Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through the key authentication and identity settings available in the Blink platform. From managing authorized domains and setting up external Identity Providers (IdPs), to configuring role mappings and enforcing SAML policies, each section helps you securely control user access and authentication behavior across your Blink environment. Start by accessing your account’s security settings using the steps below.

Access Account Settings

1

Open Security Settings in Blink

Navigate to the security settings on the Blink platform. In the bottom-left corner click on the rounded icon with your initials on it.
2

View Account Settings Dialog

A dialogue box will appear, with your Blink Ops account settings:
3

Switch Between Tenants (If Applicable)

If you are part of more than one tenant, you have the option to switch between the tenants by selecting the tenant from the dynamic dropdown menu.

Login & Authentication

Authorized Domains

A comma-separated list of domains allowed for IDP or username/password login. If not populated, any domain will be valid.
Note: SAML authorized domains are configured in a separate section. Navigate here.

Identity Provider

Blink provides the option to configure an external Identity Provider to use within the Blink platform. Any SAML app can be connected to Blink. Blink provides templates for:

Role Mapping

Role Mapping is the method by which Blink synchronizes Identity Providers to the Blink platform. Please be aware that configuring Role Mapping varies depending on the Identity Provider you are using. Therefore, it’s crucial to carefully follow the instructions tailored to your chosen Identity Provider when setting up Role Mapping
Note: When mapping a Blink group to an Identity Provider (IdP), make sure the group is created in Blink before you configure the role mapping in the selected Identity Provider (IdP). Also, the name of the group in Blink must match exactly with the name of the group in the Identity Provider.
IMPORTANT: Please note that in the Mapping section, at least one mapping role must be designated as an admin with administrative privileges. Additionally, the user configuring the group must be a part of the group mapped to the Admin role. Otherwise you won’t be able to operate as an administrator in your account or access and edit the role mapping again.
Role mapping rules are evaluated sequentially, the first matching rule determines the user’s assigned role mapping. You can easily adjust the evaluation order by clicking the icon and dragging each group to your preferred position.

SAML Authorized Domains

SAML Authorized Domains cannot be populated by the user Identity providers, for example Okta, do not independently validate domain ownership. As a result, customers requesting domain-related updates will contact Customer Support (CS) for assistance. CS will then verify that the requested domains are legitimately associated with the customer before applying any changes. This verification step is required to prevent impersonation and ensure that only authorized domains are linked to a customer’s identity provider configuration.

SAML Session Lifetime

Select the duration (in hours or days) a user can remain logged into their account before being automatically logged out and required to log in again.
The default time out is 30 days.

SAML Strict Mode

Choose whether you would like to enable SAML Strict Mode by checking the box. When enabling SAML Strict Mode, all organization users who are not administrators must use SAML to sign in to Blink. Admins retain access to alternative sign-in modes for troubleshooting purposes.