Get Started with the Enterprise Web Console

The articles in this section provide parallel instructions for users transitioning from the current Backblaze web console to the new enterprise web console. It maps legacy functionality (such as groups, Object Lock, and bucket management) to its equivalents in the new web console, with updated procedures for setup and management.

Overview

In the previous web console, groups were used to organize users with shared configurations, allowing centralized control over backup settings and license allocation.

In the enterprise web console, group management has evolved into a more flexible and scalable model.

Organization

An organization is the top-level account that includes users, resources, and billing information.

Subscription

A subscription defines which Backblaze services your organization pays for, such as:

• Backblaze B2 Cloud Storage
• B2 Overdrive
• Computer Backup

Subscriptions govern service availability and billing, while access control is managed separately.

User Groups

User groups replace legacy “groups” with a more powerful access-control model.

A user group:

• Is a collection of users
• Can be assigned roles
• Can be granted bucket access
• Automatically shares access among all group members

This makes it easier to manage permissions for teams, departments, or entire roles across your organization.

A user can be a member of any number of user groups, and roles are typically assigned to user groups so that all members receive the same permissions.

Resource Groups

Resource groups help organize and manage B2 Cloud Storage by department, project, cost center, or other criteria.

A resource group:

• Can contain multiple buckets
• Can be assigned roles to control access at scale
• Acts as a boundary for permissions and reporting

A bucket can belong to only one resource group at a time.

Roles and Permissions

Roles define what actions a user or user group can perform, replacing older, less structured permission models.

A role consists of:

1. A role type (Administrator, Bucket Creator, Object Manager, Object Viewer, Object Writer)
2. A scope (organization-wide, resource group, or bucket)

This provides precise, enterprise-grade permission control.

Example role assignments:

• Object Viewer on a specific bucket
• Bucket Creator in a resource group
• Administrator organization-wide

Roles handle management permissions. Bucket access controls data access.

Improvements

• Improved Usability: The enterprise web console features a more organized layout, with tabs and sections that make settings easier to find and manage.
• Centralized Management: All bucket-related settings—such as Object Lock, Cross-Origin Resource Sharing (CORS) rules, Lifecycle Rules, and encryption—are now managed in a single location. They are prominently integrated into the bucket details.
• Granular Access Control: Buckets can be assigned to resource groups and governed by policies, allowing for precise access management.
• Streamlined Workflow: Most configuration options can now be set during bucket creation, reducing the need for post-setup adjustments.

Key Differences

Many pages, navigation items, and tabs (such as Access Control, Organization settings, and role management) are visible only to users with the Administrator role. Other roles may see only the Overview page and the specific buckets and resources they have been granted access to.

Regions

In the previous web console, creating buckets and application keys was more limited in terms of regional support.

In the enterprise web console, you can create buckets and application keys in any available region.

Application Keys

In the previous web console, application keys were more closely tied to users. They had minimal control over scope, expiration, or fine-grained access settings.

In the enterprise web console, application keys are managed at the organization level rather than being tied to individual users or groups, and they persist even if users are removed. Key creation is more granular and aligned with enterprise needs—you can define permission levels (read, write, list), region restrictions, file name prefixes, expiration dates, and specify whether a key can access all buckets or just specific ones. The web console also makes it easier to manage, audit, and securely rotate keys.

Learn how to create and manage application keys in the enterprise web console.

Buckets

In the previous web console, bucket creation was limited to basic settings like name, region, and access level, with advanced options managed separately.

The enterprise web console offers a more integrated setup, allowing key configurations—such as Object Lock, encryption, CORS, and Lifecycle Rules—to be defined upfront. It also introduces resource groups for built-in access control, making bucket creation a more secure and policy-driven process aligned with organizational management.

Learn how to create and manage buckets in the enterprise web console.

Lifecycle Rules

In the previous web console, Lifecycle Rules were limited in visibility and often required manual configuration after a bucket was created. 

In the enterprise web console, Lifecycle Rules are integrated directly into the bucket management workflow. The interface provides clear options for retention behavior (such as hiding or deleting old versions), and you can create, edit, or delete rules with better context.

Learn how to enable and configure Lifecycle Rules in the enterprise web console.

CORS Rules

In the previous web console, the CORS configuration was located in secondary menus, making it less prominent and accessible.

The enterprise web console displays CORS settings within each bucket’s settings panel, offering structured options and helpful descriptions. Admins can now choose from standard patterns (all origins, HTTPS only, custom origin) and specify relevant APIs. This makes it easier to manage secure sharing across apps without needing deep technical knowledge.

Learn how to enable and configure CORS rules in the enterprise web console.

Lock Features

In the previous web console, enabling Object Lock and Legal Holds was a basic toggle with minimal context or enforcement structure.

The enterprise web console elevates Object Lock into a formal part of bucket configuration. It includes compliance-focused options like governance and compliance modes, mandatory retention periods, and clear guidance indicating that these settings become permanent after you enable them.

Learn how to enable and configure lock features in the enterprise web console.

Adding Users

In the enterprise web console, users are added through identity systems such as System for Cross-domain Identity Management (SCIM) or Single Sign-on (SSO). When a user is created, they are not automatically assigned to a resource group, user group, or role. As a result, new users have no permissions until access is explicitly granted.

To provide access, administrators must assign the user to a user group or apply specific roles directly.

Buckets may be assigned to the default resource group at the time of creation. This automatic assignment applies only to buckets and does not affect user provisioning or permissions.

Learn how to add and manage users in the enterprise web console.

Usage Reports

Detailed daily usage reports are new in the enterprise web console. You can use these reports to track storage and bandwidth over time, and filter them by resource group for departmental insights. Reports are generated by region, and for more detailed analysis—such as filtering by specific resources—you can download the reports and analyze them using external tools.

Learn how to enable and use usage reports in the enterprise web console.