Page tree

Contents

The Infoblox SSO Portal -> Domains page allows you to view, manage, and verify mastery of the domains you wish to configure for 3rd party IdP or multi-factor authentication.

By default, a domain entry is present when you first log in to the account. This entry matches the company domain that was created with your account. The default domain entry must be mastered before it can be used to configure 3rd party IdP or multi-factor authentication.

Note

You can configure 3rd party IdPs and MFA (multi-factor authentication) only for domains that you master.

To configure domains for your account, complete the following:

  1. Add a domain
  2. Prove mastery of a domain 

Adding Domain

To add a domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the Domains page, click Add Domain.
  3. In the Add Domain dialog, enter a domain name.
  4. Click Save & Close.

Proving Mastery of Domain

To prove mastery of a domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the Domains page, copy the verification token of the target domain.
  3. Open a second browser window and sign in to your domain host account.
  4. Go to your domain’s DNS records. This page title could be one of the following depending on your browser: DNS Management, Name Server Management, Control Panel, or Advanced Settings.
  5. Select the option to add a new DNS record.
  6. For the record type, select TXT.
  7. In the Name/Host/Alias field, enter @ or leave it blank. Your host might require you to enter your domain in this field, which in this example is myseconddomain.com. Your other DNS records might indicate what you should enter.
  8. In the Value/Answer/Destination field, paste the verification token you copied from the Domains page.

    Note

    Ensure the you copy the entire token string to include the prefix infobox-domain-mastery=
  9. Save the record.
  10. Verify that the TXT record has been successfully added as follows:
    1. Wait approximately five minutes for the record to propagate.
    2. You may check if your record is updated by performing a 'dig' command from a terminal.
    3. Run 'dig -t txt <your domain here>' in which <your domain here> is your domain. In this example, the domain is myseconddomain.com.
    4. You should see an output similar to the following:
      ; <<>> DiG 9.14.8 <<>> -t txt myseconddomain.com;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9528
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ; COOKIE: fnjakghvu3q8fj2jfc902jcw9hco9h3bvabeojviowjv0wjf0 (good)
      ;; QUESTION SECTION:
      ;myseconddomain.com.            IN    TXT
      ;; ANSWER SECTION:
      myseconddomain.com.        300        IN    TXT    "infoblox-domain-mastery=fjakldshgniavioajrfoiwhfuihaebvnlwajfoh3iu283ru98g44hiwnvlzkbk"
      ;; Query time: 42 msec
      ;; SERVER: 10.120.3.10#53(10.120.3.10)
      ;; WHEN: Mon Jun 29 09:33:13 PDT 2020
      ;; MSG SIZE  rcvd: 380
  11. Go back to the SSO Portal.
  12. On the Domains page, select the checkbox of the domain to verify (in this example, it is myseconddomain.com).
  13. Click Verify Master. The system checks the TXT record of the selected domain and whether the verification token is present. If the token is in the record, your domain is verified and solely linked to your SSO Portal.
  • No labels

This page has no comments.