Multi-Factor Authentication (MFA) adds a second verification step for direct UltraDNS Managed Services Portal logins.
UltraDNS supports SMS MFA and QR Code MFA for users who log in with a portal username and password.
SAML/SSO is a separate authentication option for accounts that authenticate through an Identity Provider (IdP). MFA and SAML/SSO cannot be enabled together.
MFA must be disabled at the account level and user level before SAML can be configured and used.
MFA Options
UltraDNS supports the following MFA methods for direct portal login:
- SMS Multi-Factor Authentication
- QR Code Multi-Factor Authentication
When either MFA method is enabled, each future login requires a six-digit verification code after the username and password are entered.
Before You Begin
- Use MFA only for users who log in directly to the UltraDNS Managed Services Portal.
- If your account will use SAML/SSO, disable MFA before beginning SAML setup.
- For SMS MFA, confirm that the user's
Mobile Numberis valid and uses E.164 format, without spaces or dashes. - For QR Code MFA, install or open a supported mobile authenticator application before enabling MFA.
Enable SMS MFA
SMS MFA sends a six-digit verification code to the mobile number configured in the user's profile.
- Log in to UltraDNS .
- Click My Profile.
- Confirm that the Mobile Number field contains a valid number in E.164 format, without spaces or dashes.
- Click Save.
- Click the Security Preferences tab.
- In the Select Multi-Factor Authentication (MFA) section, select SMS.
- Enter the six-digit verification code sent to the configured mobile number.
- Click Submit.
After SMS MFA is enabled, future login attempts require the six-digit verification code sent to the configured mobile number and an email confirmation is also sent to the email address on file.
Enable QR Code MFA
QR Code MFA uses a mobile authenticator application to generate the required six-digit verification code and common authenticator applications include Google Authenticator, Microsoft Authenticator, and Authy.
- Install or open a QR code-based mobile authenticator application.
- Log in to UltraDNS .
- Click My Profile.
- Click the Security Preferences tab.
- In the Select Multi-Factor Authentication (MFA) section, select QR Code.
- Scan the QR code displayed in the portal using the mobile authenticator application.
- Enter the six-digit verification code generated by the authenticator application.
- Click Submit.
After QR Code MFA is enabled, future login attempts require a six-digit code from the configured authenticator application and an email confirmation is also sent to the email address on file.
Disable MFA
Disable MFA when a user no longer needs MFA for direct portal login, or when MFA must be turned off before SAML/SSO setup.
- Log in to the UltraDNS Managed Services Portal.
- Click My Profile.
- Click the Security Preferences tab.
- In the Select Multi-Factor Authentication (MFA) section, select None.
A confirmation message appears after MFA is successfully disabled.
MFA Support
Contact Customer Support if any of the following apply:
- The mobile phone number on the account is incorrect.
- The user no longer has access to the configured mobile phone number.
- The mobile phone number is valid, but the verification code is not received.
- The user cannot complete MFA enrollment or login with the configured MFA method.
SAML/SSO Requirements
Security Assertion Markup Language (SAML) provides authentication and authorization services for customers using an Identity Provider.
SAML creates a Single Sign-On relationship between the customer's Identity Provider and the UltraDNS Managed Services Portal.
SAML/SSO and MFA cannot be enabled together, and before configuring SAML, MFA must be disabled at both levels:
- Account-level MFA
- User-level MFA
To begin SAML setup, review the SAML Quick Start Guide .
Expected Outcome
- Users with SMS MFA enabled receive a six-digit verification code on the configured mobile number during direct portal login.
- Users with QR Code MFA enabled enter a six-digit code from their authenticator application during direct portal login.
- Users preparing for SAML/SSO have MFA disabled before SAML configuration begins.
Important Notes
- MFA applies to direct UltraDNS Managed Services Portal logins.
- SAML/SSO authentication occurs through the customer's Identity Provider.
- MFA and SAML/SSO cannot be enabled together.
- If account-level MFA is required for all users, account-level MFA must also be disabled before SAML/SSO can be configured.