Changing user settings
The Account Settings page allows you to manage your Reblaze user accounts.
From this tab, you can reset your password, name, and phone number.
Reblaze uses 2FA (two factor authentication). There are several options for sending an OTP when you login:
If only an email address is provided, the OTP will be sent via email.
If a phone number is provided, the OTP will be sent over SMS message.
This tab also offers a personal API key, to be used in all requests to the Reblaze API.
This tab allows you to manage users that are attached to your organization. It is only available to users with administrator permissions.
An admin can:
Create a new user
Edit an existing user
Reset a user's password
Delete a user
When a user account is being edited, this will appear:
The available Access Levels are:
Viewer: can see the Traffic section, i.e. the Dashboard and View Log.
Organization Admin: has all Editor permissions, and can also manage users via the Users Management page.
Reblaze Admin: has all Organization Admin permissions, and can also edit and view the Notes, Init and Run pages.
This tab allows SSO to be configured so that users have the ability to log into Reblaze with their Okta or Microsoft Azure accounts.
Configuration options will vary depending on the type of account.
Please note: In setting up an SSO account with Okta or Microsoft Azure, the screens you encounter on those sites may differ slightly from those appearing here. However, the information you will be required to provide for SSO set up and configuration will be the same as shown below.
Go to Okta. At the top of the page, click "Try Okta", register and create an application:
Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active
Click Add Application
→ Create New App
Choose Platform: Web
and Sign on method: SAML 2.0
Give your app a name and click Next
:
Now, configure the SAML integration, as shown in the screen below.
In the Single sign-on URL
field, enter the URL in the following format:
https://
{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/signon
In the Audience URI
field, enter the URI in the following format:
https://
{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/audience
[Obtain Reblaze Console Domain URL from the Reblaze Log In.]
Next, scroll down to the Attribute Statements (optional)
section.
In the Name
column, write emailaddress
; in the Value
column, write user.email
Click Add Another
.
In the Name
column, write displayname
; in the Value
column, write user.firstName + " " + user.lastName
Click Add Another
.
In the Name
column, write groups
; in the Value
column, write appuser.rbzgroups
Scroll down, click Preview the SAML Assertion
, then click Next
.
The screen shown below will appear. Select I'm an Okta customer adding an internal app
, then click Finish
at the bottom of the screen.
Next, the Reblaze Admin group ID must be configured.
On the left side of the Okta screen, under Directory
, go to Profile Editor
. The screen below will appear.
In the Users
tab, select Apps
.
Scroll down and in the list of Profiles
, locate and then click {$APP_NAME} User
, where {$APP_NAME} is the name you assigned to your app earlier.
The following screen will appear. Under Attributes
, click + Add Attribute
.
An Add Attribute
window will appear. Complete the fields as shown below, then click Save
.
The next step is mapping. Return to the Profile Editor
screen, and click on the Mappings
tab.
The window below will appear.
Fill in the top field with appuser.rbzgroups
. Click the arrow to the right of the field, and select the first option.
At the bottom of the window, click Save Mappings
, then click Apply updates now
.
Create user groups for two possible access levels: Admin and Read-Only access.
On the Okta menu on the left side of the screen:
Under Directory
, select Groups
.
A Groups
screen appears; go to Add Group
. Add a group named reblazeadmin
.
From the left-hand menu, under Applications
, select Applications
.
An Applications
screen will appear. Click your app's name. The screen shown below will open.
In the Assignments
tab, click the Assign
dropdown and select Assign to Groups
, as below.
The following window will open. Select reblazeadmin
, and click Assign
.
The following window will open. Fill in the field as below, then click Save and Go Back
. This will bring you back to the previous window (above), where you click Done
.
Next, back at the app window, select the Sign On
tab. In the window that appears, scroll down until the SAML Signing Certificates
section. On the right hand side, click View SAML setup instructions
.
This leads to the How to Configure SAML 2.0 for {$APP_NAME} Application
page. You will use the information here in the next step.
