Cloud Zoo Domain Teams - config constraints



The Rhino Accounts secure disclaimer lists that it supports OID Connect protocol. The list of providers that we can link it to is rather limited (Facebook, Google, Azure, OneLogin). Can we get other providers supported. Specifically Okta in our case?

Also the requirement to place a file at an HTTP web address is not very supportable in today’s HTTPS internet. A better authentication would be to have the company setup a DNS TXT record like we do to prove domain ownership with other companies.

If I should create this as a support request, please let me know.

(Andrés Jacobo) #4

@JNICKELL thanks for your message. I’ll do my best to reply to all of its topics.

The Rhino Accounts secure disclaimer lists that it supports OID Connect protocol

I think there is some confusion there. What we meant to say was that Rhino Accounts is itself an Open ID Connect Provider that third parties can use in their plugins/websites to integrate into the Rhino ecosystem (this forum itself uses Rhino Accounts).

When I designed the system, I had a long thought process on what third-party providers would be accepted. For security reasons that are beyond the scope of this post, I deemed it unwise to support any Open ID Connect Provider, since Rhino Accounts places some blind trust on the provider to accomplish certain features, like transparent account creation/synchronization. The reason why we don’t support Okta is simply because you are the very first person to request support for it.

Also the requirement to place a file at an HTT P web address is not very supportable in today’s HTTP S internet.

Believe it or not, we originally had it working with HTTPS, but precisely because our biggest customers didn’t support it, we had to go back and support HTTP. Either way, if your server redirects HTTP to HTTPS (like almost any server does), it will still work in a HTTPS environment. If this method doesn’t work for you, we will happily arrange alternate methods of proving your domain.



Thanks for the quick reply. May I officially request supporting Okta since they are the provider we are using in this arena.

Additionally, can you add the ability to authenticate domain ownership via a DNS TXT record or CNAME. I can more easily set these up, than I can get access to our public web servers to add a file.

Thanks again for the quick response!

(Andrés Jacobo) #6

You’re welcome.

I’ve created an item to add Okta support:

I’m really not too worried about verifying your domain. We can manually verify your DNS TXT record if need be.

Out of curiosity, what is your use case for supporting Okta? How do you envision using Rhino Accounts?



I was looking to do it to support a domain linked team setup and using Cloud Zoo server.
From what I’d read so far we have to setup the connection between Zoo and our provider.

(Andrés Jacobo) #8

That sounds like a good use case.

If your organization is not massive, may I suggest that you manually invite some users to your (non domain linked) team and try out Cloud Zoo. That same team can be easily linked to your domain at a later date when Okta is supported, and Rhino Accounts will enforce that any team member login using Okta from that point forward, effectively migrating everyone’s credentials.’



Thanks for the workaround. That will work for us for the time being as the initial team will not be large.