DNSFilter Advanced, scale and governance
Multi-tenant operations, scaled reporting, OIDC SSO, MSP-stack integrations, Query Log investigation, and clean offboarding across customers.
Lessons
- 01 ~11 minMulti-tenant architecture. MSP dashboard and sub-orgs
How DNSFilter's MSP dashboard, sub-organisations, and whitelabel work together, what inherits, what doesn't, and the RBAC anti-patterns that cost MSPs incidents.
- 02 ~9 minReporting at scale. Insights, AppAware, and the Data Export add-on
Cut DNSFilter's reporting surface into three audiences (IT lead, exec, MSP team), then pick the right surface. Insights, AppAware, or Data Export, for each.
- 03 ~9 minSSO and identity. OIDC, the Users feature, and the IdP-failure escape hatch
Wire DNSFilter into an OIDC IdP (Entra, Okta, Google Workspace, Active Directory), apply per-user policies via the Users feature, and keep an Owner-level fallback that survives an IdP outage.
- 04 ~9 minIntegrations. API tokens, PSA hooks, SIEM forwarding, and what NOT to integrate
Use the API JWT for cross-tenant automation, wire DNSFilter into HaloPSA / Syncro PSAs, push events into a SIEM via Data Export, and recognise the integrations that aren't worth building.
- 05 ~11 minInvestigating an incident, using the Query Log as a forensic source
A worked decision tree for an Advanced-level investigation, campaign vs single-user vs likely compromise, with three pivots from the DNS Query Log and a reusable write-up format.
- 06 ~10 minOffboarding and cleanup across customers
A customer-exit and leaver runbook for DNSFilter, covering Roaming Client removal, stale Users, API keys, SSO/admin access, lists, retained evidence, and billing handoff.
- Final quiz
Test what you learned. Wrong answers are explained on the spot.