Categories

Introduction to Bonsai
Using the Bonsai App
Bonsai Features
Heroku User Guide for Bonsai
Language & Framework Guides
Integrations
Platform
Elasticsearch & OpenSearch Version Support
Managing your search resources
Troubleshooting
API guide
Bonsai FAQ
Compliance & Security FAQ
Docs
>
Introduction to BonsaiUsing the Bonsai AppBonsai FeaturesHeroku User Guide for BonsaiLanguage & Framework GuidesIntegrationsPlatformElasticsearch & OpenSearch Version SupportManaging Your ResourcesTroubleshootingAPI GuideBonsai FAQCompliance & Security
>
Account Security (SSO, Passwords, Sessions)

Account Security (SSO, Passwords, Sessions)

This article will give an overview of how to manage your profile settings in relation to Single Sign-On, Password Management, and Browser Session Management.
Last updated
June 16, 2023

To navigate to your personal profile, click on your initials in the upper right corner and select Profile Settings from the dropdown menu. Then navigate to the Security tab.

  1. Single Sign-On
  2. Password Management
  3. Browser Session Management

1. Single Sign-On

Single Sign-On (SSO) is the ability to have a third party service validate your identity. You can enable Google SSO which offers additional security like multi-factor authentication (MFA). Bonsai also supports Okta.

To use this feature, your identity provider must match your Bonsai.io account email address. For example, if your Google email address is "bob.smith@gmail.com," then your Bonsai.io account must use this same email address in order to verify your identity.

Once you have SSO set up, you will no longer be able to log in with your username/password. Logging in will need to be done through the identity provider.

To revert back to username/password authentication, you will need to disable SSO. To do so, simply click on Disable SSO.

If you see this section greyed out then your account admin has required that you use SSO.

2. Password Management

To update your password, enter your old password and a new password. Bonsai strongly recommends using a password manager like 1Password or LastPass to keep your passwords secure, and to help randomly generate new passwords.

Protip: Use a strong password

We’re a security-conscious bunch, and we don’t have any arcane rules about what kinds of characters you must use for your password. Why? We’ll let xkcd explain it. Tl;dr: our password policy simply enforces a minimum length of 10 characters. We also reject common passwords that have been pwned. Sadly, correct horse battery staple appears in our blacklist.

Note: updating your password will revoke all of your active sessions and force you to log in again.

3. Browser Session Management

View and revoke your active sessions by scrolling down to Active Sessions. If you have a session on another device, you can see its IP address and information about the device.

You can revoke sessions individually, or revoke all. Revoking all sessions will also revoke your current session that you are using to view your profile, and doing so will require you to log in again.

View code snippet
Close code snippet

One More Cloud

The search experts. Makers of Bonsai and Websolr.

Subscribe for product updates:

Elasticsearch is a trademark of Elasticsearch BV. Apache and Apache Lucene are trademarks of the Apache Software Foundation.

Status

|

FAQ

|

Terms

|

Privacy

Resources

Search AssessmentHeroku AddonPricingDocsBlogAnnouncementsCareersContact

Platform

Elasticsearch on Google CloudElasticsearch on AWSOpenSearch on Google CloudOpenSearch on AWS

ES/OS-as-a-Service

Managed ElasticsearchManaged OpenSearch

© One More Cloud, Inc. All Rights Reserved