SSO Configuration

Reblaze provides the ability to log in using SSO (single sign-on). Configuration varies depending on the type of SSO: Okta, Microsoft, or Google.

Set up Okta SSO

Step 1: register on Okta, and create an application

Go to https://{YOUR ACCOUNT}

Click Add ApplicationCreate New App

Choose Platform: Web, sign-in method OIDC (OAuth 2.0)

Set these attributes:

redirect URIs:


Federation Broker mode: disabled

Step 2: Create group

In order to pass the Admin group ID, we need to add a custom attribute to the user groups. Directory > Profile Editor > Apps > Click on Profile

Now map it:

Directory > Profile Editor > Apps > Click on Mappings

Assign group reblazeadmin to your app.

Copy the values for Client ID and a new client secret:

Step 3: Add parameters to Reblaze

On the Reblaze SSO page:

Fill in the requested values. For Issuer, use your Okta account. For IDP Group Claim, use the group you created above in Step 2.

Set up Microsoft Azure SSO

Step 1: Go to Azure PortalEnterprise applications

Step 2. Create the application

Choose + New Application + Create your own application:

Step 3: Create the SSO app

Select Integrate any other application you don't find in the gallery (Non-gallery)

Step 4: Select SAML method

Go to Single sign-on section and choose SAML:

Edit the Basic SAML Configuration:

  • Set Azure's Identifier (Entity ID) to https://<planet-name> Also save a copy of this value somewhere; it will be needed again later.

  • Set Azure's Reply URL to https://<planet-name><planet-name>/authorization-code/callback

Step 6: Add a user group claim

Edit user.groups:

Click on +Add a group claim, and choose:

  • All groups

  • Source attribute: Group ID

Step 7: Add a user as a member of the application:

Step 8: Get admin group ID

Go to Azure Active DirectoryGroups, and create a group.

And assign a user to the group:

Step 9: Get SAML 2 data for Reblaze

From Azure's Single sign-on section, copy the Entity ID (entered during a previous step) and Login URL:

And from the Groups Overview section, copy the Object Id. This should be the same ID from Step 8.)

Add these parameters to the Reblaze SSO page. For Reblaze's IDP group claim, use Azure's Object Id.

Set up Google SSO

Step 1: Create new OAuth credentials

Go to Google APIs & Services:

Create new OAuth credentials:

Copy the credentials (client id + client secret) for use within the Reblaze console.

Step 2: Set domains

Set the domains to allow app to be used from your planet domain:

  • Authorized javascript origin: https://<planet-name>

  • Authorized redirect URIs: https://<planet-name><planet-name>/authorization-code/callback

Step 4: Groups mapping

For the groups mapping you can obtain email addresses of the groups your account is attached to from this page

Then select the email field from the dropdown and map to the Reblaze roles.

Last updated