Entra as an Identity Provider
Table of Contents
- Prerequisites
- Linking an Entra organization to a DNSimple account
- Linking a DNSimple user to an Entra identity
- Logging in via Entra
- Unlinking an Entra organization from a DNSimple account
- Unlinking a DNSimple user from an Entra identity
- Have more questions?
Using Entra as an identity provider for single sign-on streamlines the login experience for you and your team and helps you manage risk at scale.
Entra as an Identity Provider is only available on Enterprise plans. See our pricing page for more details.
Prerequisites
To proceed with configuring login with SSO through Entra, you must:
- Have Application Administrator access to a Microsoft Entra account.
- Have administrator access to a DNSimple account.
- Be subscribed to a DNSimple Enterprise plan.
Linking an Entra organization to a DNSimple account
DNSimple’s Entra app integration is pending review and is not yet available for installation via the Microsoft Entra App Gallery.
Creating a customer Entra app
For now, you can use Entra as an Identity Provider by creating your own custom Single tenant Entra app integration to work with DNSimple by following these steps. Take note of your Directory (tenant) ID, Application (client) ID, and Client secret.
Adding Redirect URIs
After creating your app, add the Redirect URIs for your new web app using the following URIs:
- https://dnsimple.com/identity_providers/entra/callbacks/users/login
- https://dnsimple.com/identity_providers/entra/callbacks/accounts/link
- https://dnsimple.com/identity_providers/entra/callbacks/users/link
Adding API permissions
Add the following API Permissions to the app:
openidemailprofileUser.ReadUser.Read.AllDomain.Read.All
Consent must also be granted for each API permission.
Configuring DNSimple for Entra SSO
These steps are performed in your DNSimple account:
- At DNSimple, use the account switcher at the top right of the page to select the account you want to link with Entra.
- Return to the account switcher and go to Account Settings.
- Click the Single-Sign On tab on the left side.
- Click Authorize with Microsoft Entra ID to authorize the Workspace.
- Fill in the Entra Tenant ID, client ID, and client secret, then click Link. You’ll need to log in to the Entra Workspace.
Link the account to Entra
After logging in via Entra, you will arrive back on the DNSimple Single Sign-On page with Entra SSO enabled for the account.
If the Entra app is no longer linked (e.g. the access token is revoked), you can re-link the Entra application by clicking Reauthorize.
Access control
You can set the level of DNSimple access for each member under the Members and seats tab in your DNSimple Account settings. For full details, visit Domain Access Control.
Linking a DNSimple user to an Entra identity
When a DNSimple user exists in a DNSimple account before SSO is enabled, they will be required to link their Entra identity to verify ownership of both DNSimple and Entra user accounts. This is done on your DNSimple User settings page.
To link a DNSimple user to an Entra identity:
- At DNSimple, use the account switcher at the top right of the page to go to your User Settings page.
- Scroll down to the Identities card, and click Add next to the Entra identity provider.
- Authenticate your Entra account.
- You can now log in to DNSimple using the linked Entra identity.
Logging in via Entra
You’ll need to link an Entra organization to your DNSimple account before your team members can log in via Entra SSO.
- To log in to DNSimple using Entra, visit https://dnsimple.com/login.
- Click Sign in using Entra.
- Enter the organization Entra domain or tenant ID and click Sign in. The Entra domain is the default/primary domain in the Entra account.
- If you are prompted for your Entra username and password, enter them.
- If your credentials are valid, you will be redirected back to DNSimple and logged in.
If you are not yet a member of the DNSimple account, the account administrator will receive a notification to grant access. Once they have granted access, you will be able to see the DNSimple account’s assets.
If you log out of Entra, you will also be logged out of DNSimple.
Unlinking an Entra organization from a DNSimple account
- At DNSimple, use the account switcher at the top right of the page to select the account you want to unlink.
- Return to the account switcher and go to Account Settings.
- Click the Single-Sign On tab on the left side.
- Click Revoke next to the Entra SSO provider to remove the link from DNSimple to Entra.
Unlinking a DNSimple user from an Entra identity
- At DNSimple, use the account switcher at the top right of the page to go to your User Settings page.
- In the Identities card, click Revoke next to the linked identity.
Have more questions?
If you have any questions or need assistance about using Entra SSO with DNSimple, just contact support, and we’ll be happy to help.