The dmarcian DMARC platform is expanding its SSO capability with support for Okta Single Sign-On (SSO). The importance of SSO cannot be underestimated for large enterprises, allowing authorised users to sign in to the dmarcian platform with their existing corporate credentials - and that means one less password to keep track of. With dmarcian's SSO feature, an enterprise can easily manage SSO access and user permissions to all dmarcian accounts centrally while adhering to the eterprise’s security and access policies.
Before getting into the details for SSO configuration, let’s first talk about some basic concepts and terminology:
Authentication defines how the user is identified in a system – usually through a login process. Traditionally, a user registers for an account providing authentication credentials (username and password) and uses them to log in moving forward.
In the past, this has been sufficient, but it does have limitations. For example, what happens if you have a several employees at your company that you want to grant access to dmarcian? Previously, the only option was to add the employees as new users to your account – each with their own credentials. It is inconvenient for users to remember yet another complicated password, so they tend to use the same password for many registrations in different applications, which increases the chance of having accounts hacked if one authentication is discovered.
Federated identity helps in solving the problem with users having different credentials for the applications they use in your company. Instead of letting each application store user credentials, companies can use a central identity infrastructure (Identity Provider or IdP) and allow third parties to securely authenticate users. This is what led to the birth of federated protocols such as Secure Assertion Markup Language (SAML).
Here are some common terms that we will use in this how-to:
A Service Provider (SP) is the entity providing the service – dmarcian.
An Identity Provider (IdP) is the entity providing identities – Okta ( the process is similar to any other available option that supports SAML).
A SAML Request (also known as an authentication request) is what dmarcian sends to the IdP when a user wants to log into dmarcian.
A SAML Response is generated by the IdP on successful user authentication. It contains information related to the authenticated user, like email for example. This response is sent to dmarcian notifying us who the authenticated user is so access can be granted.
With all the basics laid down we can get our hands dirty – let’s configure SSO!
How-to configure SSO
Step 1 – add dmarcian to your IdP
1. Log into dmarcian and navigate to “Manage Settings”.Click the “Configure” button in the 2. Single Sign-On section under “User Settings & Info”.
3. You will see the new SAML Single Sign-On configuration page where SSO will be disabled by default – enable it.
4. Leave the SSO configuration page open since you will have to copy some information from it while adding dmarcian as a Service Provider to Okta.
5. Follow this official guide to add dmarcian to Okta with the following key notes:
On step 8 – paste the Assertion Consumer Service URL as the Single sign on URL and the Entity ID as the Audience URI (SP Entity ID).
On step 9 – do not forget to add at least the user email as an attribute statement and be sure to save the name you have provided – we will need it later when configuring SSO at dmarcian.
On step 11 – download the Identity Provider metadata file and save it – we will need it too.
Step 2 – set up authentication at dmarcian, modify login URL
Great! Now that you have configured Okta to recognize dmarcian as an SP we can configure the authentication process at dmarcian. We’re almost there – just follow the next steps.
1. Get back to the SAML Single Sign-On configuration page at dmarcian (we’ve left it open in the previous steps).
2. Upload the IdP metadata file directly. Also make sure to fill in the email attribute statement name you’ve set up at Okta.
3. Modify the login URL that users from your company will use to log into dmarcian (optional – we provide some default value if you do not care how the URL looks like).
4. Click Save and if there are no errors – your SSO configuration is complete!
Step 3 – add users, configure access control, notify users of login URL
Although the authentication process is now configured you have to add the users that are allowed to log into dmarcian through your IdP. This is a strict policy that dmarcian decided to follow so provide the enterprise with full control over which users exactly can use the application.
Navigate to Manage Settings -> User Management to organize your user list.
Navigate to Manage Settings -> Access Control to configure what each user can do at dmarcian.
You have successfully configured Single Sign-On with Okta !