Manage Single Sign-On

Single Sign-On is a tool for BlazeMeter enterprise customers who want to be able to manage their BlazeMeter users in one place, in their own security system.

Contact BlazeMeter support if you are interested in setting this up.

What is Single-Sig-On?

As the admin of an enterprise that uses BlazeMeter, you want your users to be redirected to your own authentication system. This way, you control who of your employees can access the BlazeMeter API by configuring authentication groups. This is useful, for example, every time when employees join or leave, or when a tester is promoted to manager, and so on, because you can easily change, activate, or deactivate their access through your own groups.

Setting Up Sign-On for BlazeMeter

You can use the BlazeMeter API to query existing users and permissions to determine which groups to set up in Okta.

Configure your IAM

First, configure your identity and access management, for example, Okta, Azure, or Keycloak.

In Okta:

  1. Under Directory > Groups, add a group and assign users to it. For example, viewers, testers, admins. Remember the group identifier.

  2. Under Applications > Applications, select an application, and assign the group to it.

  3. Under SAML Settings > General, enter the Auth Server URLs provided by BlazeMeter Support.

  4. Under SAML Settings > Group Attribute Statements, add your BlazeMeter groups attribute. Optionally, define a group name filter.

In KeyCloak:

  1. Go to Identity Providers > Settings.

  2. Under SAML Settings, enter the Service Provider URL provided by BlazeMeter Support.

  3. Under Mappers, where you define name and email attributes, add your BlazeMeter groups attribute.

Configure your BlazeMeter account

Log on to BlazeMeter as Account Admin.

  1. Click the Cog icon at the top right of the BlazeMeter UI to open the Settings.

  2. Go to System Admin > Accounts and open the Features section

  3. Select Enable SSO Based Permissions (enableSSOBAsedPermissions).

Next, create groups in BlazeMeter that correspond to your Okta groups.

  1. Go to Account > Groups.

  2. Click Add Group .

    • As Group ID, enter the same group identifier as you have defined in your SSO system. Case sensitive.

    • Enter a Group Name of your choice.

    • Select Account Roles, such as standard, billing, account-usr-manager, or account-admin.

    • Select Workspaces that this group can access.

    • For each workspace, select the checkbox and click Assign Roles and select manager, viewer, or tester.

  3. Click Add and confirm.

Single Sign-On Settings Summary

In BlazeMeter, under Account > Groups, System Admins create and manage groups. Here you can:

  • Manage Account Roles of the groups

  • Manage Workspaces Permissions of the groups

  • Manage BlazeMeter Group ID - The Group ID must be the same as in Okta!

  • Group Name - The display name can be anything that helps your user understand the purpose of the group

  • View users from Okta that are mapped to this BlazeMeter group and who have logged in.

Under Account > Groups, Account Managers manage groups.

Under Account > Users, Account Managers view users and roles.

  • User ID and email

  • Full Name

  • Last Access date

  • User access is enabled or disabled

  • Account Roles - merged permissions from group-based and legacy roles

  • Group-Based Roles - new group-bases roles

  • Basic SSO Roles - legacy roles for users that were created before SSO was enabled, or that have not logged in since SSO was enabled.

Here, the BlazeMeter Account Manager can also edit the roles of users that are not assigned to an SSO Group. After a user's roles are managed by SSO, their roles cannot be changed in BlazeMeter anymore.

Transition to SSO

Make sure you assign all of your users to SSO groups. During the transition to SSO, an account admin can track users and their Basic SSO Roles in BlazeMeter under Settings > Account > Users.

If an existing BlazeMeter user is not assigned to an SSO group yet, they retain their legacy permissions until they are assigned to an SSO group.

If a user uses SSO to log in to BlazeMeter for the first time and gets a dialog saying, "You don't have permissions to the account", ensure that the user is a member of an SSO group that has a corresponding group in BlazeMeter.