Here are some best practices and tips for organizations managing domains and tenants for your organizations Connect Subscriptions.
Identify / Establish an Authorization Person for your Organization
The first and most important step is to find and designate one person for managing the Authorization Tenant for your organization.
Once this person has been designated, please use the three steps for setting up SSO for your organization:
IMPORTANT – When Managing the tenant – Your designated person will need to create one security group or multiple security groups for each of your locations, departments or organizations who are using Connect. The Directory (Tenant) ID will be configured / identified in Step 2 in the Start Here! Guide.
Is a Domain (already) validated for your Organization?
During step 1 of the Start Here! Guide – Once you have entered the TXT Record and the Domain – Click the Add & Verify button. This will validate the domain and allow you to move to the Identity Providers tab.
IF the Identity Provider portion has already been filled out <as shown below>, your domain has been claimed and is (likely) pointing to a specific security group(s) or a directory of users for your organization.
If this is true - STOP! And proceed to the last step.
What happens if someone enters new information in to the Tenant ID – Client ID – Secret Value – Domain Name?
Any Changes or Input of new information in these fields will result in a redirect of traffic to the newly specified tenant information for your entire organization.
IMPORTANT - If anyone has access to making these changes for your organization and makes changes to their Directory Service in Connect, it will alter this information and change it for ALL Subscriptions using SSO in your organization - Not the subscription they are accessing.
How to identify someone in your organization who has access to this information?
If you have encountered a claimed domain and the information is pre-populated in the Tenant ID, Client ID and Secret Value fields – STOP and Contact our Support Team immediately. Our Support Team can help you identify who in your organization has access to this information and will help you communicate with them.