Logging in to Digital Pigeon using SSO can be sorted into two categories:
- Service Provider (SP) Initiated sign-in:
- Using the Digital Pigeon App (macOS / iOS / Windows)
- Using a web browser and logging in to https://digitalpigeon.com/login
- Identity Provider (IdP) Initiated sign-in:
- Logging in to your IdP portal (e.g.: Azure or Okta) and clicking the Digital Pigeon app
- Using an embedded IdP App link
By default, only IdP-Initiated sign-in is possible for new SSO users that have not logged in to Digital Pigeon before. However, some users may not be familiar with using IdP-initiated sign-in, and be confused with the 'Wrong email and password combination' error message that they receive when they try to log in to Digital Pigeon using SP-Initiated sign-in.
In this scenario, to enable SP-Initiated sign-in, new users must be pre-created within Digital Pigeon by an Admin or Owner. In large environments this administrative overhead may be an unwanted and time consuming process.
Now, you can prove ownership of a domain. Once this is completed, SSO is activated for all users of that email domain for both SP-Initiated sign-in as well as IdP-Initiated sign-in.
Before you start:
- You need to have permissions to edit the DNS configuration of your email domain
- Be aware that you will likely not want to proceed if you have users from your email domain that are spread across multiple Digital Pigeon accounts, as all users will be forced to log into the Digital Pigeon account that claimed the domain (that is, assuming they successfully completed IdP authentication and DP app authorisation).
To prove ownership of a domain, follow these steps:
- Sign in to your Digital Pigeon account as an Owner, using the SAML bypass link: https://digitalpigeon.com/login?samlBypass=true
- Navigate to the Account Settings | SSO tab
- Copy all the text within the Domain Ownership field, including the quotes.
- Create a DNS TXT record for your domain:
- Record Name: _digitalpigeon-challenge.yourcompany.com
- Record Type: TXT
- Value: what you copied from Step 3 (including the quotes)
- TTL: 300 seconds (or whatever time period you prefer)
- Once this has been completed, ensure you can resolve this TXT record before continuing, using online tools such as: https://mxtoolbox.com/txtlookup.aspx
- Back in Digital Pigeon in the Account Settings | SSO tab, scroll down to the SAML Provisioning Settings
- In the Domain field, enter the domain you want to claim that was part of the record name you created in step 4, e.g.: yourcompany.com
- Click the Save button to submit the changes.
Congratulations, you have now proven ownership of your domain!