This article will review Basic Authorization, Single Sign-On (SSO), and External User login related to Status Pages. These three techniques can be used to secure your Uptime.com Status Page. This tutorial branches off from generally setting up your status page, and is best followed after you have familiarity with the Status Page Forms & Fields.
Table of Contents
Basic Authorization
Every account tier can utilize Basic Authorization to secure a status page. If you would like to share your status page with colleagues or clients without having it freely available for anyone surfing the web this may be your best solution. Click Status Pages > All Status Pages. Locate your status page in the list and click its name to enter the Manage view. Alternatively, click More Actions > Manage Page:
Under the General tab, ensure that the Public visibility level is selected. Basic authorization is only available for status pages at this visibility level.
Under Advanced Settings in the General tab, locate the Password Protection option and click to enable. The Username and Password fields appear:
Confirm the Public URL is in place (CNAME is also possible), and then provide a username and password and click Save Changes:
Users who visit your Status Page will be prompted to enter the Basic Authorization Username and Password you configured:
Please note: the exact appearance of the login window for Basic Authorization may vary by browser.
Status Page Access for External Users
It is possible to secure a publicly available status page and manage the user base that has access, unlike the general basic auth mentioned at the start of this document. There are two methods of access: via Single-Sign On (SSO), or via username and password from the Uptime.com login portal (External Users). To secure your page to these users, SSO must be enabled on your account.
Click Status Pages > All Status Pages. Locate your status page in the list and click its name to enter the Manage view. Alternatively, click More Actions > Manage Page:
In the Manage view, navigate to the General tab and select Private for the Visibility Level. Only status pages set to Private have the SSO and External Users tabs:
Please note: SSO must be enabled on your Uptime.com account for these settings to be available.
Accessing Status Pages via SSO
For accounts with SSO enabled, status pages can be configured for an Identity Provider (IdP) application to grant non-Uptime account users access via SAML Single Sign-On (SSO).
To start, follow the instructions from the previous section to set Visibility Level to Private, save the changes, then refresh the page and click the SSO tab.
This displays relevant information and URLs for configuring SSO with your identity provider:
This part of the tutorial expects that you have read and are familiar with SSO Troubleshooting and Basics, and perhaps have even configured SSO for your primary account.
You will need to add a new SSO application in your Identity Provider specifically for your Status Page viewers.
Users will login to the status page via the IdP, or via the WAYfless URL if testing the connection.
Granting Access to External Users
Login access to a protected Status Page can also be granted by an email invite to create an Uptime.com status page login. This will only grant access to this specific Status Page, and this user will not be able to view any other part of the larger Uptime.com account.
Before creating your first user you must ensure under the General tab that the status page has its visibility level set to Private. Once this is confirmed, you may start to invite your users.
To invite an external user, navigate to the External Users tab in the Manage Status Page view. Click + New External User to invite the user by name and email address:
Please note: if a user should have access to multiple status pages, it will be necessary to invite them to each status page individually through the Add External Account User form.
Below is an example of the invitation email the external user will receive to create their login credentials:
Managing SSO and External User Access
Disabling SAML SSO
SSO access for the entire Status Page can be removed at any time using the Disable SAML SSO button , located at the bottom of the SSO tab.
Please note: this button will remove the SAML SSO settings for the entire Status Page. It is recommended to remove a specific user via your IdP or user management system.
There will be a confirmation message pop-up to finalize the removal of the SAML SSO integration.
Once disabled, a banner at the top of the screen will confirm that the SAML SSO settings have been cleared.
Deactivating External Users
To deactivate (not delete) an External User, navigate to the External Users tab Click More Actions > Deactivate next to the user’s name and email:
The user will remain visible in the External Users tab, with an X marking them as Inactive. Deactivated users are not completely removed from the Status Page, but will be unable to access it while they are in the deactivated state.
To reactivate an Inactive user, click More Actions > Reactivate:
Deleting External Users
Users with the necessary permissions can delete current external users. Click More Actions > Delete to delete a user from the status page as opposed to being “Inactive”. Once users are deleted, they will no longer be able to access the page and will be removed from the External Users list.
Reset Password
As a user with the permission to access the status page that has the visibility set to Private, there is an option to reset the users’ password by selecting More Options > Reset Password.
Public status page users also have the option to reset passwords using the Forgotten Password link on the status page login screen.
Final Thoughts
Status Pages are vital sources of information, and it may be necessary to protect their access. Public Status Pages at Uptime.com can be secured in three ways: Basic Authorization, Single Sign-On (SSO), or External User login. If you need assistance with any stage of this process, don't hesitate to reach out to support@uptime.com for help!
Comments
0 comments