Setup and Use Guide for MSPs

ScoutDNS is built for Managed Service Providers (MSPs) to deliver robust DNS protection to their customers and end users. Setup is straightforward, thanks to our object-based configuration approach. Here is a brief outline of what this guide covers. 

Want to get into quick testing for your trial?
Just use the quick start setup guide to deploy sites or roaming clients for testing. You can reference this guide later for actual tenant deployment.

Setup Overview

1. Create Global Objects – Start by defining global policy templates and allow/block lists. These will serve as the foundation for your configurations.
2. Add Tenants – In the Organizations tab, name the individual tenants for the businesses you manage.
3. Configure Deployments – Create control point objects and assign appropriate settings based on deployment needs:
1. Sites for WAN/LAN configurations
2. Profiles for roaming client deployments
3. Personas for Active Directory (AD) or Entra ID group-based filtering
4. Invite Internal (your team) and External (third party/co-managed) system users

Key Assignment Structure

1. Non-global Allow/Block are set to individual policies.
2. Policies are assigned to networks (Sites), devices (Profiles), or AD/Entra ID user groups (Personas).
   

See more details on configurable objects and their associations. 

Step 1 - Create Global Objects

To get started, we need to create global objects and templates. 

Create Global Allow/Block List 

Configure Global Allow/Block lists to manage domains you want to control across all policies for all tenants. This is commonly used to ensure your important tools are always allowed even when blocking some application types for added security. We will configure organization or policy specific allow/block lists later.

Create Template or Global Policies

Create Template policies to act as your baseline policies. These can be used as global policies across multiple accounts or can be copied into customer specific policies as needed. We will create organization specific policies later. 

Configure default Block Page

Edit the default block page to add your logo instructions as needed. We will configure customer specific block pages later. 

Step 2 - Add Tenants

ScoutDNS is a multi-tenant platform that enables easy segmentation for deployments, management, and reporting while still providing global-level visibility and control when needed. Use the tenant selector at the top right to toggle between All Organizations or a specific organization. Your selection will adjust the view of any tab or object accordingly.

From All Org View

The Organizations tab itself is only available from the All Organizations view. Start here to create your organizations/tenants. 

Create Organization

Create and name your organizations.

Create organization based custom block pages (if needed)

You can configure customer or co-branded block pages to use as needed.

From Tenant/Org View

You can create any object from the All Organizations view; however, doing so requires manually linking key objects like profiles and sites to their respective organizations, as there is no automatic way to determine which tenant they belong to. A better approach is to first select the organization from the tenancy selector and then create objects within that specific organization's view. This ensures the object is automatically linked to the organization and applies organization tags to policies, allow/block lists, and other relevant objects. This is important because it enables external Organization Operator Managers to edit these objects.

Create customer specific allow/block list (if needed)

You can create customer specific allow/block lists that can be assigned to customer specific policies. These can be used to allow list customer specific applications or manage block lists for specific tenants.  

Create Organization specific polices (if needed, can be copied from templates)

Create customer specific policies. Otherwise, you can just assign your global policies/template as desired.    

Step 3 - Configure Deployments 

You can create and configure deployments based on what and how you want to filter. 

Create/Deploy Sites

Configure sites to set DNS at the WAN or LAN network levels at office or site locations. This is great for BYOD/guest users, headless devices, or any other devices that will not be using the roaming clients.  

Create/Deploy Roaming Clients

Configure Roaming Clients to install on Windows and MacOS devices for use in and out of the office/site locations. 

Create/Deploy User/Group based polices (if desired)

Configure Personas if you need to set different content policies based on end user groups as defined in Active Directory or Entra ID. 

Step 4 - Invite Internal and External Users 

Invite Internal Users

ScoutDNS provides role-based access for your internal teams. You can manage your team's access direct in ScoutDNS, or within Entra ID.

Add role-based users (Through ScoutDNS)

Or

Configure SSO (Through Entra ID)

Invite External Users (Org Operators)

Org Operates are external third-party users with limited access rights that are assigned on a per organization level. This is mainly used for co-managed IT environments. 

Step 1) Verify Organization tags to configurable objects 

You will need to ensure any configurable objects that you wish for Org Operators to edit have organization tags. 

Step 2) Create Org Operators 

Create and assign roles within the Access Management tab. 

Subscribe to Platform Notices

You can monitor platform notices and subscribe to updates from our status page located: status.scoutdns.com.

Subscribe to receive notifications about systemwide issues and maintenance windows for major releases and updates. 

• Related Articles

• Quick Start Setup Guide - WAN Forwarding

  There are three methods you can use to protect your networks and users with ScoutDNS: 1) WAN Forwarding – This method involves configuring ScoutDNS with your WAN IP address and forwarding DNS queries from inside your network to our anycast resolver ...

• Relay - Setup and Configure

  ScoutDNS supports a Relay configuration, allowing operators to install a lightweight service within their network. The relay acts as a local forwarding resolver, processing internal queries while forwarding public queries to the ScoutDNS cloud ...

• Organizations - Configuration and Management of Multi-Tenant Use

  ScoutDNS provides two levels of tenancy. The primary inherent level allows any operator to be a member of any number of accounts and have different roles depending on each account's settings. The second level, enabled through the Organizations tab, ...

• Roaming Clients / Device Agents - Setup, Configure, and Manage

  ScoutDNS provides device agents for organizations that wish to protect devices with DNS-layer security both on and off the network. The ScoutDNS device agent is an extremely lightweight application, best installed on managed devices where ...

• Dynamic IP Setup

  ScoutDNS supports dynamic DNS IP address integration with most dynamic DNS providers. Popular Dynamic DNS solutions include: No-IP ChangeIP DynDNS FreeDNS Once you have an account with one of these or a similar solution, you can configure ScoutDNS to ...