Essentials
Manage my account
Account settings

Account settings

From the audit log to branding options and security preferences, Account Settings is where you will find the information that will help you choose options that are the best fit for your needs.

Audit log

The Audit log shows a full history of user activities on the Infobip web interface and allows for faster issues resolution. This industry standard comes in handy when you need to troubleshoot or investigate an event. Events are grouped by Account, Username, IP Address, and Description, and you filter by range (last 15 minutes, today, yesterday, this week, and last week), or a specific date, and time.

Here are some of the benefits of the Audit Log:

  • Full transparency on what has happened on the account and when.
  • The basis for an even more proactive approach to anomalies related to actions on your account, with a focus to prevent any hacking attempts.
  • Perform event audits on your own, without having to reach out to Infobip Support.
Essentials - Audit log
NOTE

This feature is available to all users with the Account Manager role.

Audit log events

ItemActionEvent description
2FAEnableTwo-factor authentication enabled for all users. Enabling two-factor authentication failed.
DisableTwo-factor authentication enabled for all users. Disabling two-factor authentication failed.
UpdateTwo-factor authentication settings updated. Two-factor authentication settings update failed.
AccountUpdateAccount login options updated/failed.
Account security options updated/failed.
Language successfully changed/failed.
Host name set/failed.
Color scheme set/failed.
Logo updated/failed.
Answers/ChatbotActivateChatbot activated.
DeactivateChatbot deactivated by user, Details: Sessions expired after grace period.
Chatbot deactivated by user, Details: Sessions terminated by bot deactivation.
Chatbot deactivated by system, Details: Sessions terminated due to data management policy change.
Chatbot deactivated by system, Details: Sessions terminated due to discontinued pricing plan.
Chatbot deactivated by system, Details: Sessions terminated due to disabled channel.
Chatbot deactivated by system, Details: Sessions terminated due to deactivating account.
Chatbot deactivated by system, Details: Sessions terminated due to expired free trial.
Chatbot deactivated by system, Details: Sessions terminated due to failure to charge sessions.
CreateChatbot created by user.
Chatbot created by user, Details: Created from template XYZ.
DeleteChatbot deleted by user.
Chatbot deleted due to data management policy.
Chatbot deleted because of the canceled import.
ImportChatbot imported by user.
DuplicateChatbot duplicated by user, Details: Duplicated from chatbot XYZ.
API keyCreate / GenerateAPI key generated (name, valid from)/generation failed.
UpdateAPI key updated (name, expiration).
Automatic PaymentActivationAutomatic payments changed (min. Balance, currency).
ChangeAutomatic payments changed (min. Balance, currency).
Automatic payments deactivated.
SuccessfulAutomatic payment completed.
UnsuccessfulAutomatic payment failed.
Billing addressSuccessfulBilling address changed (name, full billing address).
BlocklistImportImported a blocklist from a completed file.
AddNumber/Email added to a blocklist.
DeleteNumber/Email deleted from a blocklist.
ExportBlocklist export completed.
CampaignUpdateCampaign updated.
CommunicationCreateFlow created/failed.
Broadcast created/failed.
LaunchFlow launched.
DeleteFlow deleted/deletion failed.
CancelFlow canceled/canceling failed.
Broadcast canceled/canceling failed.
FinishFlow finished/finishing failed.
Broadcast finished/finishing failed.
DuplicateFlow duplicated.
Broadcast duplicated.
UpdateFlow updated.
Broadcast updated.
Create versionFlow version created.
Delete versionFlow version deleted.
Launch versionFlow version launched.
Stop versionFlow version stopped.
ScheduleFlow version scheduled.
ChangeFlow name changed.
Broadcast name changed.
CompanyAddCompany added.
DeleteCompany deleted.
CustomFieldAdd Custom field added.
DeleteCustom field deleted.
DomainCreateDomain created by the user.
DeleteDomain deleted by the user.
Export configurationUpdateExport configuration created.
CreateExport configuration created.
DeleteExport configuration deleted.
FormsCreateForms created.
DownloadForms downloaded.
DuplicateForms duplicated.
UpdateForms updated.
KeywordCreateKeyword created on a mobile number.
DeleteKeyword deleted on a mobile number.
ChangeKeyword changed on a mobile number.
Mobile ApplicationCreateMobile Application has been created.
DeleteMobile Application has been deleted.
UpdateMobile Application has been updated.
Mobile Demo ApplicationInvite to Mobile Demo ApplicationMobile Demo Application has been shared.
CreateMobile Demo Application has been created.
NumberBuyNumber bought.
DeleteNumber deleted.
One-time paymentSuccessfulPayment successfully completed (currency).
UnsuccessfulPayment failed (currency).
PasswordRestoreReset forgot password email sent.
Reset forgot password email sending failed.
UpdatedPassword updated.
UpdatePassword for user restored.
Password for user failed.
PersonImportPeople import from CSV completed/failed (file name).
MergePeople merged.
ExportPeople exported to the CSV completed (file name).
People exported to the CSV failed (file name).
PriceUpdatePrice updated.
ReportRequestReport requested.
Report request failed.
CreateReport generated (report name/type).
Report generation failed (name/type).
DownloadReport downloaded.
Report download failed.
DeleteReport deleted.
Report deletion failed.
SearchExportLogs export to file completed.
Logs export to file failed.
SegmentCreateSegment created.
DeleteSegment deleted.
UpdateSegment updated.
TagCreateTag created.
DeleteTag deleted.
RemoveTad removed.
UpdateTag updated.
AssignTag assigned.
TeamCreateGroup created.
Group creation failed.
DeleteGroup deleted.
Group deletion failed.
UpdateGroup updated.
Group update failed.
TemplateCreateChannel template created.
Flow template created.
DuplicateChannel template duplicated.
DeleteChannel template deleted.
URLSentEmail with password sent to user.
Email with password sending failed.
UserCreateUser created.
User creation failed.
UpdateUser updated.
User update failed.
DisableUser disabled.
Disabling user failed.
EnableUser enabled.
Enabling user failed.
UpdateUser changed email address. Email address change update failed.
Mobile number verified for user.
Mobile number verification for user failed.
AcceptUser accepted.
LoginUser logged in (name, email)
LogoutUser logged out (name, email)
LockUser locked.
User locking failed.
UnlockUser unlocked.
User unlocking failed.
VerifyUser verified.
WebsiteCreateWebsite created.
UpdateWebsite updated.
DeleteWebsite deleted.

