Enterprise Web Console

The articles in this section provide parallel instructions for users transitioning from the current Backblaze web console to the new enterprise web console. It maps legacy functionality (such as groups, Object Lock, and bucket management) to its equivalents in the new web console, with updated procedures for setup and management.

Overview

In the previous web console, groups were used to organize users with shared configurations, allowing centralized control over backup settings and license allocation.

In the enterprise web console, group management has evolved into a more flexible and scalable model:

• Organization: An organization is the top-level account that includes users, resources, and billing information.
• Subscription: A subscription defines the specific Backblaze services that you pay for, such as Backblaze B2 Cloud Storage or B2 Overdrive.
• Resource groups: Resource groups help organize and manage Backblaze B2 storage by department, project, or other criteria, allowing for detailed access control. Each resource group can include multiple buckets, but a bucket can belong to only one resource group at a time.

This new structure separates service management (subscriptions) from access control (resource groups), providing more granular and scalable user management.

Improvements

• Improved Usability: The enterprise web console features a more organized layout, with tabs and sections that make settings easier to find and manage.
• Centralized Management: All bucket-related settings—such as Object Lock, Cross-Origin Resource Sharing (CORS) rules, Lifecycle Rules, and encryption—are now managed in a single location. They are prominently integrated into the bucket details.
• Granular Access Control: Buckets can be assigned to resource groups and governed by policies, allowing for precise access management.
• Streamlined Workflow: Most configuration options can now be set during bucket creation, reducing the need for post-setup adjustments.

Key Differences

Regions

In the previous web console, creating buckets and application keys was more limited in terms of regional support.

In the enterprise web console, you can create buckets and application keys in any available region.

Application Keys

In the previous web console, application keys were more closely tied to users. They had minimal control over scope, expiration, or fine-grained access settings.

In the enterprise web console, application keys are managed at the organization level rather than being tied to individual users or groups, and they persist even if users are removed. Key creation is more granular and aligned with enterprise needs—you can define permission levels (read, write, list), region restrictions, file name prefixes, expiration dates, and specify whether a key can access all buckets or just specific ones. The web console also makes it easier to manage, audit, and securely rotate keys.

Learn how to create and manage application keys in the enterprise web console.

Buckets

In the previous web console, bucket creation was limited to basic settings like name, region, and access level, with advanced options managed separately.

The enterprise web console offers a more integrated setup, allowing key configurations—such as Object Lock, encryption, CORS, and Lifecycle Rules—to be defined upfront. It also introduces resource groups for built-in access control, making bucket creation a more secure and policy-driven process aligned with organizational management.

Learn how to create and manage buckets in the enterprise web console.

Lifecycle Rules

In the previous web console, Lifecycle Rules were limited in visibility and often required manual configuration after a bucket was created. 

In the enterprise web console, Lifecycle Rules are integrated directly into the bucket management workflow. The interface provides clear options for retention behavior (such as hiding or deleting old versions), and you can create, edit, or delete rules with better context.

Learn how to enable and configure Lifecycle Rules in the enterprise web console.

CORS Rules

In the previous web console, the CORS configuration was located in secondary menus, making it less prominent and accessible.

The enterprise web console displays CORS settings within each bucket’s settings panel, offering structured options and helpful descriptions. Admins can now choose from standard patterns (all origins, HTTPS only, custom origin) and specify relevant APIs. This makes it easier to manage secure sharing across apps without needing deep technical knowledge.

Learn how to enable and configure CORS rules in the enterprise web console.

Lock Features

In the previous web console, enabling Object Lock and Legal Holds was a basic toggle with minimal context or enforcement structure.

The enterprise web console elevates Object Lock into a formal part of bucket configuration. It includes compliance-focused options like governance and compliance modes, mandatory retention periods, and clear guidance indicating that these settings become permanent after you enable them.

Learn how to enable and configure lock features in the enterprise web console.

Adding Users

In the previous web console, adding users to a group was a manual process and lacked integration with identity providers or broader access controls.

In the enterprise web console, users are added through identity systems like System for Cross-domain Identity Management (SCIM) or Single Sign-on (SSO), and then assigned to a default resource group that determines what resources (like buckets or policies) they can access.

Learn how to add and manage users in the enterprise web console.

Usage Reports

Detailed daily usage reports are new in the enterprise web console. You can use these reports to track storage and bandwidth over time, and filter them by resource group for departmental insights. Reports are generated by region, and for more detailed analysis—such as filtering by specific resources—you can download the reports and analyze them using external tools.

Learn how to enable and use usage reports in the enterprise web console.