At this point, you must log into the Reblaze console. Go to your Reblaze Log In
screen and complete all the fields, including the MFA PIN you will receive. Click Log In
.
This will bring you to the Reblaze console.
From the menu on the left, under Settings
select Account
. Your Account page will open. Click the Single sign on configuration
tab.
In the window that appears, select Enabled
.
To obtain the URL for the Provider URL
field, return to the Okta How to Configure SAML 2.0 for {$APP_NAME} Application
page.
Copy the url from the Identity Provider Single Sign-On URL
, and paste it into the Reblaze Provider URL
field.
The following revisions must be made to the URL:
Now, add the suffix metadata
to the end of the URL (after the segment ending: saml/).
4. Fill in the name of the Admin Group
(i.e., reblazeadmin
).
5. Fill in the URL for the IDP Issuer
field. To obtain the URL:
6. Return to the How to Configure SAML 2.0 for {$APP_NAME} Application
page.
7. Copy the URL from the Identity Provider Issuer
field.
8. Paste it into the Reblaze IDP Issuer
field.
9. Ignore the Audience URL
and Assertion URL
fields (they should be disabled automatically).
10. Click Save
. This will restart the console service.
On the Reblaze Log In
page there will now be an additional button: SSO Login
. Click to log into the Reblaze console.
Go to this MS Azure page to sign in.
You will be redirected to the Default Directory page. From the side menu, select Enterprise applications
.
Choose + New Application
, as shown below.
In the screen below, choose + Create your own application
.
Then, from the drop-down that appears, give your app a name and choose Integrate any other application you don't find in the gallery (Non-gallery)
. Click Create
.
On the next screen that appears, from the left menu, select Single sign-on
, then choose SAML
:
The screen below will appear. Click Edit
in the first block (Basic SAML Configuration) on the left.
On the right, enter values for the Identifier (Entity ID)
and Reply URL (Assertion Consumer Service URL)
fields:
The Identifier (Entity ID)
should be provided by the customer. It must be unique for the customer’s SSO applications. The best option is to use something like: customer_domain.com?sso=123
. Note that this should not contain the "https://" prefix. Also note that this value will be entered into the IDP Issuer field in the Reblaze console.
The Reply URL (Assertion Consumer Service URL)
should be: https://
{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/signon
, where the {REBLAZE_CONSOLE_DOMAIN} can be obtained from the Reblaze Log In.
Click Save (at the top).
Copy the App Federation Metadata URL
and save it for later. This will be used as the Provider URL
value in the Reblaze console.
user.groups
in Attributes & Claims
.In the second block of the screen below, click Edit
.
The screen below will appear. Select + Add a group claim
.
From the drop down that appears on the right:
Choose All groups
Choose Source attribute:
Group ID
Click Save
The following screen will appear.
Return to the Enterprise Application
screen. From the left menu, click Users and Groups
.
Click the + Add users/groups
tab. Add users to the application by searching for a display name or through application registration.
Go to Azure Active Directory
→ Groups
, and create a group by clicking on the New Group
tab.
Copy the Object ID
and save it for later use. It will be the value for the Admin Group
field in the Reblaze console.
Click on the hyperlinked group name (ReblazeAdmin
); the screen below will appear. Select Members
from the left menu.
Assign a user to the group:
Go to the Reblaze console and sign in.
In the left menu, under Settings
, select Account
. When the screen below appears, click on the Single sign on configuration
tab; set the Enabled checkbox.
For the remaining fields:
Set Provider
to Microsoft
.
Set the Provider URL
to the value obtained in Step 4 (the App Federation Metadata URL
).
Set the Admin Group
to the value obtained in Step 7 (the Object ID
).
Ignore the remaining fields. (IDP Issuer
should have been set automatically, while Audience URL
and Assertion URL
should have been disabled.)
After the fields are filled in, click Save
.
Delete the following segment, highlighted in blue, from the URL you copied: [dev-7889665_mynewapp_1/
]