Adjusting DNS to redirect a hybrid SA IdP URL to a SA IdP Cloud Instance

Version Affected: All

Description:  

Migrating Hybrid SA IdP to Cloud IdP via DNS

Important Considerations:  

• Propagation Time: During the DNS propagation time, some users may be directed to the old server while others to the new cloud instance. Plan for this transition period accordingly. 

• REQUIRED - Configuration will fail without the certificate in place. (SSL/TLS Certificate): Submit the customer’s non-wildcard SSL certificate for myidp.ourdomain.com (in .pfx format) to SecureAuth as a Jira SRQ for application to the cloud instance. 

• Testing After Propagation: Once you believe DNS propagation has completed, test by visiting myidp.ourdomain.com and ensure it correctly resolves to your cloud instance at saidpcloudname.identity.secureauth.com. 

By following these steps, you'll redirect traffic from myidp.ourdomain.com to your new cloud instance at saidpcloudname.identity.secureauth.com using a CNAME record. 

NOTE:

A day or so before the planned cutover, lower the TTL of the current A record for myidp.ourdomain.com to 300 seconds (5 minutes). This allows for a faster propagation of DNS changes when you make the switch to the new DNS settings. 

Here are the general steps to lower the TTL for a DNS record: 

• Access your DNS management interface or control panel, which is usually provided by your DNS hosting provider. 

• Locate the specific DNS record (e.g., A record for myidp.ourdomain.com). 

• Modify the TTL value for that record to your desired lower value (e.g., 300 seconds). 

• Save the changes. 

Make DNS Change:  

To migrate your URL, myidp.ourdomain.com (currently using an A record in DNS) to the cloud instance at saidpcloudname.identity.secureauth.com, you'll need to modify your DNS records. Since saidpcloudname.identity.secureauth.com is a fully qualified domain name (FQDN) provided by SecureAuth and cannot be changed, you will use a CNAME record for this purpose. 

Step-by-Step Instructions: 

Access Your DNS Management Console: 

• Log in to the DNS management console where myidp.ourdomain.com is currently managed. This is typically with your domain registrar or hosting provider. 

Locate the Current A Record: 

• Navigate to the DNS settings section. 

• Find the A record for myidp.ourdomain.com. It will be pointing to an IP address. 

Delete the A Record: 

• Remove the A record for myidp.ourdomain.com. This is necessary because you cannot have both an A record and a CNAME record for the same hostname. 

Add a CNAME Record: 

• Create a new CNAME record. 

• In the "Name" or "Host" field, enter myidp (assuming ourdomain.com is your domain). 

• In the "Type" field, select 'CNAME'. 

• In the "Value" or "Points to" field, enter saidpcloudname.identity.secureauth.com. 

• Set the TTL (Time to Live) as per your preference, though a common default is 1 hour (3600 seconds). 

Save the Changes: 

• After adding the CNAME record, save your changes in the DNS management console. 

Wait for DNS Propagation: 

• DNS changes can take some time to propagate globally. It can vary from a few minutes to up to 48 hours. 

Special Considerations (optional as needed):  

[denote caveats and things to watch out for, attach screenshots as needed.  Delete section if not required]

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.