-
SSO Login – Displays what the user’s SSO login will be after the mapping process is complete.
-
Edit Users Details
If any of the user details are incorrect, click the green pencil icon next to the user to update their details accordingly. This is also how you will designate if the user should ONLY have access to the API, or if they will ONLY have access to the UI Portal.
-
Only unique email addresses are allowed. If duplicate email addresses are detected, an error will occur and the SAML Mapping process will be canceled.
-
The email address will directly update the Upon Implementation UDNS Username (the future SSO login credential) field for the user.
Map Users for SSO
Once you have verified that all of your users’ information is accurate, click the Map Users for SSO button. Every user from the list will be selected automatically, which is why it is important for the account owner to review the initial list of users and use the Delete Selected Users option to remove any obsolete users.
A confirmation screen will appear listing the total number of users that are being mapped for SAML, along with the details their details and login credentials. Click the Confirm Map Users button to complete the SAML setup process.
Please only click the Confirm Map Users button once, as doing so multiple times could cause issues with your submission.
Once the confirmation of the SAML submission appears, your request will be processed. At this point, you can log in using the SAML credentials and vanity URL that have been emailed to you.
The SAML process will work around a trial period. Once you have become familiar and comfortable using SAML login to access the UI Portal and manage your users, UltraDNS will remove all of your user’s direct access to the UDNS Portal. Our Customer Support team will reach out to you directly to confirm your readiness to begin using SAML, and have your access to the Portal removed.
User Access and Permissions
For existing users on the UltraDNS Portal, your permissions will remain once your Account Administrator completes the Setup Users for SSO step (before you attempt to log in using the vanity URL).
If the Setup Users for SSO step has not been completed, and you log in using the vanity URL, your account will inherit the Reporter Role permissions upon logging in. The Reporter Role provides only Read Access. Your Account Administrator will need to log in and change your permissions from the UltraDNS Portal.
Creating New Users
Once you have completed the SAML setup, new users are dynamically provisioned from your end. Once you have established a new user’s credentials, they will automatically be enabled for SAML and have the Reporter Role access, which gives them Read Only access. You can change their access if necessary through the UI.
The Invite User feature will only be for granting API access to a user.
Pending Authorization
For an additional security measure for your account, contact Customer Support and request to have Pending Authorization enabled on your account. With this optional feature enabled, any newly created users will be placed into a default system Pending Authorization security group, where the user does not have any permissions to access the Managed Services Portal until an account administrator moves them to a designated security group.
UltraDNS Customer Support contact methods:
-
+1 844-929-0808
-
+1 540-835-5462