Add System Users - Role Based Access
ScoutDNS supports Role Based Access allowing multiple operators within a single account to access the system. This article describes configuring role-based access direct in ScoutDNS.
To configure and manage role-based access from Entra ID please see Entra ID SSO integration.
For MSPs and multi-tenant accounts that which to grant access to third party accounts you can do this with Organization Operators.
Roles
There are four internal roles in any account.
Super Admin: One per account. Can create and remove and users. Has access to create, edit, and view all objects
Admin: Can create and remove all users accept Super Admin. Has access to create, edit, and view all objects
Service Desk: Can edit Allow/Block lists and has Viewer rights to all objects. Cannot edit or create other objects.
Viewer: Cannot create or remove users. Has access to view only all objects.
Create New Operator Account
To create a new operator account in the access management page, simply select "New". You may then input an email address, first and last name, as well as select the role level desired. If an email is associated to an existing operator account within our system, they will now be linked/associated to your account with the role selected. If the email has never been used with ScoutDNS, a new account is created with the selected role level.
Important: Once you have created or linked an existing operator account, you will no longer be able to edit the user details. Only operators themselves can edit their name or email information. You are still able to change role or revoke access to the account at any time.
Revoke Access
You can revoke access to any operator account which will remove access to your tenancy. To revoke a user, simply select the user then choose "Revoke Access" under the user's name.
Change Super Admin Account
Only the Super Admin can transfer the Super Admin role to an existing Admin account by selecting "Promote New Super Admin" at top of the Access Management page. Once an existing Admin is selected to assume the role, the existing Super Admin will be downgraded to Admin. The account can remain as Admin or access can be revoked.
Related Articles
Configure AD (Active Directory) Polices
ScoutDNS supports policy by user groups as synced from Active Directory. This can be helpful when admins desire policy decisions to follow the user regardless of the device and device profile in use. This guide walks through how ScoutDNS performs the ...Prevent DNS Work-Around for Users
Some users on your network may try to bypass ScoutDNS resolvers by changing the DNS servers in their device network settings when allowed. This can result in undesired content access on network assets along with increased security risk. The good news ...API Access
API access is available to certain account types. API access gives admins the ability to self manage API tokens for access to the standard ScoutDNS Operator API. This help article is about the public operator API. For any other API access such as the ...Organizations - Configuration and Management of Multi-Tenant Use
ScoutDNS provides two levels of tenancy. The primary inherent level allows any operator to be a member of any number of accounts and could have different roles depending on each account setting. The second level enabled though the Organizations tab ...Single Sign On (SSO) Configuration - Entra ID
Entra ID SSO Enabling Single Sign On (SSO), allows admins to manage access for their instance through Entra ID SSO. ScoutDNS uses the Open ID Connect (OIDC) protocol for secure commination with Entra ID. SSO will disable all existing ScoutDNS ...