Bolster control and governance with ngrok Account Domain Controls

November 8, 2023
|
5
min read
Matthew Karnowski

Enterprises embracing XaaS products have seen several benefits, including the capacity for rapid scaling, the adoption of a flexible consumption model, and the provision of user-friendly software for their employees. That’s just one side of the story, though. While XaaS products are easy to use and readily accessible, enterprises are confronted with the challenge of maintaining control over usage sprawl across the enterprise. This can ultimately become unmanageable when multiple users in the enterprise use the same SaaS services independently without centralized visibility into account usage. This sprawl not only prevents an enterprise from providing all users with the desired level of functionality but also hinders the enforcement of security and compliance policies. We are delighted to announce the release of our Account Domain Controls feature, which addresses these challenges by equipping IT teams to simplify account management.

Account Domain Controls

Available to customers on the ngrok Enterprise plan, with Account Domain Controls, you can control new user signups through a common account for all users of ngrok by claiming ownership of your domain (such as “example.com”). This account serves as the central hub for all users in the enterprise. Through this account, you can ensure that all users receive the desired level of functionality as well as adhere to enterprise security and compliance policies. New users cannot sign up with their own ngrok accounts. Only available for accounts using SSO, users will be automatically joined into the account once authenticated through the Single Sign-On Identity Provider (SSO IdP).

With the introduction of our Account Domain Controls feature, IT teams can enforce centralized policies such as single sign-on, IP restrictions, and mTLS for endpoints created by users in the enterprise. For instance, you may want to limit ingress to apps in production only to certain IP ranges. Restricting account access is especially critical for delivering apps and APIs in production to ensure only IT-approved accounts have access to the ngrok configurations for these services. 

By consolidating all users into a single ngrok account, IT Ops can:

  • Eliminate account sprawl.
  • Enforce policy through a centrally-managed, IT-controlled ngrok account for all users as well as apps delivered on ngrok.
  • Ensure users across the enterprise have access to all the functionality offered by the plan that has been procured.

How to enable Account Domain Controls

Enabling Domain Controls for an enterprise is a straightforward process. From within the ngrok account, go to Settings→Account on the ngrok Dashboard to submit a request. Submitting a request to restrict new account creation will automatically generate a support request with ngrok. ngrok will investigate this request and contact the requestor within a few business days. The investigation process entails validating the ownership of the domain by requiring you to provide proof. 

New signup and login workflows

Once Domain Controls capability is activated, any user attempting to create a new account or login using an email address will go through the following steps:

New signup flow

       1. When a user attempts to sign up for a new account they will be notified that the domain being used            requires SSO authentication.

         2. After selecting OK, users will be required to choose the appropriate iDP to use for authentication.

         3. Upon logging in through the iDP, the user will be prompted to confirm the account they will be joining.

User Login Flow

For users that have already been provisioned into the account, the login flow is as follows:.  

           1.  Upon accessing https://dashboard.ngrok.com/login, users will select Login with SSO.

           2. Users will then need to provide their email address and select Continue with SSO.

           3. Users will be directed to the appropriate iDP to finish the login process.

Retroactive account consolidation

Enabling domain control does not retroactively consolidate existing accounts. Please reach us at support@ngrok.com if you are interested in account consolidation. 

Take control of your accounts

Account Domain Controls equip enterprises to manage their ngrok accounts effectively and unify users under a single account. This leads to a centralized control, enabling enforcement of enterprise-wide policies by IT. Start delivering production apps and APIs on ngrok by establishing control and governance over your ngrok accounts. Refer to our documentation to learn more. If you have any questions, don’t hesitate to reach out. Connect with us on Twitter, the ngrok community on Slack, or contact us at support@ngrok.com.

Share this post
Authentication
Security
Production