Setting up Single Sign-On (SSO)

By setting up Single Sign-On (SSO), your team members will be able to log in to their DMARCwise accounts using the account and credentials they already have on the Identity Provider of your company (e.g. Microsoft Entra ID, Okta, etc.).

SSO is currently available on the following subscription plans:

• Growth
• Scale

You can use any Identity Provider that supports the SAML 2.0 protocol.

SSO in DMARCwise was tested with:

• Microsoft Entra ID (setup guide)

If you use another Identity Provider, please reach out and we’ll prepare a specific setup guide.

Enabling SSO

To enable SSO for your organization:

• Navigate to the SSO settings page.
• Click Configure
• Use the provided information (Entity ID and Assertion Consumer Service (ACS) URL) to configure a new SAML app in your Identity Provider and click Next.
• If your Identity Provider supports configuration through a metadata URL, enter the URL of the metadata file and confirm with Enable SSO.
• Otherwise, switch to the Manual tab and enter the Identity Provider Entity ID, SSO/Login URL and Certificate (PEM format). If you’re unsure how to proceed, please contact support.

Access control

After enabling SSO, all users authorized by your Identity Provider will be able to log in and automatically join your organization, without the need of sending them invitations.

Use the access control settings of your Identity Provider to limit who can use the DMARCwise application.

Logging in with SSO

To log in with SSO, your users will need to use a dedicated SSO login page:

• If your team members already have an account on DMARCwise, they can click the Login with SSO button on the login page and follow the instructions to get to the correct login page.

• If your team members don’t have an account on DMARCwise yet, open the Members page in the settings and you’ll find a form to invite them by email.

  • After the first login, they’ll be able to log in as in the previous point.
  • You can also provide them with the SSO login URL manually: the invitation form is just a shortcut to save you time.

Enforcing SSO

After enabling SSO, existing users in your DMARCwise organization will still be able to log in with their password credentials, including you.

Make sure you log out and test the SSO login so that your administrator account is linked with an SSO user.

Check the Members page to see the SSO status of the users of the organization.

Once you activated SSO for your user, you can enforce SSO for all members by enabling the Require SSO for all members option. Users won’t then be able to log in with a password anymore. Disable the option and users will be immediately able to log in with their password again.

Default role

When new users join your organizations through SSO, they’ll be given a default role.

By default, the default role is set Member. Change the Default role for new members setting to change that.

The default role is used only when creating a new account: if you then change the role of the user in the Members page it won’t be overriden. The same applies if the role is passed by your SSO Identity Provider.

Roles synchronization

If your Identity Provider allows it, you can set application roles in the Identity Provider and DMARCwise will automatically assign and synchronize the role when the user logs in to DMARCwise with SSO.

User deactivation

If you disable access to the DMARCwise application in your Identity Provider, the user won’t be able to log in with SSO to DMARCwise anymore.

Note that existing user sessions in DMARCwise won’t be logged out, so the user may still be able to access the data for a few days. SSO sessions in DMARCwise expire after 3 days.

To revoke access to the user immediately, go to the Members page and click the Remove button next to a specific team member.

Single Logout

Single Logout (SLO) is not supported. Please reach out if you require this feature.