All Collections
User Security Management
SAML Single Sign-On Configuration: Domain Management
SAML Single Sign-On Configuration: Domain Management

Edisen Admins can follow some simple steps to verify domains in their organization before enabling SSO.

Shawn Kucerak avatar
Written by Shawn Kucerak
Updated over a week ago

Edisen is able to provide it's users with SAML based authentication and single sign-on (SSO) access to the application through an identity provider (IdP) of your choice.

Note that we do not support SCIM provisioning at this point.

There are two simple steps to configure and enable Single Sign-On for Edisen users with your company's identity provider:

  1. Verifying a domain

In this article, we will cover the first step, Verifying a domain - via the Domain Configuration panel in Organization Settings.

Verifying a Domain

Verify your company's domain to prove that you own all user accounts, that belong to your Edisen organization, with that domain. Your company's domain is everything that comes after the @ symbol in the email addresses of your user's accounts.

With Edisen, you can use DNS TXT to verify ownership of your domain. Follow the steps to verify your domain:

  1. Login with Admin access to Edisen

  2. Go to Settings page from the left navigation rail.

  3. Click on "Single Sign-On" button on top right of the page.

  4. On the Domain Management tab, click on "generate" button

  5. Copy the TXT record to you clipboard by clicking on "copy"

  6. Go to your DNS host and find the settings page for adding a new record

  7. Select the option for adding a new record and paste the TXT record to the Value field (maybe named Answer or Description)

  8. In your DNS record, enter "TXT" for Record Type, Name/Host Alias: leave the default (@ or blank).

  9. Save the record.

  10. Return to domain configuration page of Edisen and click on "Add Domain" and enter your domain name, click "Verify"

NOTE: public domains (eg; gmail.com, outlook.com, etc) are not permitted for authentication. Users with these domain accounts will still be able to login if they have an Edisen account, but not via SSO.

Domain Statuses and what they mean

Depending on your DNS host, it may take up to 72 hours for your domain to verify and DNS changes to take effect, which is why the domain in the Domains table will have an Unverified status to begin with. Once verification is complete, the domain will change to Active status.

Domain Status

Meaning

Unverified

This is the initial status of a domain before verification is complete.

Active

When verification is successful, the domain will change to Active status.

Pending

When periodic domain verification fails, the domain changes to Pending status.

Inactive

When periodic domain verification continues to fail for 7 days (Pending status for 7 days), the domain changes to Inactive status.

Periodic Domain Verification

After verification is successful, we'll periodically check your DNS host for the TXT record. We do this every 6 hours. If someone deletes or updates the TXT record with incorrect information, we'll send you an email (once every 24 hours for 7 days) letting you know that you have a certain amount of time (7 days) to update the TXT record and redo the verification process. If you don't, your domain will lose its verification status. And SAML single sign-on won't be enabled for any of the domain users and these users will not be able to login with single sign-on.

What happens if you want to change your domain name?

You may want to change your domain name associated with your company for several reasons. When you change your domain name, you're also changing the domain name in your user's email addresses which is the unique user identifier in Edisen. Since we do not provision users with your identity provider using SCIM, changing your domain will not import or replace your organization users.

That means that at this time, you will need to remove existing (old domain) user accounts and manually invite the new domain users.

Or you could contact Edisen support and we will replace the domain name for your existing organization users to new domain.

How do you change your domain name?

We only allow deleting and adding domains. So this means that you would need to delete the old domain and then add a new domain and follow the same verification process as above.

Verifying multiple domains

You can verify multiple domains under a single organization. All you need to do is to repeat the steps on this page with each domain that you want to verify.

Another organization already verified the domain

If someone else has already verified the domain, we'll display a warning message letting you know. In this situation, someone at your company might have verified the domain under another organization. We recommend that you find an admin of that organization and ask them to remove the domain from its list of verified domains.

Note that it's not possible to verify domains that you don't own. If you'd like users login to Edisen via SSO that you have setup, you could ask them to change their email address to a domain that you can then verify and you could send an invitation to create an Edisen account to that email.

Full-screen view of the article:

Hope you found this article useful. Please feel free to give us feedback, comments or reach out for questions at edisentickets@onevigor.tv

For submitting a support request, please see this article https://app.intercom.com/a/apps/ajhtc3bt/articles/articles/3168393/show

Did this answer your question?