In BlueConic, all access-related functionality is grouped together under a single Access Management option through the BlueConic settings menu. When you click BlueConic settings > Access management, the following tabs appear within a horizontal bar at the top (underneath the main navigation bar):

Notes:

For more information, review the article Managing Roles and User Permissions in BlueConic.

The Users tab lists all users authorized to log in to BlueConic. From here, you can view more information on each individual user and adjust their settings, including the roles they're assigned to and the domains they have write access to. You can also add and remove users through this tab.

For more details on this tab, review the article Adding, modifying, and deleting users.

The Roles tab lists all user roles available in BlueConic and the specific BlueConic functions they have permission to access. For instance, AI Workbench is enabled for all users in the Application Manager role. From this tab, you can view and update the specific permissions for each role, as well as grant them access to PII (personally identifiable information) in your tenant.

For more details on this tab, review the article BlueConic Roles.

Implemented as part of the OAuth 2.0 authorization framework, the Applications tab lists all external, third-party applications that your organization has authorized to connect with BlueConic using BlueConic public REST APIs. From this tab, you can add new applications and manage the settings and information for your existing applications.

For more details on this tab, review the article Applications: Authorizing external applications to access BlueConic.

The Single Sign-On (SSO) tab includes one setting to enable or disable the SSO feature giving users access to BlueConic using your organization's SSO provider. When this setting is enabled, several fields display to input information that BlueConic needs for setup from your SSO provider.

For more details on this tab, review the article Using single sign-on (SSO) with BlueConic.

Through the Access based on IP address tab, you can restrict access to the BlueConic management UI and API to only users in a certain range of IP addresses, such as your organization's network. If you select the option to allow only certain IP addresses, make sure to include your own IP address on the IP allow list (formerly referred to as a 'whitelist'). When you save these settings, active BlueConic user sessions will be blocked to users outside the IP ranges you specify.

​
​Note: If you set up one or more BlueConic API Access connections, these connections and the specific API access they govern are also affected by this limitation.

Tip: If your site uses an IP-masking platform such as Zscaler, review our tips about automatic logouts for further information.

The BlueConic Support access tab includes one setting to define whether or not BlueConic Support can access your overall tenant. By default, BlueConic Support employees do not have any access to your tenant, but through this tab, you can permit all Support employees or just specific employees to have this access.

For more details on this tab, review the article Allowing BlueConic Customer Success to access your environment.

By default, BlueConic user sessions time out after a period of inactivity for 60 minutes.

BlueConic site administrators can select Access management > Timeout configuration to customize the Inactivity timeout setting for BlueConic users at their site to any time between 30 (minimum) and 60 minutes (maximum) of inactivity.

Examples of user activities include clicks, page views, API calls, and saving changes to a configuration. To enhance transparency and accountability, audit events are generated to provide users with detailed logs related to the timeout configuration. These events will be logged under the object type "Privacy Setting." For further details, please review the Audit events REST API documentation.

Note: Only BlueConic users whose user role has permission to set the timeout configuration can set this timeout. By default, the timeout configuration permissions are given to BlueConic application managers.

Only BlueConic application managers (or others whose BlueConic Role includes the Timeout configuration privileges) can view or edit this setting. Note that it is the BlueConic Application Manager at your BlueConic site who determines which users at your site can view or edit this setting. If your user role does not include this permission, you cannot view or alter the timeout period.

See BlueConic Roles for details on granting BlueConic user roles the ability to view or set the inactivity timeout period.

Using the BlueConic Chrome Extension impacts the inactivity timeout setting, because the Chrome Extension triggers a Chrome request every minute to keep track of registered channels and inject the BlueConic script. This behavior may extend the user session because of these requests, and delay or prevent an inactivity timeout.