Customization settings

The customization settings are your path to a customized account - both on the inside and outside.

To change your settings, navigate to your user profile and click SettingsAccounts → Customize.

You have two options for customization:

  • Customize your account
  • Customize the login page

To only customize the account, all you need to do is set the language, theme, and upload a logo to fit your corporate visual identity. Make sure that the logo you are uploading is not larger than 150x150px, otherwise, you will get an error saying the image cannot be uploaded.

Essentials - Customize your account

To customize the login page as well, you need to enter the hostname URL and a logo. The hostname will be used as a web interface URL for your account. The hostname's DNS configuration will have to be updated, and the exact details of DNS record will be shown during the configuration process in the web interface.

Your logo will appear on the login page wherever you are using the custom login page URL.

login page on user platform

Security settings

We believe security should be everyone`s priority! Needless to say, we have put a lot of thought into Security Settings.

The Security Settings were created to manage the security levels for account access, and they include several features.

Essentials - Manage security settings for your accounts

Configure single sign-on (SSO)

Single Sign-On (SSO) is an authentication process where a single set of credentials can be used to log into different applications. Infobip supports SSO integration for any Identity Provider that is based on the SAML 2.0 protocol.

SAML 2.0, released in 2005, remains the most used in the Enterprise SSO space. Now, here's a quick introduction to how it works and how it can be configured on the Infobip web interface.

SAML supports two different types of flows:

  • those initiated by the Service Provider
  • those initiated by the Identity Provider

In this article, we cover the common SP-initiated flow used by Infobip.

Permissions

On the Identity Provider side, only System Admins can configure the SSO settings for their company.

On the Infobip web interface side, only a user with an Account Manager business role can define and modify the SSO configuration.

Requirements

Your Identity Provider must be based on the SAML 2.0 protocol.

All users of an SSO-enabled account on the web interface must authenticate through an Identity Provider.

How to enable SSO

Before you begin, it is important to know that the SSO configuration is completely self-servable and requires no additional data to be generated from the Service Provider, Infobip. Everything you need will be provided during the SSO configuration process.

