Document toolboxDocument toolbox

Configuring Domains

Owned by Gary Leicht
Jun 17, 2022
1 min read

The Infoblox SSO Portal > Domains page allows you to view, manage, and verify mastery of the domains you wish to configure for 3rd party IdP or multi-factor authentication.

By default, a domain entry is present when you first log in to the account. This entry matches the company domain that was created with your account. The default domain entry must be mastered before it can be used to configure 3rd party IdP or multi-factor authentication.

Note

You can configure 3rd party IdPs and MFA (multi-factor authentication) only for domains that you master.

To configure domains for your account, complete the following sections.

Adding Domain

In the context of SSO, a domain refers to the web address that is specific to your organization. Specifically, a domain represents the part of an email address that comes after the “@” symbol. The domain signifies the web address associated with an email account. For example, if your organization is named XYZ Corporation and you use the domain xyzcorp.com, your employees’ email addresses might follow this format: firstname.lastname@xyzcorp.com. In this case, xyzcorp.com serves as the custom email domain that is unique to your organization.

To add a domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the Domains page, click Add Domain.
  3. In the Add Domain dialog, enter a domain name.
  4. Click Save & Close.

Proving Mastery of Domain

Once you have added a domain, it is important to verify the mastery of it. The verification not only ensures a secure authentication process, but also prevents other customers from using the same domain.

Domain verification takes place during the initial setup. Once the domain is successfully mastered, it becomes exclusively associated with your SSO Portal. The system does not recheck the TXT record periodically or verify token presence a second time.

To verify mastery of a domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the Domains page, copy the verification token of the target domain.
  3. Open a second browser window and sign in to your domain host account.
  4. Go to your domain’s DNS records. This page title could be one of the following depending on your browser: DNS Management, Name Server Management, Control Panel, or Advanced Settings.
  5. Select the option to add a new DNS record.
  6. For the record type, select TXT.
  7. In the Name/Host/Alias field, enter @ or leave it blank. Your host might require you to enter your domain in this field, which in this example is myseconddomain.com. Your other DNS records might indicate what you should enter.

  8. In the Value/Answer/Destination field, paste the verification token you copied from the Domains page. Ensure that you copy the entire token string to include the prefix infobox-domain-mastery=

  9. Save the record.
  10. Verify that the TXT record has been successfully added as follows:
    1. Wait approximately five minutes for the record to propagate.
    2. You may check if your record is updated by performing a 'dig' command from a terminal.
    3. Run 'dig -t txt <your domain here>' in which <your domain here> is your domain. In this example, the domain is myseconddomain.com.
    4. You should see an output similar to the following:
      ; <<>> DiG 9.14.8 <<>> -t txt myseconddomain.com;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9528
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ; COOKIE: fnjakghvu3q8fj2jfc902jcw9hco9h3bvabeojviowjv0wjf0 (good)
      ;; QUESTION SECTION:
      ;myseconddomain.com.            IN    TXT
      ;; ANSWER SECTION:
      myseconddomain.com.        300        IN    TXT    "infoblox-domain-mastery=fjakldshgniavioajrfoiwhfuihaebvnlwajfoh3iu283ru98g44hiwnvlzkbk"
      ;; Query time: 42 msec
      ;; SERVER: 10.120.3.10#53(10.120.3.10)
      ;; WHEN: Mon Jun 29 09:33:13 PDT 2020
      ;; MSG SIZE  rcvd: 380
  11. Go back to the SSO Portal.
  12. On the Domains page, select the checkbox of the domain to verify (in this example, it is myseconddomain.com).
  13. Click Verify Master. The system checks the TXT record of the selected domain and whether the verification token is present. If the token is in the record, your domain is verified and solely linked to your SSO Portal.