Dotcom-Monitor supports SSO login using SAML 2.0.

Generally, we recommend you do not include a Dotcom-Monitor user into several groups with different permission levels. However, if a user belongs to two or more user groups in Dotcom-Monitor, the group with the lowest permission level will take precedence on groups with higher permissions. For example, if a user belongs to the Viewer (Read-only) and Power User groups simultaneously, it is the Viewer role permissions that will be applied upon SSO login.

Here are the steps required to enable SSO with Active Directory FS (ADFS) and AZURE Active Directory (Azure AD) as the Identity Providers. Also, the step-by-step guides for OKTA SAML integration are provided.

  • SSO with Active Directory FS

  • SSO with AZURE Active Directory

  • SSO with OKTA

Configuring SSO for Departments

If you have a Department created for the Dotcom-Monitor account, you can configure SSO users logging in to it.

To enable SSO for Departments, add the department name as a suffix to the name of the group or role reserved for Dotcom-Monitor purposes in AD. Use a double hyphen as a separator:

<Group Name>–<Department Name>

For example, to allow a user to log in to the “AlphaDep” department as a Power User you need to add the following suffix to the Dotcom-Monitor_Power_Users AD Group:

«Dotcom-Monitor_Power_Users--AlphaDep»

To change an ADFS Group name, right-click the group and select Rename. Once renamed, change the pre-Windows 2000 name as well in the pop-up box or from Properties > General > Group Name (pre Windows 2000).

You can also add several departments names one by one using the same format. For example:

«Dotcom-Monitor_Accounting_Users--AlphaDep--BetaDep--Department3»

To allow users logging in to the root account, specify a relevant AD Group without a department suffix as was described above:

«Dotcom-Monitor_ReadOnly_Users»

If a user is included in several «Dotcom-Monitor_» AD Groups with configured SSO for Departments, logging in to all corresponding Departments will be enabled (if the Departments exist in the Dotcom-Monitor account).