To navigate to your personal profile, click on your initials in the upper right corner and select Profile Settings from the dropdown menu. Then navigate to the Security tab.
1. Single Sign-On
Single Sign-On (SSO) is the ability to have a third party service validate your identity. You can enable Google SSO which offers additional security like multi-factor authentication (MFA).
Bonsai also supports Okta.
To use this feature, your identity provider must match your Bonsai.io account email address. For example, if your Google email address is "bob.smith@gmail.com," then your Bonsai.io account must use this same email address in order to verify your identity.
Once you have SSO set up, you will no longer be able to log in with your username/password. Logging in will need to be done through the identity provider.
To revert back to username/password authentication, you will need to disable SSO. To do so, simply click on Disable SSO.
If you see this section greyed out then your account admin has required that you use SSO.
2. Password Management
To update your password, enter your old password and a new password. Bonsai strongly recommends using a password manager like
1Password or
LastPass to keep your passwords secure, and to help randomly generate new passwords.
Protip: Use a strong password
We’re a security-conscious bunch, and we don’t have any arcane rules about what kinds of characters you must use for your password. Why? We’ll let
xkcd explain it. Tl;dr: our password policy simply enforces a minimum length of 10 characters. We also reject common passwords that
have been pwned. Sadly, correct horse battery staple appears in our blacklist.
Note: updating your password will revoke all of your active sessions and force you to log in again.
3. Browser Session Management
View and revoke your active sessions by scrolling down to
Active Sessions. If you have a session on another device, you can see its IP address and information about the device.
You can revoke sessions individually, or revoke all. Revoking all sessions will also revoke your current session that you are using to view your profile, and doing so will require you to log in again.