Identity Providers all have their unique methods of configuration. However, the following minimal set of configurations is needed for the Identity Provider to work with a Service Provider (Infobip):

  1. Log in to the Infobip web interface. In the menu on the left, click the avatar icon and go to Account settings → Security (opens in a new tab). In the Single Sign-On (SSO) section, click Configure. You are redirected to the SSO configuration page.

  2. Fill out the following fields related to your Identity Provider.

    • IdP Identifier - A system entity or issuer that creates, maintains, and manages identity information for principals.
    • IdP Signature Certificate - The certificate from the Identity Provider used to sign the SAML assertion.
    • IdP Single Sign-On URL - SAML 2.0 endpoint (HTTP) which represents the sign-on URL from the Identity Provider.
    • Logout URL - Your Identity Provider's URL which all users will be redirected to after a successful logout on the Service Provider side. Users will be redirected to the specified Logout URL to terminate the session on your Identity Provider.
  3. Configure the following fields and use them for the SSO configuration on your Identity Provider:

    • SP Entity ID - URL or another identifier that is given by the Service Provider that uniquely identifies it. Use this URL to initiate the SSO login process and share it with all users in your account.
    • SP Assertion Consumer URL - URL where a user will be redirected to after a successful authentication request. Use this URL to configure where the IdP sends SAML assertions. The URL is generated randomly when you enter the SP Entity ID.
    • Auto-create Users - When this option is turned on, upon accessing the SP Entity ID and during the logon process, all your users who try to access that URL, (the ones successfully authenticated on your Identity Provider) will be created automatically in our system with their basic details.
    • Auto-create Groups - When you turn on this option, upon accessing the SP Entity ID and during every user logon process, all groups and user memberships will synchronize with your Identity Provider. If you enable the Auto-create Groups option and create groups through SSO, and then disable this option, these groups become non SSO.
    IMPORTANT

    The Auto-create groups option requires additional configuration on your Identity Provider to work properly.

  4. Configure the Name Identifier (NameID) attribute on your Identity Provider.

    • Supported options by our Service Provider are Email and UPN (User Principal Name). Supported Name Identifier format is email address only. Also, create custom attribute mapping for the NameID from Email or UPN on your Identity Provider as this is an important step to make sure that the SSO login works.
  5. To enable the login process, first, choose whether you want to have the Auto-create users option turned on for your account or you want to create all users manually. Upon receiving a successful SAML response from your Identity Provider, our Service Provider will look for the exact match between the NameID and the email address for all the existing users on your account. If that match is not found, then based on the Auto-create Users option the login will fail or the new user will be created. For both options, it is important to check existing users on your account and change their email addresses to match their NameID value from the Identity Provider.

    Option 1 - Have users created automatically. As soon as you turn on the Auto-create users option, upon accessing the SP Entity ID and during the login process, all your users who try to access that URL, i.e., who are successfully authenticated on your Identity Provider and the existing user is not found, will be created automatically in our system. Those users are created based on the information received within the SAML response from your Identity Provider, and users will have their username and email address set. In case you want to add more details to the user (e.g., number, first name, last name, etc), you can do it manually through Settings → Users & teams (opens in a new tab).

    Option 2 - Create users manually. The Auto-create users option is turned off in this case. You must create all users with the email address exactly the same as the NameID that is sent within the SAML response from your Identity Provider.

SSO using SAML over the web interface

For the login process, you must always use the SP Entity ID, generated for you, since it represents a unique access URL to the Infobip web interface, e.g., https://portal.infobip.com/login/saml/contoso/.

  1. If  the Auto-create users option is turned on, here is what happens when your users start to connect to the web interface:

    • Existing user accounts – If they do not have the same email address as the NameID that is being received within the SAML response all users who try to log in, they will be created as new users.
    • New user accounts – As soon as your users access a dedicated link for the SSO login, they will be created on our side, with the identity data that is being received within the SAML response and their session will be started inside the web interface.
  2. If the Auto-create users option is turned off:

    • Existing user accounts – If they do not have the same email address as the NameID received within the SAML response all users who try to log in, the SSO login process will fail.

