Add System Users - Role Based Access
ScoutDNS supports role-based access, allowing multiple operators within a single account to access the system. This article describes how to configure role-based access directly in ScoutDNS.
To configure and manage role-based access from Entra ID please see Entra ID SSO integration.
For MSPs and multi-tenant accounts that which to grant access to third party accounts you can do this with Organization Operators.
Roles
There are four internal roles in any account.
Super Admin: One per account. Can create and remove and users. Has access to create, edit, and view all objects
Admin: Can create and remove all users accept Super Admin. Has access to create, edit, and view all objects
Service Desk: Can edit Allow/Block lists and has Viewer rights to all objects. Cannot edit or create other objects.
Viewer: Cannot create or remove users. Has access to view only all objects.
Create New Operator Account
To create a new operator account on the Access Management page, simply select "New." Then, enter an email address, first and last name, and choose the desired role level.
If the email is associated with an existing operator account in our system, it will be linked to your account with the selected role. If the email has never been used with ScoutDNS, a new account will be created with the chosen role level.
Important: Once you have created or linked an existing operator account, you will no longer be able to edit the user details. Only operators themselves can edit their name or email information. You are still able to change role or revoke access to the account at any time.
Revoke Access
You can revoke access to any operator account which will remove access to your tenancy. To revoke a user, simply select the user then choose "Revoke Access" under the user's name.
Change Super Admin Account
Only the Super Admin can transfer the Super Admin role to an existing Admin account by selecting "Promote New Super Admin" at the top of the Access Management page. Once an Admin is selected to assume the role, the current Super Admin will be downgraded to Admin. The account can remain as an Admin or have its access revoked.
Related Articles
Configure AD (Active Directory) Polices
ScoutDNS supports policy enforcement by user groups synced from Active Directory. This is useful when admins want policy decisions to follow the user regardless of the device or device profile in use. This guide explains how ScoutDNS syncs with ...Prevent DNS Work-Around for Users
Some users on your network may attempt to bypass ScoutDNS resolvers by changing the DNS servers in their device network settings. This can lead to unauthorized content access on network assets and increase security risks. Fortunately, DNS bypassing ...API Access
API access is available for certain account types, allowing admins to self-manage API tokens for the standard ScoutDNS Operator API. This help article covers the Public Operator API. For access to other APIs, such as the OEM API, please contact ...Setup and Use Guide for MSPs
ScoutDNS is built for Managed Service Providers (MSPs) to deliver robust DNS protection to their customers and end users. Setup is straightforward, thanks to our object-based configuration approach. Here is a brief outline of what this guide covers. ...Organizations - Configuration and Management of Multi-Tenant Use
ScoutDNS provides two levels of tenancy. The primary inherent level allows any operator to be a member of any number of accounts and have different roles depending on each account's settings. The second level, enabled through the Organizations tab, ...