MENU
    Search... Close
    View All Essentials
    Account Settings

    Account Settings

    From the audit log to branding options and security preferences, Account Settings is where you will find the information that will help you choose options that are the best fit for your needs.

    Audit Log

    Accessible through Settings, the Audit Log shows a full history of user activities on the Infobip web interface and allows for faster issues resolution. This industry standard comes in handy when you need to troubleshoot or investigate an event. Events are grouped by Account, Username, IP Address, and Description, and they can be filtered by range (last 15 minutes, today, yesterday, this week, etc.), specific date and time.

     The benefits of Audit Log:

    • Full transparency on what has happened on the account and when.
    • The basis for an even more proactive approach to anomalies related to actions on your account, with an aim to prevent hacking.
    • Perform the events auditing on your own, without having to reach out to the Infobip Support.

    This feature will be available for all users with the Account Manager role. If a user does not see the Audit Log, they can contact their Account Manager.

    audit log on user interface

    Audit Log Events

    Item Action Event description
    2FA Enable Two-factor authentication enabled for all users. Enabling two-factor authentication failed.
    Disable Two-factor authentication enabled for all users. Disabling two-factor authentication failed.
    Update Two-factor authentication settings updated. Two-factor authentication settings update failed.
    Account Update

    Account login options updated / failed.
    Account security options updated / failed.
    Language successfully changed / failed.
    Host name set / failed.
    Color scheme set / failed.
    Logo updated / failed.
    API key Create / Generate API key generated (name, valid from) / generation failed.
    Update API key updated (name, expiration).
    Automatic Payment Activation Automatic payments changed (min. Balance, currency).
    Change

    Automatic payments changed (min. Balance, currency)
    Automatic payments deactivated
    Successful Automatic payment completed.
    Unsuccessful Automatic payment failed.
    Billing address Successful Billing address changed (name, full billing address).
    Blocklist Import Blacklist import from the file completed.
    Add Number / Email added to a blocklist.
    Delete Number / Email deleted from a blocklist.
    Export Blocklist export completed.
    Campaign Update Campaign updated.
    Communication Create Flow created / failed.
    Broadcast created / failed.
    Launch Flow launched.
    Delete Flow deleted / deletion failed.
    Cancel Flow canceled / canceling failed.
    Broadcast canceled / canceling failed.
    Finish Flow finished / finishing failed.
    Broadcast finished / finishing failed.
    Duplicate Flow duplicated.
    Broadcast duplicated.
    Update Flow updated.
    Broadcast updated.
    Create version Flow version created.
    Delete version Flow version deleted.
    Launch version Flow version launched.
    Stop version Flow version stopped.
    Schedule Flow version scheduled.
    Change Flow name changed.
    Broadcast name changed.
    Company Add Company added.
    Delete Company deleted.
    CustomField Add  Custom field added.
    Delete Custom field deleted.
    Domain Create Domain created by the user.
    Delete Domain deleted by the user.
    Export configuration Update Export configuration created.
    Create Export configuration created.
    Delete Export configuration deleted.
    Forms Create Forms created.
    Download Forms downloaded.
    Duplicate Forms duplicated.
    Update Forms updated.
    Keyword Create Keyword created on a mobile number.
    Delete Keyword deleted on a mobile number.
    Change Keyword changed on a mobile number.
    Mobile Application Create Mobile Application has been created.
    Delete Mobile Application has been deleted.
    Update Mobile Application has been updated.
    Mobile Demo Application Invite to Mobile Demo Application Mobile Demo Application has been shared.
    Create Mobile Demo Application has been created.
    Number Buy Number bought.
    Delete Number deleted.
    One-time payment Successful Payment successfully completed (currency).
    Unsuccessful Payment failed (currency).
    Password Restore Reset forgot password email sent.
    Reset forgot password email sending failed.
    Updated Password updated.
    Update Password for user restored. Password for user failed.
    Person Import People import from CSV completed / failed (file name).
    Merge People merged.
    Export People exported to the CSV completed (file name).
    People exported to the CSV failed (file name).
    Price Update Price updated.
    Report Request Report requested. Report request failed.
    Create Report generated (report name / type).
    Report generation failed (name/type).
    Download Report downloaded. Report download failed.
    Delete Report deleted. Report deletion failed.
    Search Export Logs export to file completed. Logs export to file failed.
    Segment Create Segment created.
    Delete Segment deleted.
    Update Segment updated.
    Tag Create Tag created.
    Delete Tag deleted.
    Remove Tad removed.
    Update Tag updated.
    Assign Tag assigned.
    Team Create Group created. Group creation failed.
    Delete Group deleted. Group deletion failed.
    Update Group updated. Group update failed.
    Template Create Channel template created. Flow template created.
    Duplicate Channel template duplicated.
    Delete Channel template deleted.
    URL Sent Email with password sent to user. Email with password sending failed.
    User Create User created. User creation failed.
    Update User updated. User update failed.
    Disable User disabled. Disabling user failed.
    Enable User enabled. Enabling user failed.
    Update User changed email address.
    Email address change update failed.
    Mobile number verified for user.
    Mobile number verification for user failed.
    Accept User accepted.
    Login User logged in (name, email)
    Logout User logged out (name, email)
    Lock User locked. User locking failed.
    Unlock User unlocked. User unlocking failed.
    Verify User verified.
    Website Create Website created.
    Update Website updated.
    Delete Website deleted.

