Deployment configurations
This article documents what information the 10Duke Integration Support team needs for your 10Duke Enterprise deployment and for the setup of production and non-production (such as staging and development) environments.
See also information on the localization, look and feel customization and feature configuration of 10Duke Login Application, 10Duke My Licenses, and 10Duke OrgAdmin.
Confirm URLs for environments
Confirm the URLs you want to use for your 10Duke Enterprise environments. For example, for the production environment, it’s best practice to use a subdomain, such as id.customerdomain.com
or licensing.customerdomain.com
.
Confirm AWS region
10Duke Enterprise is deployed and hosted as a single-tenant environment in Amazon Web Services (AWS). The 10Duke Integration Support team will ask you to confirm which AWS region should be used for the production deployment.
Confirm DNS subdomain authority
Several Domain Name System (DNS) records must be added for the subdomains that you want to use for the environments.
10Duke offers two options:
-
10Duke controls the DNS for the subdomains.
After an initial DNS configuration done by you (adding a few DNS records), the 10Duke Integration Support team can add the necessary records when needed.
As an exception, if you want emails to originate from outside the subdomain, you need to add email-related records yourself.
We recommend this option because it reduces the need for back-and-forth communication after the setup has been done.
-
You control the DNS for the subdomains.
The 10Duke Integration Support team contacts you whenever DNS records need to be added. This will be once or twice per deployed environment and once for the e-mail configuration.
At least the following DNS additions must be done for each deployed environment:
-
Add the service DNS CNAME for the deployment stack.
-
Add the AWS Certificate Manager (ACM) DNS CNAME for the HTTPS certificate validation.
In addition, four more records may need to be added for Amazon Simple Email Service (SES) email sending Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF). See more on SES email sending below.
-
Configure email sending
10Duke Enterprise can be configured to send emails on your company’s behalf related to the following features:
-
Inviting new users to the system
-
Inviting new and existing users and device clients to organizations (user groups and device client groups)
-
Verifying users’ email addresses
-
Prompting users to set a password (for example, after user account creation or import), and confirming the account activation was completed
-
Resetting users’ forgotten passwords
-
Informing users by email about a password change and about two-factor authentication (2FA) being activated for their user account
Emails can be sent to whichever email addresses users choose to use for their user accounts in the system.
Setup options
There are two options for how your email sending can be set up:
-
Through your email service provider
This option requires support for Simple Mail Transfer Protocol Secure (SMTPS). Provide the 10Duke Integration Support team with an SMTP username and password, and the host and port for 10Duke Enterprise to use.
The emails are sent from an address such as
no_reply@yourdomain.com
or some other domain that you control. The originating address can be the same for all your environments.Bounces, complaints, deliveries, and so on go through your normal IT process. No additional DNS configuration is needed.
-
Using Amazon Simple Email Service (SES)
The 10Duke Integration Support team activates the service for you. Provide them with one or more email addresses where email bounces and complaints are delivered. You need to monitor these in case customers are having trouble receiving emails from the service.
If it’s agreed that 10Duke controls the DNS for the licensing service, there are two sub-options:
-
If you want the emails to originate from
yourdomain.com
or some other domain you control, you need to add a few DNS records to prove these are legitimate emails from your domain and that the AWS account can be used for your emails. (This is the case if 10Duke doesn’t control the DNS.)When possible, we recommend using this option. It’s usually easier to resolve possible problems when the owner of the addresses is responsible for the delivery.
-
If you want the emails to originate from
licencing.yourdomain.com
(and it’s controlled by 10Duke), the 10Duke Integration Support team can add the required records for you.
-
Customize the email content
You can change the text content and localize email templates based on your requirements. Contact the 10Duke Integration Support team about the customizations you need.
Supported characters in email addresses
The following characters are supported in email addresses before the @
sign:
-
Uppercase and lowercase letters
A-Z
anda-z
-
Digits
0-9
-
Special characters
.!#$%&'*+=?^_`{|}~-
Note especially that in names such as “O’Leary”, an apostrophe '
and a grave accent `
are allowed characters, but single quotation marks ‘
and ’
are not allowed.