When you define your SSO configuration and it is ready, your login process is always the same:

  1. A user accesses their SP Entity ID, i.e., a unique access URL, the Infobip platform then redirects them to their Identity Provider, to allow them to authenticate and log in to their home company, using their domain credentials.
  2. If the login attempt is successful, your company's service will push the login details back to the Infobip platform using HTTP POST with SAML payload in the body. This is usually a Base64 encoded XML payload that contains details about a user who had just logged in.
  3. At that moment, the Infobip platform has all the details about the user's profile saved to the session and allows this user to access Infobip products and services. The login process is then completed, and the user's details are available from their session.

Extending the SAML response on your identity provider

Infobip provides limited support for additional SSO requirements as other authentication scenarios present a potential security risk to companies.

Infobip clients can extend the SAML response sent from their Identity Provider back to the web interface to contain an additional attribute, such as Group Membership values from the Identity Provider. Some of the Identity Providers (e.g., MS Active Directory) allow the definition of attribute mapping rules, based on Group Membership. By defining these extended attributes, our clients can provide us with a list of groups in addition to the user properties in the SAML response.

If you want to have the first and last name set for users with the Auto create users option, you must extend the SAML response, which is sent from your Identity Provider, with the following attribute statements:

  • First name attribute with claim name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  • Last name attribute with claim name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
NOTE

By default, the user's Email will be the same as the Name Identifier (NameID).

If you want to specify an Email different than the Name Identifier (NameID), you have to include the Email attribute claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress in the SAML response.

If you want the Group Membership information to be sent within the SAML request, you must perform the following:

  1. Extend the SAML response, which is being sent from your Identity Provider, with a new attribute statement that lists all Group Memberships for a user. Make sure that the claim attribute name is defined as follows: http://schemas.xmlsoap.org/claims/Group.
  2. Make sure that the Group Membership values are forwarded containing the SamAccountName or Name as identity since we want to map the Group Names, not other group identifiers like SID.

This additional attribute claim should look like the following:

xml
 
    <Attribute Name=http://schemas.xmlsoap.org/claims/Group>
                <AttributeValue>Domain_Users</AttributeValue>
                <AttributeValue>Finance_Department</AttributeValue>
                <AttributeValue>Accounting_Team</AttributeValue>
                <AttributeValue>Windows_Users</AttributeValue>
                ...
    </Attribute>
 
NOTE

Manually-created teams and teams created through the SSO group sync are supported simultaneously.

However, teams created through SSO group sync cannot be modified in terms of user memberships.

Make sure you have turned on the Auto-create Groups option in Settings → My Account (opens in a new tab) → Configure SSO, so that the newly added attribute can be properly handled upon each user logon.

How this reflects in the web interface:

  1. You do not need to have the Groups created in advance. We will perform that automatically. When a user tries to log in, the Group attribute will be sent back to us every time with the rest of the SAML data.
  2. The web interface will then map these Groups with the Teams in our system. If a certain Group is not on the Teams list, we will create it with the same Group Name as defined on your Identity Provider.
  3. Groups will be matched and compared to each user login. This is done for all users. We will verify and update the membership on our side, based on the Groups provided inside the SAML response.
  4. Group creation, mapping to Teams, and user membership assignment are resolved automatically. Roles and permissions management needs to be performed manually and for all Teams, through the web interface.
NOTE

Teams that are created automatically, through the Single Sign-On group sync, cannot be modified in terms of user memberships. You can only manage the roles and permissions for this type of team.

Multiple accounts or sub-accounts access

To use a unified configuration for multiple sub-accounts, contact our Support team (opens in a new tab).

Two-factor authentication

You can enable two-factor authentication (opens in a new tab) (2FA) at once for all account users. As a result, the users will have to enter the verification code when logging in.

User account security

In this section, you can configure rules and policies for all users on the account.

  • Maximum user inactivity - Number of inactive days before the user is disabled. You can set the value from 15 to 365.
  • Maximum login attempts - Number of maximum (unsuccessful) login attempts before the user is locked. The recommended value is 5.
  • Password validity - Number of days before the password is expired and has to be renewed. If the value is empty, the password will not expire. The recommended value is 90 days.

Need assistance

Explore Infobip Tutorials

Encountering issues

Contact our support

What's new? Check out

Release Notes

Unsure about a term? See

Glossary

Research panel

Help shape the future of our products
Service Terms & ConditionsPrivacy policyTerms of use