    Branding Settings

    The Branding Settings are your path to a customized account - both on the inside and the outside.

    To change your settings, navigate to your user profile and click Settings > My Account >  and scroll to Customize.

    You have two options for customization:

    • Customize your account
    • Customize the login page

    To only customize the account, all you need to do is set the language, theme, and upload a logo to fit your corporate visual identity. Make sure that the logo you're uploading is not larger than 150x150px, otherwise, you will get an error saying the image cannot be uploaded.

    Essentials - Customize branding settings
    To customize the login page as well, you need to enter the hostname URL and a logo. The hostname will be used as a web interface URL for your account.

    Your logo will appear on the login page wherever you are using the custom login page URL.

    login page on user platform

    Security Settings

    We believe security should be everyone`s priority! Needless to say, we have put a lot of thought into Security Settings.

    The Security Settings were created to manage the security levels for account access, and they involve several features.

    1. User Password Policies

    The first feature, User Password Policies (below), is where you have an opportunity to define the user activity details and password security values for your account.

    account security in settings

    2. Two Factor Authentication

    The second security feature, two-factor authentication (2FA), can be enabled at once for all the account users. As a result, the users will have to enter the verification code when logging in. They can choose between two login functionalities - Remember or On each login.  

    Remember is for user devices that have been verified. Once the device has been verified, the user will not be required to go through the identity verification process on the same device.

    On each login means that the user will be required to go through the 2FA process every time they want to log in to the web interface.

    2FA in settings

    3. API Keys

    API Keys page offers a quick way to create an API key through UI and start developing without delay.

    api keys for managing accounts

    The types of permissions you can select when creating an API key:

    PUBLIC API. Provides access to all API calls.

    2FA. Access only to 2FA methods.

    WEB SDK. Access to Web JS SDK to work with People.

    web sdk permissions for api key

    Configure Single Sign-On (SSO)

    Single Sign-On (SSO) is an authentication process where a single set of credentials can be used to log into different applications. Infobip supports SSO integration for any Identity Provider that is based on the SAML 2.0 protocol.

    SAML 2.0, released in 2005, remains the most used in Enterprise SSO space. Now, here's a quick introduction to how it works and how it can be configured on the Infobip web interface.

    SAML supports two different types of flows:

    • those initiated by the Service Provider
    • those initiated by the Identity Provider

    In this article, we cover the common SP-initiated flow. That's the one we use.

    Permissions

    On the Identity Provider side, only System Admins can configure the SSO settings for their company.

