Single Sign-On for the ngrok Dashboard
ngrok is the fastest way to put your application on the internet. But being fast isn’t enough, we also want to be the most secure way to put your application on the internet.
While we’ve made huge strides for customers’ apps and endpoints with IP restrictions, OAuth in one line, and mutual TLS, we needed to consider the operation and management of customers’ ngrok accounts themselves.
To that end, today we are announcing the general availability of enterprise Single Sign-On for your ngrok account. This allows our customers to configure the ngrok Dashboard to federate with their own Identity Provider (IdP) to manage user accounts in a central location and ensure those accounts are secured using the same multi-factor authentication as the rest of your corporate applications. While we already have customers using Okta and AzureAD for SSO, we support any SAML 2.0-compliant IdP.
Configuring SSO with ngrok
The entire setup process is available as a self service option for our Enterprise customers and can be accessed under the “Settings > Account” section in your dashboard. Once there, users can add an Identity Provider to use with their account:
ngrok supports two modes of enforcement for SSO: a Mixed Mode where users can log in with either their SSO credentials or their existing username and password and an SSO Enforced mode which requires users to log in through the IdP. We recommend Mixed Mode for initial setup and testing before switching to SSO Enforced.
IT Administrators can invite their new users to join their account through the Teams section of the dashboard. Users also have the option of logging into ngrok directly from their IdP application portal, so they can instantly jump to all their SSO applications in one place.
Check out the full instructions in our newly renovated docs site under "Enabling Dashboard Single Sign-On."
Next Up: Provisioning & Deprovisioning
SSO is the starting point for integrating external applications into enterprise IT environments, but it’s just the beginning. Next on our list is being able to automatically provision and deprovision users in your organization. We are currently building out SCIM v2 compatible APIs to allow users to leverage their IdPs for creating and deleting accounts and plan to add the ability to sync groups with an IdP and ensure users are created with the correct set of permissions.
We’ve seen some companies start with many individual accounts but would ultimately like them all combined to a single corporate account. To solve this, we are building the ability for enterprises to verify their email domains with ngrok and gather those individual accounts into a single corporate account. This gives IT a single point of control to ensure their teams have all the features, capabilities, and policies to protect their systems.
We need your help
We can’t build our products without valuable feedback from our users. As you get started and use SSO for your ngrok Dashboard, we want to hear from you and the easiest way to do that is through our Slack community. Come join us and let us know what you think about this and anything else we build.