> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Account Security Settings

> Set up and manage identity providers for single sign-on (SSO) authentication in Blink.

This guide walks you through the key authentication and identity settings available in the Blink platform. From managing authorized domains and setting up external Identity Providers (IdPs), to configuring role mappings and enforcing SAML policies, each section helps you securely control user access and authentication behavior across your Blink environment. Start by accessing your account's security settings using the steps below.

***

## Access Account Settings

<Steps>
  <Step title="Open Security Settings in Blink">
    Navigate to the security settings on the Blink platform. In the bottom-left corner click on the rounded icon with your initials on it.
  </Step>

  <Step title="View Account Settings Dialog">
    A dialogue box will appear, with your Blink Ops account settings:

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/ZeD68GD0apWa12JT/img/IdentityProviders/account-settings.png?fit=max&auto=format&n=ZeD68GD0apWa12JT&q=85&s=5bd202ba6bf9f467689f9c2fa9d0bb74" width="1726" height="1071" data-path="img/IdentityProviders/account-settings.png" />
    </Frame>
  </Step>

  <Step title="Switch Between Tenants (If Applicable)">
    If you are part of more than one tenant, you have the option to switch between the tenants by selecting the tenant from the dynamic dropdown menu.

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/VXKzhvwYkcutAgt0/img/IdentityProviders/tenant-settings.png?fit=max&auto=format&n=VXKzhvwYkcutAgt0&q=85&s=81560cd03bb4d4937bd8fe2ddb1e831f" width="1728" height="1080" data-path="img/IdentityProviders/tenant-settings.png" />
    </Frame>
  </Step>
</Steps>

***

## Login & Authentication

### Authorized Domains

A comma-separated list of domains allowed for IDP or username/password login. If not populated, any domain will be valid.

<Note> **Note**: SAML authorized domains are configured in a separate section. Navigate [here](#saml-authorized-domains).</Note>

<Frame>
  <img src="https://mintcdn.com/blinkops-2/uK6s_k1ldVGImkyh/img/IdentityProviders/AuthorizedDomains.png?fit=max&auto=format&n=uK6s_k1ldVGImkyh&q=85&s=14f17609b53b36c321a5814aedee39a2" width="1728" height="1083" data-path="img/IdentityProviders/AuthorizedDomains.png" />
</Frame>

***

### Identity Provider

Blink provides the option to configure an external Identity Provider to use within the Blink platform. Any SAML app can be connected to Blink.

Blink provides templates for:

* [Okta](/docs/blink-platform/account-management/identity-providers/okta)
* [Google Workspace](/docs/blink-platform/account-management/identity-providers/google)
* [Azure AD](/docs/blink-platform/account-management/identity-providers/azure)
* [Cloudflare](/docs/blink-platform/account-management/identity-providers/cloudflare)

***

### Role Mapping

Role Mapping is the method by which Blink synchronizes **Identity Providers** to the Blink platform.

Please be aware that configuring **Role Mapping** varies depending on the **Identity Provider** you are using. Therefore, it's crucial to carefully follow the instructions tailored to your chosen **Identity Provider** when setting up **Role Mapping**

<Note>**Note**: When mapping a Blink group to an Identity Provider (IdP), make sure the group is created in Blink before you configure the role mapping in the selected Identity Provider (IdP). Also, the name of the group in Blink must **match exactly** with the name of the group in the Identity Provider.</Note>
<Warning>**IMPORTANT**: Please note that in the **Mapping** section, at least one mapping role must be designated as an **admin** with administrative privileges. Additionally, the user configuring the group must be a part of the group mapped to the **Admin** role. Otherwise you won't be able to operate as an administrator in your account or access and edit the role mapping again.</Warning>

* [Okta Role Mapping-Step 8](/docs/blink-platform/account-management/identity-providers/okta)
* [Google Role Mapping-Step 8](/docs/blink-platform/account-management/identity-providers/google)
* [Azure AD](/docs/blink-platform/account-management/identity-providers/azure)
* [Cloudflare](/docs/blink-platform/account-management/identity-providers/cloudflare)

<Tip> Role mapping rules are evaluated sequentially, the first matching rule determines the user’s assigned role mapping. You can easily adjust the evaluation order by clicking the <Icon icon="grip-dots-vertical" /> icon and dragging each group to your preferred position.  </Tip>

<Frame>
  <img src="https://mintcdn.com/blinkops-2/z6AX_B9pSabFpEOO/img/IdentityProviders/RoleMapping.png?fit=max&auto=format&n=z6AX_B9pSabFpEOO&q=85&s=4baf088bf63bcbdd24181a1756192cfa" width="3456" height="2168" data-path="img/IdentityProviders/RoleMapping.png" />
</Frame>

***

### SAML Authorized Domains

SAML Authorized Domains cannot be populated by the user

Identity providers, for example [Okta](/docs/blink-platform/account-management/identity-providers/okta), do not independently validate domain ownership. As a result, customers requesting domain-related updates will contact Customer Support (CS) for assistance. CS will then verify that the requested domains are legitimately associated with the customer before applying any changes.

This verification step is required to prevent impersonation and ensure that only authorized domains are linked to a customer’s identity provider configuration.

<Frame>
  <img src="https://mintcdn.com/blinkops-2/uK6s_k1ldVGImkyh/img/IdentityProviders/SAMLAuthorizedDomains.png?fit=max&auto=format&n=uK6s_k1ldVGImkyh&q=85&s=ef0bed532d3365b6ab7f8e24eb4a625b" width="1728" height="1081" data-path="img/IdentityProviders/SAMLAuthorizedDomains.png" />
</Frame>

***

### SAML Session Lifetime

Select the duration (in hours or days) a user can remain logged into their account before being automatically logged out and required to log in again.

<Note> The default time out is `30` days. </Note>

<Frame>
  <img src="https://mintcdn.com/blinkops-2/ZeD68GD0apWa12JT/img/IdentityProviders/custom-17.png?fit=max&auto=format&n=ZeD68GD0apWa12JT&q=85&s=9dd4b4e39c673a97edce50fb5a6892e4" width="1728" height="1083" data-path="img/IdentityProviders/custom-17.png" />
</Frame>

***

### SAML Strict Mode

Choose whether you would like to enable **SAML Strict Mode** by checking the box. When enabling **SAML Strict Mode**, all organization users who are not administrators must use **SAML** to sign in to Blink. Admins retain access to alternative sign-in modes for troubleshooting purposes.

<Frame>
  <img src="https://mintcdn.com/blinkops-2/ZeD68GD0apWa12JT/img/IdentityProviders/custom-16.png?fit=max&auto=format&n=ZeD68GD0apWa12JT&q=85&s=bfe3cc8416e185ade5c469237c51483a" width="1728" height="1083" data-path="img/IdentityProviders/custom-16.png" />
</Frame>

***