This article will review Basic Authorization, Single Sign-On (SSO), and External User login related to Status Pages. These three techniques can be used to secure your Uptime.com Status Page. This tutorial branches off from generally setting up your status page, and is best followed after you have familiarity with the Status Page Forms & Fields.
Table of Contents
Basic Authorization
Every account tier can utilize Basic Authorization to secure a status page. If you would like to share your status page with colleagues or clients without having it freely available for anyone surfing the web, this may be your best solution.
First, locate your status page and click the Edit Public Page icon:
Next, click the Settings icon followed by Settings:
In the Settings dialog box, set the Visibility Level to Public:
Confirm the URL Slug is in place (CNAME is also possible), and then provide a username and password:
Click the Save button once you have completed these required steps.
Users who visit your Status Page will be prompted to enter the Basic Authorization Username and Password you configured:
Please note: the exact appearance of the login window for the Basic Authorization may vary by browser.
Status Page Access for External Users
It is possible to secure a publicly available status page and manage the user base that has access, unlike the general basic auth mentioned at the start of this document. There are two methods of access management: via username and password from the Uptime.com login portal (External Users), or via an external SAML Single Sign-On (SSO) Identity Provider.
First, locate your status page and click the Edit Public Page icon:
Next, click the Settings cog icon, then Settings.
Then, click the Visibility Level drop down and select External Users.
This will refresh your screen, and there will be new tabs visible in the Settings page: SSO (if enabled) and External Users.
Accessing Status Pages via SSO
For accounts with SSO enabled, status pages can be configured for an Identity Provider (IdP) application to grant non-Uptime account users access via SAML Single Sign-On (SSO).
To start, follow from the instructions from the previous section to set Visibility Level to External Users, and then refresh the page and click the SSO tab.
This part of the tutorial expects that you have read and are familiar with SSO Troubleshooting and Basics, and perhaps have even configured SSO for your primary account.
You will need to add a new SAML SSO application in your Identity Provider specifically for your Status Page viewers.
Users will login to the status page via the IdP, or via the WAYfless URL if testing the connection.
Please note: this feature may not be available in all account tiers. If you do not find these SSO settings in your status page please reach out to support@uptime.com.
Granting Access to External Users
Login access to a protected Status Page can also be granted by an email invite to create an Uptime.com status page login. This will only grant access to this specific Status Page, and this user will not be able to view any other part of the wider Uptime.com account.
To invite an external user, go to the External User tab in the status page’s Settings, and invite the user by email.
Please note: To add the same user to another status page, you will need to navigate to the secondary status page settings and repeat the process.
Below is an example of the invitation email the external user will receive to create their login credentials:
Please note: A base quota of user seats are provisioned based on subscription level. If you need more user seats for External User access to a Status Page, they can be purchased in bundles of 50 from the self-service subscription tool (Billing > Upgrade).
For assistance with this, please contact support@uptime.com.
Managing SSO and External User Access
Disabling SAML SSO
SSO access for the entire Status Page can be removed at any time using the Disable SAML SSO button, located at the bottom of the SSO tab.
Please note: this button will remove the SAML SSO settings for the entire Status Page. It is recommended to remove a specific user via your IdP or user management system before disabling the entire SAML SSO integration.
There will be a confirmation message pop-up to finalize the removal of the SAML SSO integration.
Once disabled, a banner at the top of the screen will confirm that the SAML SSO settings have been removed.
Removing External Users
To remove an External User, go to the External Users tab, then press the Actions > Deactivate button to remove the External User.
The user will remain visible in the External Users tab, with an X marking them as Inactive.
To Reactivate an Inactive user, press Actions > Reactivate.
Deleting External Users
Users with the necessary permissions can delete current external users. Click Actions > Delete User to delete a user from the status page as opposed to being “Inactive”.
Reset Password
As a user with the permission to access the status page that has the visibility set to external users, there is an option to reset the users’ password by selecting Actions > Reset Password.
Also, public status page users can also have the option to reset the password, from the Forgotten Password link, from the status page login screen.
Final Thoughts
Status Pages are vital sources of information, and it may be necessary to protect their access. Public Status Pages at Uptime.com can be secured in three ways: Basic Authorization, Single Sign-On (SSO), or External User login. If you need assistance with any stage of this process, don't hesitate to reach out to support@uptime.com for help!
Comments
0 comments