Onboarding to Dfns
Welcome to Dfns! This guide will help you get set up with our industry-leading authentication and clone our sample app to test delegated signing.
- 1.Dfns staff provisions your new org and creates the first Employee in the organization, called the Org Owner.
- 2.Org Owner receives an email with a link to register in our system.
- 1.Click the link to be directed to the registration page with the username prepopulated. Copy and paste the registration code from the email. Click the register button. Note: Registration codes only last 4 hours so if yours is expired, just click "Email Me a New Registration Code".
- 2.Create credentials and submit. Login in using the new credentials.
- 3.Click your user icon in the top right and then click Settings
- 4.Now click “Users” in the left navigation
- 5.Add Users to the organization by clicking “New User”. (Note ExternalID is optional)
- 6.Employees receive an email and follow the same registration flow.
- 7.The Org Owner creates and assigns the necessary permissions to allow users to access the parts of the system required for their job responsibilities. For convenience, we've exposed a control on the user list page to give a user all access to the system here:
That said, we strongly encourage implementing the principle of least privilege by setting up your own permissions in the dashboard under Settings=>Permissions:
You can then assign permissions to Users, Service Account, and Applications by clicking the target card in the list to go to the detail page:
Once you register in your Dfns org and invite your Users, the next step is to create a Service Account which you can think of as a machine user.
- 1.Create a Public / Private Key pair that you will use for API signing from the terminal command. You can use the commands shown below or see our documentation on key generation:
- # Generate a ECDSA Private Keyopenssl ecparam -genkey -name prime256v1 -noout -out prime256v1.pem# Generate the Public Keyopenssl pkey -in prime256v1.pem -pubout -out prime256v1.public.pem
- 2.Navigate to Settings. Service Accounts=>New Service Account.
- 3.Name the Service Account, copy in the public key (including begin/end lines like “-----BEGIN PUBLIC KEY-----”) and click “Create”.
- 4.This will output a masked JWT one time. Copy it to a secure location before leaving the page.
If you want to implement Delegated Signing in which your customer generates credentials to our API via WebAuthn, continue with these steps:
- 1.Create an Application running at localhost:3000.
- 2.Go to Org Settings => Applications
- 3.Click New Application
- 4.Give it a name and specify the following values:
- 5.Click Create, then copy the App ID like “ap-2vemp-hl3c9-9j1rgcf9quurph” to paste into your .env file as described below
Our documentation should have everything you need to get up and running on Dfns! Here's an overview of some of the key sections: