Changing user settings
The Account Settings page allows you to manage your Reblaze user accounts.
From this tab, you can reset your password, name, and phone number.
Reblaze uses 2FA (two factor authentication). There are several options for sending an OTP when you login:
If only an email address is provided, the OTP will be sent via email.
If a phone number is provided, the OTP will be sent over SMS message.
As an alternative, you can also get a QR code for use in apps such as Google Authenticator (available for both and ).
This tab also offers a personal API key, to be used in all requests to the Reblaze API.
This tab allows you to manage users that are attached to your organization. It is only available to users with administrator permissions.
An admin can:
Create a new user
Edit an existing user
Reset a user's password
Delete a user
When a user account is being edited, this will appear:
The available Access Levels are:
Viewer: can see the section, i.e. the Dashboard and View Log.
Editor: has all Viewer permissions, and can also configure security rulesets and policies in the and sections.
Organization Admin: has all Editor permissions, and can also manage users via the Users Management page.
This tab allows SSO to be configured so that users have the ability to log into Reblaze with their Okta or Microsoft Azure accounts.
Configuration options will vary depending on the type of account.
Go to . At the top of the page, click "Try Okta", register and create an application:
Go to https://{YOUR ACCOUNT}-admin.okta.com/admin/apps/active
Click Add Application → Create New App
Choose Platform: Web and
Give your app a name and click Next:
Now, configure the SAML integration, as shown in the screen below.
In the Single sign-on URL field, enter the URL in the following format:
https://{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/signon
In the Audience URI field, enter the URI in the following format:
https://{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/audience
[Obtain Reblaze Console Domain URL from the Reblaze Log In.]
Next, scroll down to the Attribute Statements (optional) section.
In the Name column, write emailaddress; in the Value column, write user.email
Click Add Another.
The screen shown below will appear. Select I'm an Okta customer adding an internal app, then click Finish at the bottom of the screen.
Next, the Reblaze Admin group ID must be configured.
On the left side of the Okta screen, under Directory, go to Profile Editor . The screen below will appear.
In the Users tab, select Apps.
Scroll down and in the list of Profiles, locate and then click {$APP_NAME} User, where {$APP_NAME} is the name you assigned to your app earlier.
The following screen will appear. Under Attributes, click + Add Attribute.
An Add Attribute window will appear. Complete the fields as shown below, then click Save.
The next step is mapping. Return to the Profile Editor screen, and click on the Mappings tab.
The window below will appear.
Fill in the top field with appuser.rbzgroups. Click the arrow to the right of the field, and select the first option.
At the bottom of the window, click Save Mappings, then click Apply updates now.
Create user groups for two possible access levels: Admin and Read-Only access.
On the Okta menu on the left side of the screen:
Under Directory, select Groups.
A Groups screen appears; go to Add Group. Add a group named reblazeadmin.
The following window will open. Select reblazeadmin, and click Assign.
The following window will open. Fill in the field as below, then click Save and Go Back. This will bring you back to the previous window (above), where you click Done.
Next, back at the app window, select the Sign On tab. In the window that appears, scroll down until the SAML Signing Certificates section. On the right hand side, click View SAML setup instructions.
This leads to the How to Configure SAML 2.0 for {$APP_NAME} Application page. You will use the information here in the next step.
At this point, you must log into the Reblaze console. Go to your Reblaze Log In screen and complete all the fields, including the MFA PIN you will receive. Click Log In.
This will bring you to the Reblaze console.
From the menu on the left, under Settings select Account. Your Account page will open. Click the Single sign on configuration tab.
In the window that appears, select Enabled.
Copy the url from the Identity Provider Single Sign-On URL, and paste it into the Reblaze Provider URL field.
The following revisions must be made to the URL:
Delete the following segment, highlighted in blue, from the URL you copied:
4. Fill in the name of the Admin Group (i.e., reblazeadmin).
5. Fill in the URL for the IDP Issuer field. To obtain the URL:
6. Return to the How to Configure SAML 2.0 for {$APP_NAME} Application page.
7. Copy the URL from the Identity Provider Issuer field.
8. Paste it into the Reblaze IDP Issuer field.
9. Ignore the Audience URL and Assertion URL fields (they should be disabled automatically).
10. Click Save. This will restart the console service.
On the Reblaze Log In page there will now be an additional button: SSO Login. Click to log into the Reblaze console.
Go to to sign in.
You will be redirected to the Default Directory page. From the side menu, select Enterprise applications.
Choose + New Application , as shown below.
In the screen below, choose + Create your own application .
Then, from the drop-down that appears, give your app a name and choose Integrate any other application you don't find in the gallery (Non-gallery). Click Create.
On the next screen that appears, from the left menu, select Single sign-on, then choose SAML:
The screen below will appear. Click Edit in the first block (Basic SAML Configuration) on the left.
On the right, enter values for the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields:
The Identifier (Entity ID) should be provided by the customer. It must be unique for the customer’s SSO applications. The best option is to use something like: customer_domain.com?sso=123. Note that this should not contain the "https://" prefix. Also note that this value will be entered into the IDP Issuer field in the Reblaze console.
The Reply URL (Assertion Consumer Service URL) should be: https://{REBLAZE_CONSOLE_DOMAIN}/sso/saml20/signon, where the {REBLAZE_CONSOLE_DOMAIN} can be obtained from the Reblaze Log In.
Click Save (at the top).
Copy the App Federation Metadata URL and save it for later. This will be used as the Provider URL value in the Reblaze console.
user.groups in Attributes & Claims.In the second block of the screen below, click Edit.
The screen below will appear. Select + Add a group claim.
From the drop down that appears on the right:
Choose All groups
Choose Source attribute:Group ID
Click Save
The following screen will appear.
Return to the Enterprise Application screen. From the left menu, click Users and Groups.
Click the + Add users/groups tab. Add users to the application by searching for a display name or through application registration.
Go to Azure Active Directory → Groups, and create a group by clicking on the New Group tab.
Copy the Object ID and save it for later use. It will be the value for the Admin Group field in the Reblaze console.
Click on the hyperlinked group name (ReblazeAdmin); the screen below will appear. Select Members from the left menu.
Assign a user to the group:
Go to the Reblaze console and sign in.
In the left menu, under Settings, select Account. When the screen below appears, click on the Single sign on configuration tab; set the Enabled checkbox.
For the remaining fields:
Set Provider to Microsoft.
Set the Provider URL to the value obtained in Step 4 (the App Federation Metadata URL).
After the fields are filled in, click Save.
Reblaze Admin: has all Organization Admin permissions, and can also edit and view the Notes, Init and Run pages.
Sign on method: SAML 2.0In the Name column, write displayname; in the Value column, write user.firstName + " " + user.lastName
Click Add Another.
In the Name column, write groups; in the Value column, write appuser.rbzgroups
Scroll down, click Preview the SAML Assertion, then click Next.
From the left-hand menu, under Applications, select Applications.
An Applications screen will appear. Click your app's name. The screen shown below will open.
In the Assignments tab, click the Assign dropdown and select Assign to Groups, as below.
Provider URL field, return to the Okta How to Configure SAML 2.0 for {$APP_NAME} Application page. dev-7889665_mynewapp_1/Now, add the suffix metadata to the end of the URL (after the segment ending: saml/).
Admin Group to the value obtained in Step 7 (the Object ID). Ignore the remaining fields. (IDP Issuer should have been set automatically, while Audience URL and Assertion URL should have been disabled.)
