Help Center

Access management

In BlueConic, all access-related functionality is grouped together under a single Access Management option through the BlueConic settings menu. When you click BlueConic settings > Access management, the following tabs appear within a horizontal bar at the top (underneath the main navigation bar):



  • The Access management option is only available to user roles with "Access management" enabled through the Roles tab. In addition, only tabs enabled for a user's role are shown in the horizontal bar; for instance, someone with the Content Manager user role might have access to the Users tab but not to the Single Sign-On (SSO) tab.
  • Upon clicking the Access management option, you are directed to the first available tab. For example, if you have access to “Roles” but not “Users,” then the Roles tab is the first available.
  • If you only have access to one Access management tab, then the Access management option in the BlueConic settings menu is relabeled with the name of that one tab.

For more information, review the article Managing Roles and User Permissions in BlueConic.


The Users tab lists all users authorized to log in to BlueConic. From here, you can view more information on each individual user and adjust their settings, including the roles they're assigned to and the domains they have write access to. You can also add and remove users through this tab.

For more details on this tab, review the article Adding, modifying, and deleting users.


The Roles tab lists all user roles available in BlueConic and the specific BlueConic functions they have permission to access. For instance, AI Workbench is enabled for all users in the Application Manager role. From this tab, you can view and update the specific permissions for each role, as well as grant them access to PII (personally identifiable information) in your tenant.

For more details on this tab, review the article BlueConic Roles.


Implemented as part of the OAuth 2.0 authorization framework, the Applications tab lists all external, third-party applications that your organization has authorized to connect with BlueConic using BlueConic public REST APIs. From this tab, you can add new applications and manage the settings and information for your existing applications.

For more details on this tab, review the article Applications: Authorizing external applications to access BlueConic.

Single Sign-On (SSO)

The Single Sign-On (SSO) tab includes one setting to enable or disable the SSO feature giving users access to BlueConic using your organization's SSO provider. When this setting is enabled, several fields display to input information that BlueConic needs for setup from your SSO provider.

For more details on this tab, review the article Using single sign-on (SSO) with BlueConic.

Access based on IP address

Through the Access based on IP address tab, you can restrict access to the BlueConic management UI and API to only users in a certain range of IP addresses, such as your organization's network. If you select the option to allow only certain IP addresses, make sure to include your own IP address on the IP allow list (formerly referred to as a 'whitelist'). When you save these settings, active BlueConic user sessions will be blocked to users outside the IP ranges you specify.

How to limit access to BlueConic CDP to white list of IPs to use only authorized users for an IP range or range of IP addresses at my site

Note: If you set up one or more BlueConic API Access connections, these connections and the specific API access they govern are also affected by this limitation.

Tip: If your site uses an IP-masking platform such as Zscaler, review our tips about automatic logouts for further information.

BlueConic Support access

The BlueConic Support access tab includes one setting to define whether or not BlueConic Support can access your overall tenant. By default, BlueConic Support employees do not have any access to your tenant, but through this tab, you can permit all Support employees or just specific employees to have this access.

For more details on this tab, review the article Allowing BlueConic Customer Success to access your environment.

Timeout configuration

By default, BlueConic user sessions time out after a period of inactivity for 60 minutes.

BlueConic site administrators can select Access management > Timeout configuration to customize the Inactivity timeout setting for BlueConic users at their site to any time between 30 (minimum) and 60 minutes (maximum) of inactivity. 

Timeout configuration setting BlueConic.png

Audit events for timeout activities

Examples of user activities include clicks, page views, API calls, and saving changes to a configuration. To enhance transparency and accountability, audit events are generated to provide users with detailed logs related to the timeout configuration. These events will be logged under the object type "Privacy Setting." For further details, please review the Audit events REST API documentation.

Set the inactivity timeout period

Note: Only BlueConic users whose user role has permission to set the timeout configuration can set this timeout. By default, the timeout configuration permissions are given to BlueConic application managers.

  1. Select BlueConic settings > Access management > Timeout configuration from the BlueConic navigation bar.
  2. In the Timeout configuration page, enter a number of minutes between 30 and 60 for the inactivity timeout.
    If a BlueConic user is inactive in BlueConic for this amount of time, they will be logged out of the system.
  3. Save your settings.

Role-based permission to configure or view the session timeout

Only BlueConic application managers (or others whose BlueConic Role includes the Timeout configuration privileges) can view or edit this setting. Note that it is the BlueConic Application Manager at your BlueConic site who determines which users at your site can view or edit this setting. If your user role does not include this permission, you cannot view or alter the timeout period.

See BlueConic Roles for details on granting BlueConic user roles the ability to view or set the inactivity timeout period.

Note about automatic logouts and the BlueConic Chrome Extension

Using the BlueConic Chrome Extension impacts the inactivity timeout setting, because the Chrome Extension triggers a Chrome request every minute to keep track of registered channels and inject the BlueConic script. This behavior may extend the user session because of these requests, and delay or prevent an inactivity timeout.


Was this article helpful?
0 out of 1 found this helpful