DocumentationAPIChangelogFree TrialLog in

Account security

Learn how to enforce Dashboard & API security access.

Suggest Edits

📘

Enforce account security

When dealing with user access to the Dashboard and API, you may consider adding an extra layer of security. Here you will find a way to restrict access to both Dashboard & API only to the IP addresses you specify.

You will also learn how to activate your email notifications to receive information about events occurring in your configuration, in few seconds. Email notifications is a very useful feature when you're away from the Dashboard while important events have occurred.

🚧

Plan restriction

This feature is only available for Corporate and Enterprise plans.

This page focuses on how to setup the following:

Dashboard access IP restriction

🚧

Caution

When this feature is enabled, the Dashboard access will be restricted to the list of allowed IP addresses

Here you can input the IP address to be allowed.
Simply click on the "Add" button to input an IP address:

After you click "Confirm", you will be able to see the IP address in the following list:

From here, you simply need to activate the list by clicking on the toggle button.

API access IP restriction

❗️

Caution

This restriction will be applied to both APIs: the Protection API and the Management API

🚧

Caution

When this feature is enabled, the API calls will be restricted to the list of allowed IP addresses

The same principle applies here. You can add the IP address to be allowed:

When your IP address is added and confirmed, you can then activate the list by clicking on the toggle button:

Email notifications

All the events listed below will trigger an email notification to all the users with admin rights:

  • Global protection Status Toggle: if the status of global protection has changed
  • Endpoint protection Status Toggle: if the protection status of one of your endpoints has changed
  • User invitation: each time a new user is provided access to your DataDome Dashboard
  • User role edition: each time a user role is changed
  • User deletion: each time a user account gets deleted
  • Failed login attempt: each time a known user of your DataDome Dashboard failed to connect
  • Deactivation of email notifications: whenever the email notifications are turned off

To activate the email notifications, click on the toggle button as shown below:

Enforcing Two-Factor Authentication for all users

🚧

Caution

You must activate Two-Factor Authentication on your personal profile before you can enforce it for all users.

Switch the toggle button to the "ON" position. On their next login attempt, all users will be directed to a mandatory screen with a prompt to enable Two-Factor Authentication (2FA) on their profile. They will not be able to access the Dashboard until they have enabled 2FA.

888

Enabling Single Sign-On (SSO)

🚧

Plan restriction

This feature is only available to Enterprise plans.

📘

Multiple workspace owner

The SSO configuration can only be manage through your parent workspace.

DataDome supports 3 types of SSO:

  • SAML 2.0
  • Microsoft Entra ID
  • Open ID Connect

We support any Identity Provider compliant with SAML 2.0, such as Okta, Bitium, OneLogin, Centrify, etc.

Automatic login from your Identity provider

To allow users to log in directly from your Identity Provider on the DataDome Dashboard, you can:

  • if you use SAML 2.0 enable the IdP-Initiated Login option:

  • for Entra ID and Open ID Connect, just use the URL at step 2 called "Initiate login URL" and past it into your IdP configuration

Configuring domain

🚧

Domain for multiple workspace

The verified domain will be active for all your current workspace.

It means that an user will be able to access any of your DataDome workspaces on which he has been added.

Follow step 3 to add any domain you need, associated with your SSO configuration.

FAQ when configuring SSO

  1. Which name do I need to choose for my configuration?
    You can choose any name
  2. Where am I supposed to add the CallBack URL?
    Depending on what IdP you are using, sometimes it's called "Initiate Login URI" on OKTA with OpenID Connect, "PostBack URL", "Sign On URL" on Microsoft Entra ID, or "Login URL" on JumpCloud.
  3. Can I add multiple configurations?
    Yes, you can add several SSO configurations, useful if you need to switch from one configuration to another. Please remember that you can have only 1 enabled simultaneously.
  4. Can I add several domains to my configuration?
    Yes, you can add several domains per SSO configuration. Please note that all these domains will be enabled for all your DataDome workspaces.

Updated 15 days ago