    On the Infobip web interface side, only a user with an Account Manager business role can define and modify the SSO configuration.

    Requirements

    Your Identity Provider must be based on the SAML 2.0 protocol.

    All users of an SSO-enabled account on the web interface must authenticate through an Identity Provider.

    How To Enable SSO

    Before you begin, it's important to know that the SSO configuration is completely self-servable and requires no additional data to be generated from the Service Provider, Infobip. Everything you need will be provided during the SSO configuration process.

    Identity Providers all have their unique methods of configuration. However, the following minimal set of configurations is needed for the Identity Provider to work with a Service Provider (Infobip):

    1. Log in to the Infobip web interface and go to Settings > MY ACCOUNT. Click Configure SSO. You will be redirected to a dedicated page where you configure the SSO.
    2. Fill out the following fields related to your Identity Provider. 
    • IdP Identifier – A system entity or issuer that creates, maintains, and manages identity information for principals.
    • IdP Signature Certificate – The certificate from the Identity Provider used to sign the SAML assertion.
    • IdP Single Sign-On URL – SAML 2.0 endpoint (HTTP) which represents the sign-on URL from the Identity Provider.
    1. Configure the following fields and use them for the SSO configuration on your Identity Provider:
    • SP Entity ID – URL or other identifier  that is given by the Service Provider that uniquely identifies it. Use this URL to initiate the SSO login process and share it with all users in your account.
    • SP Assertion Consumer URL – URL where a user will be redirected to after a successful authentication request. Use this URL to configure where the IdP sends SAML assertions. The URL is generated randomly when you enter the SP Entity ID.
    • Logout URL – The URL on your Identity Provider where all users will be redirected to, after a successful logout on the Service Provider side. Your users will be redirected to the specified Logout URL to terminate the session on your Identity Provider. 
    • Auto-create Users – When this option is turned on, upon accessing the SP Entity ID and during the logon process, all your users who try to access that URL, (the ones successfully authenticated on your Identity Provider) will be created automatically in our system with their basic details.
    • Auto-create Groups – When this option is turned on, upon accessing the SP Entity ID and during every user logon process, all groups and user memberships will synchronize with your Identity Provider. By enabling this option, all previously created Teams, their roles / permissions and user memberships will be permanently deleted. You will only be able to use the Teams that are automatically created through the Single Sign-On group sync.
    IMPORTANT

    Auto-create Groups option requires additional configuration on your Identity Provider to work properly. Learn more.

    NOTE

    Make sure you define the format of the Name Identifier (NameID) on your IdP as it specifies the identity of the authenticated user. Supported Name Identifier formats are email address and username.

    1. As soon as you click  SAVE, your SSO configuration will be saved, and you will be in the dual login mode. 

    Under MY ACCOUNT, within the Single Sign-On (SSO) section, you will also find the SSO status button on the right side. This toggle will be ON when you SAVE your SSO configuration, and you will have two options to choose from:

    • Dual login option  This means that both the standard web interface login with username and password and the Single Sign-On login will work in parallel. This option will be enabled by default when SSO configuration is saved
    • Only SSO login – This means that only Single Sign-On login will work. User authentication is exclusively handled on your Identity Provider.

    To disable SSO login and to switch back only to the standard web interface login with username and password, you will need to DELETE your existing SSO configuration.

    SSO using SAML over the Web Interface

    1. For your login process, you will need to always use the SP Entity ID, which was generated for you, since it represents a unique access URL to the Infobip web interface, e.g., https://portal.infobip.com/login/saml/contoso/.
       
    2. To enable the login process, first, choose whether you want to have the Auto-create Users option turned on for your account or you want to create all users manually.
    • Option A - Have users created automatically. As soon as you turn on the Auto-create Users option, upon accessing the SP Entity ID and during the logon process, all your users who try to access that URL, i.e., who are successfully authenticated on your Identity Provider, will be created automatically in our system. Those users will be created based on the information received within the SAML response from your Identity Provider, and users will have their username and email address set. In case you want to add more details to the user (e.g., number, first name, last name, etc), you can do it manually through Settings > Users & Teams.
    • Option B - Create users manually. You have to create all users with exactly the same details regarding their identity that will also come through the SAML response from your Identity Provider.

