Manage Groups

As an account administrator, you can create and manage groups, as well as view users associated with each group.

Groups let you manage user access and permissions on the account level and across workspaces. By leveraging Single Sign-On (SSO) with Active Directory (AD) groups, you can automatically assign roles and workspace permissions to users based on their group memberships.

For example, if a user belongs to the AD group retail-team-managers, which is configured to provide access to three workspaces, they automatically receive manager permissions for the provided workspaces.

This feature is only available to a limited subset of Enterprise customers.

Create group

Filter groups

View users

Edit group

Delete group

Overview

BlazeMeter offers Role-Based Access Control (RBAC) through SSO groups (groups). This feature allows organizations to define user roles and workspace permissions directly within their own identity provider (IdP) systems. By mapping these internal groups to corresponding roles and workspaces in BlazeMeter, user access is automatically configured upon login, eliminating the need for manual intervention.

Benefits

  • Centralized user management: Administrators can manage user roles and permissions entirely within their existing IdP, which can help to reduce the need to navigate multiple platforms.

  • Automated access provisioning: New users gain immediate access to the appropriate BlazeMeter resources based on their group memberships, which can help to enhance onboarding efficiency.

  • Security compliance: By leveraging the organization's existing security policies, including multi-factor authentication and audit trails, the integration which can help to ensure consistent enforcement of access controls.

  • Simplified role transitions: Changes in a user's role—such as promotions or department transfers—can be managed by updating group memberships in the IdP, with corresponding permissions in BlazeMeter adjusting automatically.

Workflow

Aligning BlazeMeter groups with IdP groups can help to ensure that user roles and workspace permissions are consistently applied upon login. The following steps are required to enable this integration.

  1. Integration request: Organizations initiate the process by contacting BlazeMeter support (support-blazemeter@perforce.com) to set up SSO integration.

  2. Group configuration: Within the organization's IdP, administrators create groups corresponding to required roles and workspace permissions in BlazeMeter.

  3. Mapping in BlazeMeter: These IdP groups are mapped to specific roles and workspaces within BlazeMeter, establishing the required access controls.

  4. User assignment: Users are added to the appropriate groups in the IdP. Upon logging into BlazeMeter, they receive permissions based on their group memberships, with no additional configuration required within BlazeMeter. SSO groups can help organizations to manage both authentication and authorization through their existing identity management systems, thereby promoting efficiency, security, and user experience.

Prerequisites

  • SSO configuration: Ensure that SSO is configured between your IdP and BlazeMeter. This step involves setting up the necessary SAML attributes and establishing trust between the two systems. For more information, see SAML SSO Integration.

  • Group attribute mapping: Configure your IdP to send group information to BlazeMeter.

  • Groups must exist in both BlazeMeter and the IdP for users to log in. If a group is missing in BlazeMeter, affected users will lose access.

  • If no groups match during login, the user will be removed from all workspaces and permissions.

  • Deleting a group In the IdP does not automatically remove it from BlazeMeter.

  • When a user logs in to BlazeMeter via SSO, BlazeMeter receives the user's group memberships from the IdP. Based on these groups, BlazeMeter assigns the user the predefined account and workspace roles. - If a user belongs to multiple groups, BlazeMeter aggregates the permissions, providing the highest level of access assigned.

Create group

When you add a group, you can assign account roles and workspace permissions.

Steps

  1. In Settings, navigate to Account and click Groups.

  2. Click Add Group.

    The Add Group page appears:

  3. Fill in the following fields:

    • Group ID

      Enter a unique ID that matches the SSO group ID (case-sensitive).

    • Group Name

      Enter a name for the group. The name does not have to match the Group ID.

    • Account roles (optional)

      Assign one or more of the following roles to the group.

      • Standard - Has no permissions in the Account's managerial levels.

        This is the typical end-user role, such as a Tester or Developer.

      • Admin - Same as Standard but can also manage users and workspaces. Limit the number of account admins to those that need to see the activity happening in the account, usually executive-level user.

      • Billing - Can only view or change billing-related settings, for example, credits and servers hours allocations. Typically assigned to users from the Finance Team who need to handle the payment of an account, but do not need access to tests, test results, and so on.

      • User Manager - Can only add or remove users and manage permissions to workspaces. Assigned to someone who handles user management on the account level and does not need access to see all the workspaces, tests, and so on.

  4. In the Workspace section, select one or more workspaces.

  5. Click Assign Roles. You can define the following roles for the selected workspaces:

    • Viewer - Can only view reports, cannot run or edit tests. This role is typically assigned to users on the executive level, for example, managers or directors.

    • Tester - Can create, edit, delete, and run tests and reports, manage projects, and handle APM credentials. Additionally, can view private locations, dedicated IPs, and usage reports. This is the typical role for end users such as testers or developers.

    • Manager - Same access as a tester but can also add or remove members from the Workspace, can create or delete alerts, and can create, edit, or delete Private Locations. This role is typically assigned to a scrum lead or manager that is responsible for everything that falls under that workspace, including the handling of private locations.

    You can select other workspaces and define different sets of roles. You can assign multiple roles to a group for the same account or workspace.

  6. Click Add.

The new group is added to the Groups list.

In your IdP, add users to the relevant groups that correspond to the BlazeMeter groups you've created. Ensure that the group attribute is correctly configured to include these groups when users authenticate.

Filter groups

To filter your groups, you select what you would like to filter by: Group Name, Account Roles, or Workspace Permissions.

View users

To open the list of group users:

In the Groups list, select the view users icon for the required group.

The users list opens:

Edit group

Changes to groups only affect the group definitions in BlazeMeter, not in the IdP.

In the Groups list, select the edit icon for the required group.

The Edit Group screen opens.

You can change any of the settings. For more information, see Create group

When you have finished making changes, click Save.

Delete group

Removing a group does not affect the group definitions in the IdP.

In the Groups list, select the delete icon for the required group.

Manage User Access

Add users

To grant a user access to BlazeMeter with specific permissions, add the user to the appropriate group(s) in your IdP. Upon their next login, BlazeMeter will automatically assign the corresponding roles and workspace access.

Remove users

To revoke a user's access, remove the user from the relevant group(s) in your IdP. The next time the user attempts to log in, they will no longer have the associated permissions or access in BlazeMeter.

Transition Period for Existing Users

Upon enabling SSO-based permissions, there is a transition period during which:

  • Existing users: Users who previously had access through BlazeMeter's legacy permissions system will retain their current roles until they log in through SSO. You can continue to change their roles in the BlazeMeter user interface.

  • New users: Users logging in for the first time through SSO will receive permissions based solely on their IdP group memberships. You cannot change their roles through the BlazeMeter user interface.

During this period, you must ensure that all users are assigned to the correct groups in your IdP to maintain appropriate access levels in BlazeMeter.

Account users

To view account users SSO-related roles, in Settings, navigate to Account and click Users. The user list opens. There are two columns that show SSO-related roles:

  • Group-Based Roles - Displays the account role assigned through group-based (RBAC) SSO permissions.

  • Basic SSO Roles - Displays the account role assigned through basic (legacy) SSO settings.

Workspace members

To view account users SSO-related roles, in Settings, navigate to Workspace and click Members. The user list opens. There are two columns that show SSO-related roles:

  • Group-Based Roles - Displays the account role assigned through group-based (RBAC) SSO permissions.

  • Basic SSO Roles - Displays the account role assigned through basic (legacy) SSO settings.