NS1 supports SAML 2.0 Single Sign On (SSO) for the NS1 Managed DNS portal (https://my.nsone.net) management portal for customers using OneLogin as their Identity Provider (IdP). This guide includes instructions for implementing a custom enterprise application with SAML SSO enabled for your organization, as well as setting up users with role-based access to the NS1 portal.
About OneLogin SSO for NS1
The administrator user associated with the organization’s account creates users and teams—configuring settings and role-based permissions—in the NS1 portal, and then authentication occurs via the OneLogin platform. The integration allows you to include the NS1 application in your organization’s existing SSO solution for added network security and simplified user management.
NS1 supports logins initiated by both the Identity Provider (IdP) or the Service Provider (SP).
- IdP-initiated login allows users to login to OneLogin, and then select the NS1 application to access the NS1 portal.
- SP-initiated login allows users to select an SSO option on the login page for the NS1 portal (https://my.nsone.net).
Once OneLogin SAML SSO is enabled for your organization, all NS1 portal users associated with your account will be able to access the NS1 portal via OneLogin or by selecting the SSO option on the NS1 portal login page.
Step 1: Contact NS1 to request your SSO ID.
An SSO ID is a unique identifier for an NS1 organization. It is required to configure the NS1 application in OneLogin. Contact NS1 customer support by submitting a ticket or emailing email@example.com to request an SSO ID.
Step 2: Add your SSO ID to the NS1 application.
Log into the OneLogin portal, and click Applications.
Under Find Applications, search for NS1.
- Click the application name to view the application details.
Select Configuration from the sidebar menu.
Under Application details, enter the SSO ID provided by NS1.
- Under SAML Encryption, leave the Public Key field blank.
Step 3: Configure user mappings.
An account administrator must configure user mapping based on usernames or email addresses. First, you will need to identify the format of usernames in your account—either a basic text string (ex. jdoe) or an email address (firstname.lastname@example.org). This is indicated by the left-most column in the list of NS1 account users.
In the NS1 portal, navigate to Account Settings > Users & Teams.
Click the Users tab to see a list of all users associated with your account.
Refer to the left-most column (“User” column) to verify the username format.
Example A: List of users with basic username type
Example B: List of users with email username type
In the OneLogin portal, navigate to Applications > NS1, and click Parameters from the sidebar.
If mapping users based on the username, select Username next to the NameID field.
- If mapping users based on the email, select Email next to the NameID field.
Step 4: Use SHA-256 as the SAML Signature algorithm.
Within the NS1 application in the OneLogin portal, click SSO in the sidebar menu.
Under SAML Signature Algorithm, select SHA-256 from the drop-down menu.
Step 5: Send the metadata URL to NS1.
In order to enable SSO for all NS1 users within your organization, you must provide the metadata URL to NS1.
- Still in the SSO tab, scroll down to the Issuer URL. Copy the URL and send it to NS1. You can do this by submitting a support ticket or emailing email@example.com.
Step 6: Adding users to the NS1 application.
OneLogin gives administrators full control over which users are added to the NS1 application.
- In the OneLogin platform, navigate to the Users section.
- Click a user to view the User Info.
- In the Applications tab, click the blue “plus sign” icon to add the user to a new application.
- Select NS1 from the dropdown menu, and click Continue.
- The fields will auto-populate based on your user mapping configuration settings. Review the default information for accuracy, and click Save.
- Repeat this process for all users you wish to add to the NS1 application.
This completes the configuration process. The information below explains the initial sign-in process for account users after the NS1 + OneLogin SSO integration is fully implemented.
Logging into NS1 via the NS1 portal (SP-initiated):
- Navigate to the NS1 portal login page (https://my.nsone.net/#/login), and click Log in with SSO.
- Enter your username and click Log in with SSO. A screen appears prompting you to log into the OneLogin portal.
- Enter your OneLogin credentials and click Continue. You will be redirected to the NS1 portal.
Logging into NS1 via the OneLogin portal (SP-initiated):
- Log in to the OneLogin portal, and click NS1 from the list of applications.