Dyn’s Managed DNS product allows you granular control of your user permissions. Only want to give a user access to a single zone? We have you covered. Want to require two-factor authentication for all of your users? Check that off as well. Have multiple users that require identical permissions? We have predefined (or custom) group permissions available for simple permission updates. Don’t want users adding advanced services to your zones? These and many more configurations are available within your account.
Before you get started with any of these modifications, you’ll need to understand some fundamentals in regards to the Full Administrator on the account, and that’s what we’ll focus on here. The very first user in your account and the one who calls the shots is the Full Administrator. To protect the security of your DNS records, there will only be one Full Administrator, although other users can be granted admin like permissions and we’ll talk about this a bit more later. You will want to be sure that the Full Administrator information is always updated with correct contact information.
Why is it necessary to keep the Full Administrator information up to date? First, they control the access of all other users in the account. They are also the point of contact for our support teams should another employee ever need a two-factor authentication (2FA) reset or request updates to their permissions. Password resets may be referred to them as well. The Administrator also has the ability to update the payment method on file.
What if the Full Administrator plans to leave or has moved on to another role in the company? They can easily transfer their permissions to a new or existing user. You can read about how to accomplish this in our Help Guide here.
Of course, we can’t always be prepared for an employee departure. If the Full Administrator has already left the company, our world class support team is here to assist! Our qualified technicians will work with you to verify contacts, ensure the security of your account and make the necessary changes.
Don’t like the idea of the Full Administrator doing all this work? Or what if the Full Administrator purchases a new cell phone and needs a 2FA reset themselves? Don’t fear! They can grant these permissions to other users to delegate responsibilities. In fact, we recommend that you do so for redundancy. To get started with adding admin-like permissions for additional users, please visit our Help Guide here.
The important permissions to note for the purposes of this discussion are DynID Admin and Billing.
- Adding the DynID Admin group will grant the selected user permissions to reset 2FA for the Full Administrator and all other users.
- Adding the Billing group will grant the user access to update credit card information.
Now that you have given these permissions to a user, they may need some instruction on how to utilize the features that come along with them. There is a plethora of guidance available on our help.dyn.com website. A great place to get started, regardless of which permissions are granted, is here.
You may have noticed that promoting a user is completed in the Managed DNS account at manage.dynect.net but adding the DynID Admin and Billing permissions is completed via portal.dynect.net. What’s the significance of this? To understand, let’s talk briefly about the differences between an API user and a DynID.
When the Full Administrator chooses to grant access to a new user they will first create an API user in the Managed DNS portal at manage.dynect.net. If the new user does not need User Interface (UI) access they can begin using the API credentials created for them to utilize the API. However, if they need access to the UI, they will need to enroll in a DynID.
DynID is a recently launched single sign-on service that allows you to login just once to manage all of your services, whether this be Managed DNS, Email Delivery or Dyn’s Internet Intelligence products. When you enroll in a DynID you are prompted for API credentials. This important step links the DynID and API user during the enrollment process.
This means whether you update the API user or the DynID permissions you are updating the same user. The difference is the type of permissions that are being granted. DynID permissions such as 2FA and credit card information are controlled in portal.dynect.net. API permissions such as record and zone permissions, along with the Full Administrator promotion we discussed are contained in manage.dynect.net.
Let’s review quickly:
- Is it important to keep the Full Administrator information up to date? Yes! When a planned employee change takes place, be sure to promote a new Full Administrator on the account.
- The Administrator can share responsibilities by granting access to other users, such as resetting 2FA.
- Your DynID and API user are linked and DNS related permissions are controlled in manage.dynect.net and DynID permissions are located in portal.dynect.net.
Whether you’re managing employee turnover or promotions, ensuring the security of your account, or want to delegate responsibilities, Dyn’s Managed DNS service has the answers. Keep these fundamentals in mind and you’ll be on your way to advanced user permission changes in no time!