SSO Configuration
Reblaze provides the ability to log in using SSO (single sign-on). Configuration varies depending on the type of SSO: Okta, Microsoft, or Google.
Set up Okta SSO
Step 1: register on Okta, and create an application
Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active
Click Add Application → Create New App
Choose Platform: Web, sign-in method OIDC (OAuth 2.0)
Set these attributes:
Sign-in redirect URIs:
https://<planet-name>.dev.app.reblaze.io/auth/okta-oauth2-<planet-name>/authorization-code/callback
Federation Broker mode: disabled
Step 2: Create group
In order to pass the Admin group ID, we need to add a custom attribute to the user groups.
Directory > Profile Editor > Apps > Click on Profile
Now map it:
Directory > Profile Editor > Apps > Click on Mappings
Assign group reblazeadmin to your app.
Copy the values for Client ID and a new client secret:
Step 3: Add parameters to Reblaze
On the Reblaze SSO page:
Fill in the requested values. For Issuer, use your Okta account. For IDP Group Claim, use the group you created above in Step 2.
Set up Microsoft Azure SSO
Step 1: Go to Azure Portal → Enterprise applications
Enterprise applicationsStep 2. Create the application
Choose + New Application → + Create your own application:
Step 3: Create the SSO app
Select Integrate any other application you don't find in the gallery (Non-gallery)
Step 4: Select SAML method
Go to Single sign-on section and choose SAML:
Step 5: Set up appropriate links
Edit the Basic SAML Configuration:
Set Azure's
Identifier (Entity ID)tohttps://<planet-name>.dev.app.reblaze.io.Also save a copy of this value somewhere; it will be needed again later.Set Azure's
Reply URLtohttps://<planet-name>.dev.app.reblaze.io/auth/azure-saml2-<planet-name>/authorization-code/callback
Step 6: Add a user group claim
Edit user.groups:
Click on +Add a group claim, and choose:
All groupsSource attribute:
Group ID
Step 7: Add a user as a member of the application:
Step 8: Get admin group ID
Go to Azure Active Directory → Groups, and create a group.
And assign a user to the group:
Step 9: Get SAML 2 data for Reblaze
From Azure's Single sign-on section, copy the Entity ID (entered during a previous step) and Login URL:
And from the Groups Overview section, copy the Object Id. This should be the same ID from Step 8.)
Add these parameters to the Reblaze SSO page. For Reblaze's IDP group claim, use Azure's Object Id.
Set up Google SSO
Step 1: Create new OAuth credentials
Go to Google APIs & Services: https://console.cloud.google.com/apis/dashboard.
Create new OAuth credentials:
Copy the credentials (client id + client secret) for use within the Reblaze console.
Step 2: Set domains
Set the domains to allow app to be used from your planet domain:
Authorized javascript origin:
https://<planet-name>.dev.app.reblaze.ioAuthorized redirect URIs:
https://<planet-name>.dev.app.reblaze.io/auth/google-oauth2-<planet-name>/authorization-code/callback
Step 4: Groups mapping
For the groups mapping you can obtain email addresses of the groups your account is attached to from this page https://groups.google.com/my-groups.
Then select the email field from the dropdown and map to the Reblaze roles.
Last updated
