Link11 WAAP
v2.18
v2.18
  • Link11 WAAP v2.18 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace Onboarding
    • AWS
      • Deploy Reblaze
      • Configure the Reblaze Platform
      • Set Up a Load Balancer for Traffic Routing
      • AWS Version Upgrade
    • GCP
      • Deploy Reblaze
      • Configure the Reblaze Platform
      • Set Up GCP Health Checks
      • Set Up GCP Load Balancer
      • GCP BYOL Upgrade
  • Console UI Walkthrough
    • General UI flow
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
      • Tag Rules
      • Rate Limiting
      • Cloud Functions
    • Settings
      • Web Proxy
      • Backend Services
      • Error Pages
      • SSL
      • DNS
      • CDN
      • Planet Overview
      • Global
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits and Exemptions
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • Tags
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page
  • Tab: Your account details
  • Basic account settings
  • Settings for OTPs (One Time Passwords)
  • API Key
  • Tab: Users management
  • Administration
  • Tab: Single sign on configuration
  • Set up Okta SSO
  • Set up Microsoft Azure SSO

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Settings

Account

Changing user settings

PreviousGlobalNextBest Practices

Last updated 3 years ago

Was this helpful?

The Account Settings page allows you to manage your Reblaze user accounts.

Tab: Your account details

Basic account settings

From this tab, you can reset your password, name, and phone number.

Settings for OTPs (One Time Passwords)

Reblaze uses 2FA (two factor authentication). There are several options for sending an OTP when you login:

  • If only an email address is provided, the OTP will be sent via email.

  • If a phone number is provided, the OTP will be sent over SMS message.

API Key

This tab also offers a personal API key, to be used in all requests to the Reblaze API.

Tab: Users management

This tab allows you to manage users that are attached to your organization. It is only available to users with administrator permissions.

Administration

An admin can:

  • Create a new user

  • Edit an existing user

  • Reset a user's password

  • Delete a user

When a user account is being edited, this will appear:

The available Access Levels are:

  • Organization Admin: has all Editor permissions, and can also manage users via the Users Management page.

  • Reblaze Admin: has all Organization Admin permissions, and can also edit and view the Notes, Init and Run pages.

Tab: Single sign on configuration

This tab allows SSO to be configured so that users have the ability to log into Reblaze with their Okta or Microsoft accounts.

Configuration options will vary depending on the type of account.

Set up Okta SSO

Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active

Click Add Application → Create New App

Choose Platform: Web, Sign on method: SAML 2.0

2. Name it, setup links and attributes:

Single sign on URL:

RBZ_SSO_ASSERTION_URL env var. Value should look like: https://{CUSTOMER_DOMAIN}/sso/saml20/signon.

Audience URI (SP Entity ID):

RBZ_SSO_AUDIENCE_URL env var. Value should look like: https://{CUSTOMER_DOMAIN}/sso/saml20/audience

Attribute Statements:

emailaddress: user.email

displayname: user.firstName + " " + user.lastName

groups: appuser.rbzgroups

3. Custom User profile

In order to pass Admin group ID we need to add custom attribute to the user groups. Directory > Profile Editor > Apps > Click on Profile

Next step will be to map it.

Directory > Profile Editor > Apps > Click on Mappings

4. Assign the application to users

Create user groups for two possible access levels: Admin and Read-Only access.

Assign users to it. Group name is the string you need for RBZSSOSAML2_ADMINGROUP or place the group name into the Reblaze console SSO settings.

And in your just-created Application settings:

On the assignment step, a value will be required for the custom attribute which we configured before. For the admin group the value will be same as on RBZSSOSAML2_ADMINGROUP, while for the read-only group value it can be anything else.

5. Get Metadata XML link:

6. Where to get RBZ_SSO_IDP_ISSUER:

Go to Applications, choose yours, Sign On tab, click on View Setup Instructions

There you'll find Identity Provider Issuer:

Set up Microsoft Azure SSO

2. Choose + New Application → + Create your own application:

3. Choose option Integrate any other application you don't find in the gallery (Non-gallery) (this option will create SSO app):

4. Go to Single sign-on section and choose SAML:

5. Set up appropriate links:

RBZ_SSO_IDP_ISSUER should be provided by a customer and have to be unique for the customer’s SSO applications. The best option is to just use something like: customer_domain.com?sso=123. (the IDP Issuer field (in the console) should be identical to the Identifier field (in Azure)and should be inserted without "https://") 6. Get Metadata XML link and add to RBZ_SSO_META_URL environment variable:

7. Setup user.groups in User Attributes & Claims, so it send all groups related to the user:

Click on “+ Add a group claim”, choose:

  • All groups

  • Source attribute: Group ID

8. Add a user as a member of the application:

9. Get admin group ID from Azure and put it into RBZ_SSO_ADMIN_GROUP environment variable: Go to Azure Active Directory → Groups, create a group.

Object ID is the string you need for RBZ_SSO_ADMIN_GROUP or place the group ID into the Reblaze console SSO settings:

And assign a user to the group:

As an alternative, you can also get a QR code for use in apps such as Google Authenticator (available for both and ).

Viewer: can see the section, i.e. the Dashboard and View Log.

Editor: has all Viewer permissions, and can also configure security rulesets and policies in the and sections.

1. Go to , register and create an application:

Add the URL to the XML metadata file to the RBZ_SSO_META_URL env var (and/or for Provider URL field in admin) The URL example:

1. Go to → Enterprise applications

Android
iPhone
Traffic
Security
Settings
Okta
https://vreagles.okta.com/app/exkl1t3p61ek810CP5d6/sso/saml/metadata
Azure Portal
Your account details
Users management
Edit User