Sean Killeen bio photo

Sean Killeen

Just a guy trying to get better at writing bios.

Email Twitter Facebook Google+ LinkedIn Instagram Github Stackoverflow Foursquare
Edit this page | Issue? Question?

Problem

When building a web site for a customer, you need access to domain name properties to change things such as DNS settings.

However, if a customer provides you with access to their domain by sharing their login, they could put themselves at risk, too. Most customers don’t want to trust an IT professional with the keys to their branding, particularly if the relationship is new or if they have several domains with one account.

Solution: Domain Name Delegation

Domain name delegation allows your customer to give you access to their domain name for certain actions, without needing to grant you access to their account or full control over the domain.

Configuring Domain Delegation at NameCheap

I’m a big fan of http://NameCheap.com for domain hosting. They make domain delegation pretty straightforward.

Your client can do the following:

  • Sign up for NameCheap and buy their domain.
  • Go into their domain’s settings.
  • On the left-hand side, click “Grant modification rights”:

  • Enter their password and your username:

  • Select all for all rights or (only the rights they’re comfortable with):

  • Save the settings:

The next time you sign in, you’ll see the domain name in your domain name list, likely with a lock next to it to indicate that you’ve only been granted certain rights:

To Recap: Why do this again?

  • Doesn’t Expose other customer domains: if a customer has 20 domains under their account, they can grant you rights to just the one they’re interested in.
  • No shared logins: Both parties are more secure since there’s no need to share passwords.
  • Power resides with the customer: They can remove your rights entirely at any time they desire or share with multiple people. This puts the power/control in their hands which is usually a good thing.
  • You can both use two-factor authentication: Because passwords aren’t shared, two-factor authentication (one of the more secure approaches to logins that uses “something you know”, e.g. a password, and something you have, e.g. your cell phone to receive a text) is now possible. This greatly reduces potential for a security breach.

Happy domaining!