This article explains how Single Sign-On (SSO) integrates with 101domain’s security features, including Multi-Factor Authentication (MFA), data privacy, and best practices for Identity Provider (IdP) administration. Understanding these elements will help you maintain a secure and resilient login experience for your organization.
Single Sign-On (SSO) allows you to use your organization’s Identity Provider (IdP) to manage access to your 101domain account. This centralized approach streamlines authentication while ensuring that your existing security policies, such as MFA and access controls, remain in effect. The following sections outline how 101domain leverages your IdP for authentication, protects sensitive account actions, and upholds data privacy standards.
Multi-Factor Authentication (MFA) and Security Checks
101domain relies completely on your Identity Provider (IdP) to handle all aspects of Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) during the account login authentication process, as your IdP is the centralized manager of the corporate identity account access function.
Existing 101domain security features for critical in-account actions remain active even after a successful SSO login.
-
Examples of these actions include:
-
Generating transfer codes
-
Changing nameservers
-
Updating sensitive information
-
These actions may require secondary verification steps if configured.
This layered security approach helps protect sensitive account functions. Additional security features that continue to be available include:
-
IP Account Lock (whitelisting)
-
IP Access Logs
-
Unusual activity notifications
Data Transfer and Privacy
101domain adheres to the principle of least privilege regarding user data. Only the minimum required user attributes (First Name, Last Name, and Email) are requested and mapped via the SSO provisioning process to ensure accurate account linking and provisioning.
All communication and data exchange between 101domain and the Identity Provider utilize secure, encrypted HTTPS channels to protect sensitive data and access tokens.
Best Practices for IdP Administration
To maintain maximum security, your IdP administrator is responsible for regularly rotating the Client Secret generated (if applicable) during the SSO application setup, to mitigate risk exposure.
For resilience against external service disruptions, it is highly recommended that the Primary Account User (PAO) maintains a guaranteed non-SSO login path for the main administrator account.
For example, allow the PAO to log in using either:
-
SSO, or
-
Username/password with 2FA and IP Account Lock enabled.
This approach ensures that, in the event of an IdP outage, administrative access to the 101domain control panel is preserved.
Emergency management or temporary disabling of the SSO feature remains possible.