Account
Changing user settings
The Account Settings page allows you to manage your Reblaze user accounts.

Tab: Your account details

Your account details

Basic account settings

From this tab, you can reset your password, name, and phone number.

Settings for OTPs (One Time Passwords)

Reblaze uses 2FA (two factor authentication). There are several options for sending an OTP when you login:
  • If only an email address is provided, the OTP will be sent via email.
  • If a phone number is provided, the OTP will be sent over SMS message.
  • As an alternative, you can also get a QR code for use in apps such as Google Authenticator (available for both Android and iPhone).

API Key

This tab also offers a personal API key, to be used in all requests to the Reblaze API.

Tab: Users management

Users management
This tab allows you to manage users that are attached to your organization. It is only available to users with administrator permissions.

Administration

An admin can:
  • Create a new user
  • Edit an existing user
  • Reset a user's password
  • Delete a user
When a user account is being edited, this will appear:
Edit User
The available Access Levels are:
  • Viewer: can see the Traffic section, i.e. the Dashboard and View Log.
  • Editor: has all Viewer permissions, and can also configure security rulesets and policies in the Security and Settings sections.
  • Organization Admin: has all Editor permissions, and can also manage users via the Users Management page.
  • Reblaze Admin: has all Organization Admin permissions, and can also edit and view the Notes, Init and Run pages.

Tab: Single sign-on configuration

This tab allows SSO to be configured so that users have the ability to log into Reblaze with their Okta or Microsoft Azure accounts.
Configuration options will vary depending on the type of account.
Please note: In setting up an SSO account with Okta or Microsoft Azure, the screens you encounter on those sites may differ slightly from those appearing here. However, the information you will be required to provide for SSO set up and configuration will be the same as shown below.

Setting up SSO through Okta

1. Go to Okta. At the top of the page, click "Try Okta" and register and create an application:

Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active
Click Add ApplicationCreate New App
Choose Platform: Web, Sign on method: SAML 2.0
Give your app a name and click Next:
Now, configure the SAML integration:
See the Create SAML Integration / Configure SAML screen below:
In the field for Single sign-on URL, enter the URL in the following format:
https://{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/signon
In the field for Audience URL, enter the URL in the following format:
https://{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/audience
[Obtain Reblaze Console Domain URL from the Reblaze Log In.]
Next, scroll down to Attribute Statements (optional)
Attribute Statements:
In the Name column, write: emailaddress; in the Value column, write: user.email Click Add Another
In the Name column, write: displayname; in the Value column, write: user.firstName + " " + user.lastName Click Add Another
In the Name column, write: groups; in the Value column, write: appuser.rbzgroups
Scroll down, click Preview the SAML Assertion, then click Next.
The following screen will appear:
Select I am an Okta customer adding an internal app, then click Finish at the bottom of the screen.

3. Custom User profile

Next, the Reblaze Admin group ID must be configured. Custom attributes must added to the user groups. On the left side of the Okta screen, under Directory, go to Profile Editor . The screen below will appear.
In the Users tab, select Apps
Scroll down and in the list of Profiles, locate and then click my new app User
The following screen appears. Under Attributes, click + Add Attribute
An Add Attribute window will appear. Complete the fields as shown below, then click Save.
The next step is mapping.
Return to the Profile Editor screen. Now click on the Mappings tab. The window below will appear.
Fill in the top field as shown in the screen below. Click the arrow to the right of the field, select the first option.
At the bottom of the window, click Save Mappings, then click Apply updates now.
4. Assign the application to users
Create user groups for two possible access levels: Admin and Read-Only access.
On the Okta menu on the left side of the screen:
  1. 1.
    Under Directory, select Groups.
  2. 2.
    A Groups screen appears; go to Add Group.
  3. 3.
    From the left-hand menu, under Applications, select Applications.
  4. 4.
    An Applications screen will appear on which you click my new app. The my new app screen will open.
  5. 5.
    In the Assignments tab, click the Assign dropdown and select Assign to Groups, as below.
The following window will open. Select reblazeadmin, click Assign.
The following window will open. Fill in the field as below; click Save and Go Back. This will bring you back to the previous window (above), where you click Done.
Next, back at the my new app screen, select the Sign On tab. In the window that appears, scroll down until the SAML Signing Certificates section. On the right hand side, click View SAML setup instructions.
This leads to the How to Configure SAML 2.0 for my new app Application page.
At this point, you must log into the Reblaze console. Go to your Reblaze Log In screen and complete all the fields, including the MFA PIN you will receive. Click Log In.
This will bring you to the Reblaze console.
  1. 1.
    From the menu on the left, under Settings select Account. Your Account page will open. Click the Single sign on configuration tab.
  2. 2.
    In the window that appears, select Enabled.
  3. 3.
    To obtain the URL for the Provider URL field, return to the Okta How to Configure SAML 2.0 for my new app Application page.
  1. 1.
    Copy the url from the Identity Provider Single Sign-On URL, and paste it into the Reblaze Provider URL field.
  2. 2.
    The following revisions must be made to the url.
  • Delete the following segment, highlighted in blue, from the url you copied:
    [dev-7889665_mynewapp_1/]
  • Now, add the suffix metadata to the end of the url (after the segment ending: saml/).
  • Fill in the name of the Admin Group - reblazeadmin.
  • Fill in the url for the IDP Issuer field. To obtain the url:
    • Return to the How to Configure SAML 2.0 for my new app Application page.
    • Copy the url from the Identity Provider Issuer field.
    • Paste it into the Reblaze IDP Issuer field.
  • Click Save. This will restart the console service.
On the Reblaze Log In page there will now be an additional button: SSO Login. Click to log into the Reblaze console.

Setting up SSO through Microsoft Azure

1. Go to Azure PortalEnterprise applications
2. Choose + New Application+ Create your own application:
3. Choose option Integrate any other application you don't find in the gallery (Non-gallery) (this option will create SSO app):
4. From the menu on the left, select Single sign-on, thenchoose SAML:
5. Set up appropriate links:
IDP ISSUER should be provided by the customer. It must be unique for the customer’s SSO applications. The best option is to use something like: customer_domain.com?sso=123. (the IDP Issuer field (in the console) should be identical to the Identifier field (in Azure) and should be inserted without "https://") 6. Get Metadata XML link and add to the Provider URL environment variable:
7. Setup user.groups in User Attributes & Claims, so it send all groups related to the user:
Click on “+ Add a group claim”, choose:
  • All groups
  • Source attribute: Group ID
8. Add a user as a member of the application:
9. Get the admin group ID from Azure and put it into the ADMIN GROUP environment variable: Go to Azure Active DirectoryGroups, create a group.
Object ID is the string you need for the ADMIN GROUP or place the group ID into the Reblaze console SSO settings:
And assign a user to the group: