# Account
The Account Settings page allows you to manage your Reblaze user accounts.
## **Tab: Your account details**
### Basic account settings
From this tab, you can reset your password, name, and phone number.
### Settings for OTPs (One Time Passwords)
Reblaze uses 2FA (two factor authentication). There are several options for sending an OTP when you login:
* If only an email address is provided, the OTP will be sent via email.
* If a phone number is provided, the OTP will be sent over SMS message.
* As an alternative, you can also get a QR code for use in apps such as Google Authenticator (available for both [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) and [iPhone](https://itunes.apple.com/il/app/google-authenticator/id388497605)).
### API Key
This tab also offers a personal API key, to be used in all requests to the Reblaze API.
## Tab: Users management
This tab allows you to manage users that are attached to your organization. It is only available to users with administrator permissions.
### Administration
An admin can:
* Create a new user
* Edit an existing user
* Reset a user's password
* Delete a user
When a user account is being edited, this will appear:
The available Access Levels are:
* *Viewer*: can see the [Traffic](/v2.20.2/product-walkthrough/reblaze-traffic.md) section, i.e. the Dashboard and View Log.
* *Editor*: has all Viewer permissions, and can also configure security rulesets and policies in the [Security](/v2.20.2/product-walkthrough/security.md) and [Settings](/v2.20.2/product-walkthrough/settings.md) sections.
* *Organization Admin*: has all Editor permissions, and can also manage users via the Users Management page.
* *Reblaze Admin*: has all Organization Admin permissions, and can also edit and view the Notes, Init and Run pages.
## **Tab: Single sign on configuration**
This tab allows SSO to be configured so that users have the ability to log into Reblaze with their **Okta** or **Microsoft** accounts.
Configuration options will vary depending on the type of account.
### Set up Okta SSO
#### **1. Go to** [**Okta**](https://www.okta.com/)**, register and create an application:**
Go to `https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active`
Click `Add Application` → `Create New App`
Choose `Platform: Web`, `Sign on method: SAML 2.0`
#### **2. Name it, setup links and attributes:**
*Single sign on URL*:
`RBZ_SSO_ASSERTION_URL` env var. Value should look like: `https://{CUSTOMER_DOMAIN}/sso/saml20/signon`.
*Audience URI (SP Entity ID)*:
`RBZ_SSO_AUDIENCE_URL` env var. Value should look like: `https://{CUSTOMER_DOMAIN}/sso/saml20/audience`
*Attribute Statements:*
emailaddress: `user.email`
displayname: `user.firstName + " " + user.lastName`
groups: `appuser.rbzgroups`
#### **3. Custom User profile**
In order to pass Admin group ID we need to add custom attribute to the user groups.\
Directory > Profile Editor > Apps > Click on Profile
Next step will be to map it.
Directory > Profile Editor > Apps > Click on Mappings
**4. Assign the application to users**
Create user groups for two possible access levels: Admin and Read-Only access.
Assign users to it. Group name is the string you need for `RBZSSOSAML2_ADMINGROUP` or place the group name into the Reblaze console SSO settings.
And in your just-created Application settings:
On the assignment step, a value will be required for the custom attribute which we configured before. For the admin group the value will be same as on `RBZSSOSAML2_ADMINGROUP`, while for the read-only group value it can be anything else.
#### **5. Get Metadata XML link:**
Add the **URL** to the XML metadata file to the `RBZ_SSO_META_URL` env var (and/or for Provider URL field in admin)\
The URL example:
\
#### **6. Where to get** `RBZ_SSO_IDP_ISSUER`**:**
Go to Applications, choose yours, `Sign On` tab, click on `View Setup Instructions`
There you'll find Identity Provider Issuer:
### Set up Microsoft Azure SSO
**1. Go to** [**Azure Portal**](https://azure.microsoft.com/en-us/account/) **→** `Enterprise applications`
**2. Choose** `+ New Application` **→** `+ Create your own application`**:**
**3. Choose option** `Integrate any other application you don't find in the gallery (Non-gallery)` **(this option will create SSO app):**
**4. Go to** `Single sign-on` **section and choose** `SAML`**:**
**5. Set up appropriate links:**
`RBZ_SSO_IDP_ISSUER` should be provided by a customer and have to be unique for the customer’s SSO applications. The best option is to just use something like: `https://customer_domain.com?sso=123`. (the **IDP** **Issuer** field (in the console) should be identical to the **Identifier** field (in Azure))\
\
**6. Get Metadata XML link and add to** `RBZ_SSO_META_URL` **environment variable:**
**7. Setup** `user.groups` **in User Attributes & Claims, so it send all groups related to the user:**
\
Click on “+ **Add a group claim”,** choose:
* **All groups**
* Source attribute: **Group ID**
**8. Add a user as a member of the application:**
**9. Get admin group ID from Azure and put it into** `RBZ_SSO_ADMIN_GROUP` **environment variable:**\
Go to `Azure Active Directory` → `Groups`, create a group.
`Object ID` is the string you need for `RBZ_SSO_ADMIN_GROUP` or place the group ID into the Reblaze console SSO settings:
And assign a user to the group:
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://waap.docs.link11.com/v2.20.2/product-walkthrough/settings/account.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.