    If you have the Auto-create Users option turned on, here's what will happen when your users start to connect to the Web Interface:

    • Existing user accounts – If they do not use the same Name Identifier data (the same username or email, that are being received within the SAML response) all users who try to logon, they will be created as new users.
    • New user accounts – As soon as your users access a dedicated link for the SSO login, they'll be created on our side, with the identity data that is being received within the SAML response and their session will be started inside the web interface.

     3. When you have the SSO configuration defined and ready, your login process will always be the same:

    • Step 1 – A user accesses their SP Entity ID, i.e., a unique access URL, Infobip’s Web Interface then redirects them to their Identity Provider, to allow them to authenticate and log on to their home company, using their domain credentials.
    • Step 2 – If the log on attempt was successful, your company's service will push the login details back to the web interface using HTTP POST with SAML payload in its body. This is usually a Base64 encoded XML payload which contains details about a user who had just logged in.
    • Step 3 – At that moment, the web interface will have all the details about the user's profile saved to the session and will allow this user to access Infobip products and services. The login process is then completed, and the user's details are available from their session.

    Extending the SAML response on your Identity Provider

    Infobip provides limited support for additional SSO requirements as other authentication scenarios present a potential security risk to companies.

    Our clients can extend the SAML response sent from their Identity Provider back to the web interface to contain an additional attribute, such as Group Membership values from the Identity Provider. Some of the Identity Providers (e.g., MS Active Directory) allow the definition of attribute mapping rules, based on Group Membership. By defining these extended attributes, our clients can provide us with a list of groups in addition to the user properties in the SAML response.

    If you want the Group Membership information to be sent within the SAML request, you will need to perform the following:

    1. Extend the SAML response, which is being sent from your Identity Provider, with a new attribute statement that lists all Group Memberships for a user. Make sure that the claim attribute name is defined as follows: http://schemas.xmlsoap.org/claims/Group.
    2. Make sure that the Group Membership values are forwarded containing the SamAccountName or Name as identity since we want to map the Group Names, not other group identifiers like SID. 

    This additional attribute claim should look like the following:

    • XML
    <Attribute Name=http://schemas.xmlsoap.org/claims/Group>
            <AttributeValue>Domain_Users</AttributeValue>
            <AttributeValue>Finance_Department</AttributeValue>
            <AttributeValue>Accounting_Team</AttributeValue>
            <AttributeValue>Windows_Users</AttributeValue>
            ...
</Attribute>
    1. Make sure you have turned on the Auto-create Groups option in Settings > MY ACCOUNT > Configure SSO, so that the newly added attribute can be properly handled upon each user logon. 

    How this is reflected on the web interface:

    1. You don't need to have the Groups created in advance. We will perform that automatically. When a user tries to log in, the Group attribute will be sent back to us every time with the rest of the SAML data.
    2. The web interface will then map these Groups with the Teams in our system. If a certain Group is not on the Teams list, we will create it with the same Group Name as defined on your Identity Provider.
    3. Groups will be matched and compared to each user login. This is done for all users. We will verify and update the membership on our side, based on the Groups provided inside the SAML response.
    4. Group creation, mapping to Teams, and user membership assignment are resolved automatically. Roles and permissions management needs to be performed manually and for all Teams, through the web interface.
    NOTE

    Teams that are created automatically, through the Single Sign-On group sync, cannot be modified in terms of user memberships. You can only manage the roles and permissions for this type of team.

    Multiple Accounts or Sub-accounts Access

    To use a unified configuration for multiple sub-accounts, contact our Support team.

    PAGE CONTENT

    Copyright © 2006-2021 Infobip ltd.