SSO Setup Guide

DMARC Defender supports Single Sign-On (SSO) using both SAML and OIDC protocols. This guide will walk you through the steps to set up SSO for your organization, allowing your users to log in using their existing credentials from your identity provider (IdP).
To get started, go to your organization setttings and scroll down to "Single Sign-On". You can configure either SAML or OIDC SSO for your organization.
Once SSO is setup, you can either log in with IDP Initiated SSO, or log in at /login-sso.

GSuite SAML Setup Guide

To set up SAML SSO with GSuite, follow these steps:
SAML Configuration for GSuite on DMARC Defender

SAML Configuration for GSuite on DMARC Defender

SAML SSO Setup Steps in GSuite Admin Console

SAML SSO Setup Steps in GSuite Admin Console

  1. In your GSuite Admin Console, navigate to "Apps" > "Web and mobile apps" and click "Add App" > "Add custom SAML app".
  2. Enter an application name (e.g. "DMARC Defender") and click "Continue".
  3. On the "Google IdP Information" page, note the "SSO URL", "Entity ID", and download the IdP metadata XML file. You will need this information to configure DMARC Defender.
  4. Click "Continue" to go to the "Service Provider Details" page. Here, you will enter the ACS URL and Entity ID from DMARC Defender. You can find this information in the SSO settings page in DMARC Defender. Click Save.
  5. Go back to the GSuite dashboard for DmarcDefender and click "User Access". Make sure to select "ON for everyone" to allow all users in your GSuite organization to access DMARC Defender using SSO.
  6. Wait a few minutes for the changes to propagate, then try clicking "Test Login" in the GSuite dashboard. If that is successful, try to log in to DMARC Defender at /login-sso with your domain. If that also works, then you have successfully set up SSO with GSuite!

Okta SAML Setup Guide

To set up SAML SSO with Okta, follow these steps:
Create a SAML app in Okta

Create a new SAML application in Okta.

Configure Okta SAML settings

Set the Single sign-on URL, Audience URI, Name ID email format, and Application username.

Okta sign-on details

Copy the Okta SSO URL, issuer, and signing certificate back into DMARC Defender.

DMARC Defender SAML settings for Okta

Fill in Idp Entity ID, Entry Point, and the signing certificate from Okta into DMARC Defender, then save the provider.

Validate domain in DMARC Defender SSO settings

After saving the SAML provider, validate your domain by setting a DNS TXT record.

  1. Create a new SAML 2.0 application in Okta.
  2. In Okta, set the ACS URL and Audience URI to the values shown in DMARC Defender.
  3. Use email address as the Name ID and assign the app to the users who should be able to sign in.
  4. Copy the Okta SSO URL, issuer, and signing certificate into DMARC Defender, save the provider, and test sign-in at /login-sso.

Auth0 OIDC Setup

To set up OIDC SSO with Auth0, create a regular web application and copy the Auth0 issuer, client ID, and client secret into DMARC Defender.
Create an Auth0 application

Create a Regular Web Application in Auth0.

Auth0 client credentials

Copy the client ID and client secret and domain (as URL) from Auth0 into DMARC Defender.

Auth0 OIDC settings in DMARC Defender

Fill in the Auth0 domain, client ID, and client secret into DMARC Defender, save the provider.

Auth0 callback URL configuration

Make sure to add the DMARC Defender callback URL as an allowed callback URL in your Auth0 application settings.

Support

If you run into any issues setting up SSO, please reach out to our support team at support@dmarcdefender.io.