SSO Configuration
Reblaze provides the ability to log in using SSO (single sign-on). Configuration varies depending on the type of SSO: Okta, Microsoft, or Google.
Set up Okta SSO
Step 1: register on Okta, and create an application
Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active
Click Add Application
→ Create New App
Choose Platform: Web
, sign-in method OIDC
(OAuth 2.0)
Set these attributes:
Sign-in redirect URIs:
https://<planet-name>.dev.app.reblaze.io/auth/okta-oauth2-<planet-name>/authorization-code/callback
Federation Broker mode: disabled
Step 2: Create group
In order to pass the Admin group ID, we need to add a custom attribute to the user groups.
Directory
> Profile Editor
> Apps
> Click on Profile
Now map it:
Directory
> Profile Editor
> Apps
> Click on Mappings
Assign group reblazeadmin
to your app.
Copy the values for Client ID
and a new client secret:
Step 3: Add parameters to Reblaze
On the Reblaze SSO page:
Fill in the requested values. For Issuer
, use your Okta account. For IDP Group Claim
, use the group you created above in Step 2.
Set up Microsoft Azure SSO
Step 1: Go to Azure Portal → Enterprise applications
Enterprise applications
Step 2. Create the application
Choose + New Application
→ + Create your own application
:
Step 3: Create the SSO app
Select Integrate any other application you don't find in the gallery (Non-gallery)
Step 4: Select SAML method
Go to Single sign-on
section and choose SAML
:
Step 5: Set up appropriate links
Edit the Basic SAML Configuration
:
Set Azure's
Identifier (Entity ID)
tohttps://<planet-name>.dev.app.reblaze.io.
Also save a copy of this value somewhere; it will be needed again later.Set Azure's
Reply URL
tohttps://<planet-name>.dev.app.reblaze.io/auth/azure-saml2-<planet-name>/authorization-code/callback
Step 6: Add a user group claim
Edit user.groups
:
Click on +
Add a group claim
, and choose:
All groups
Source attribute:
Group ID
Step 7: Add a user as a member of the application:
Step 8: Get admin group ID
Go to Azure Active Directory
→ Groups
, and create a group.
And assign a user to the group:
Step 9: Get SAML 2 data for Reblaze
From Azure's Single sign-on
section, copy the Entity ID
(entered during a previous step) and Login URL
:
And from the Groups Overview
section, copy the Object Id
. This should be the same ID from Step 8.)
Add these parameters to the Reblaze SSO page. For Reblaze's IDP group claim
, use Azure's Object Id
.
Set up Google SSO
Step 1: Create new OAuth credentials
Go to Google APIs & Services: https://console.cloud.google.com/apis/dashboard.
Create new OAuth credentials:
Copy the credentials (client id + client secret) for use within the Reblaze console.
Step 2: Set domains
Set the domains to allow app to be used from your planet domain:
Authorized javascript origin:
https://<planet-name>.dev.app.reblaze.io
Authorized redirect URIs:
https://<planet-name>.dev.app.reblaze.io/auth/google-oauth2-<planet-name>/authorization-code/callback
Step 4: Groups mapping
For the groups mapping you can obtain email addresses of the groups your account is attached to from this page https://groups.google.com/my-groups.
Then select the email
field from the dropdown and map to the Reblaze roles.
Last updated