Settings and account management
Your Settings page is where you can manage the account's profile information, billing and authentication methods, and apps connected to your Mapbox account. To access the Settings page, log into your account and navigate to account.mapbox.com/settings. For accounts using SAML Single-sign on, only users with the
Root role assigned in their identity provider can access and update settings.
All users who login to an account with the account's master password can access and update the account's settings. Alternatively, if your account has enabled SAML Single sign-on authentication, there are two user roles that are available:
Admin, which are assigned to users in an identity provider like Okta. Only users with the
Root role will be able to access and update settings as described below.
- Log in and navigate to your Account settings page, and click the
- Enter the new email address and click Save changes.
It's not possible to change your username. Doing so would break links to your maps and could cause unanticipated problems.
Instead, you can create a new account, transfer your map styles, and update your web and mobile applications to reference the new account's tokens and styles. Once this transition is complete, you can delete the original account without breaking any links to your maps. For more information about setting up an account for collaboration or preparing for an ownership transition, see our guide for collaboration.
Please contact support with questions or feature requests about an account's profile settings.
You can delete your account by scrolling to the bottom of your Account settings and clicking the Delete account button.
When you delete an account, the change is effective immediately and all maps and data are removed:
- Projects and data associated with your account will no longer be available.
- You will not be able to use the account to log in to Mapbox.
- We won't automatically prorate for unused services.
- Deleting your account is permanent. We will not be able to recover your account if you change your mind.
- You will not be able to create an account with the same username again.
- Log in and navigate to your Account settings.
- Enter your current password and new password in the appropriate fields.
- If you have two-factor authentication enabled, enter your two-factor authentication code.
- Click Save new password.
If you're having trouble logging in, try resetting your password by providing the email address that's associated with your Mapbox account. We'll send you an email with further instructions.
The link you'll receive in your password reset email is only valid for 24 hours. If you receive an
Invalid token error message or have waited more than 24 hours, you'll need to request another password reset email.
If you don't remember your email address or you're having other access problems, contact our support team and we'll look into it.
Sometimes, password reset emails are undeliverable especially for inactive email addresses. If you are not receiving the password reset email, let us know.
An account's Security Settings page is where you can enable two-factor authentication or SAML Single sign-on for the account.
Two-factor authentication (2FA), also known as multi-factor authentication (MFA) or two-step authentication, provides an optional, but recommended, layer of security to your account. Once enabled, you'll be prompted to enter your password as well as a security code generated on your mobile device whenever you log in.
When you're logged in to your account, you can enable two-factor authentication from your Security page.
Your Security page will include a barcode which you'll be prompted to scan with your mobile device.
Scan the generated barcode using an authenticator app on your mobile device. We recommend using Google Authenticator - it's free and available for iOS and Android. For a Windows phone, use the Authenticator app.
Your mobile device will display a 6-digit code. Type this code into the field below the barcode to complete the process.
After you've set up two-factor authentication on your account, you will be redirected to a page with a recovery code. A recovery code is a single-use code that lets you sign in without your two-factor device.
Write down this code and keep it in a safe place. Treat your recovery code like a password to your account. If you lose your mobile device, you will need this code to log in to your account.
If you have already set up two-factor authentication on your account and do not have a recovery code, go to your Security page to generate and retrieve your recovery code.
To use the code, you'll need your username or email and your password. To use your recovery code:
- Navigate to the Sign in page.
- Enter your username and password and click Sign in.
- Click the Lost your mobile device? link below the Sign in button. A new field will appear.
- Enter your recovery code in the new field and click Sign in.
Using your recovery code will temporarily disable two-factor authentication and give you a chance to configure a new two-factor authentication device.
If you do not have your recovery code, you must have a payment method on file so we can verify your account and remove two-factor authentication. Contact our support team to get started.
Manage your organization's access to Mapbox accounts while adding another level of security with SAML Single sign-on (SSO). SSO enables members of your organization to authenticate into a mapbox.com account through any trusted, third-party identity provider that supports the SAML2.0 protocol.
- SAML2.0 protocol
- Identity Provider (IdP) initiated login
- Shared accounts that multiple users can access
- User roles of Root and Admin (learn more in the user roles section)
Does not support:
- OAuth, OpenID Connect, Kerberos, other protocols
- Service provider (SP) initiated login
- Identity provider (IdP) initiated single logout
- Nested sub-account hierarchy of separate, connected accounts
- Multiple identity providers
- Domain control or domain lockout
The setup workflow for each identity provider can be unique, but there are general themes:
- Login to the Mapbox account you want to set up with SSO authentication
- In your identity provider (IdP), create a new SAML application
- Copy and paste the required details in the Configure your identity provider section of the Mapbox SSO setup page into your IdP’s configuration workflow
- Add the user roles as a custom attribute in your IdP
- Copy and paste the required details from your identity provider in the Setup SAML single sign-on for Mapbox section of the SSO setup page
- Click Enable single sign-on to save your integration
- Assign users to your application in the IdP
- Assign roles to the users
- Test that the SAML authentication is working as expected
Have questions about setup? See the sections below for more details about each step, or submit a support request to get in touch with our team.
Log into your identity provider with the required administrative privileges, then create a custom SAML2.0 application for Mapbox. If you're an Okta user, read their How to configure SAML for Mapbox guide to get started.
In this new application, enter the following required information from the Mapbox SSO setup page:
Single sign-on URL, also could be referred to as the SSO URL, Assertion Consumer Service (ACS) URL, Reply URL, Callback URL, or Post-back URL in your IdP
Audience Restriction, also could be referred to as Audience URI, SP Entity ID, or Identifier in your IdP
- The application username must be in email format
- The SHA256 encryption algorithm is required
Through SAML SSO you can assign users roles that provide certain permissions in the Mapbox Account app and Mapbox Studio that are also enforced by all Mapbox APIs. User roles are assigned in the identity provider and transferred to Mapbox in the SAML assertion. The available user roles are:
|Users with the ||IT Admins, Product Owners, CTOs|
|Users with the ||Developers, Designers, Project contributors|
Many identity providers use custom attributes and attribute statements for roles. Typically, roles can be assigned to individuals or groups. Consult the documentation for your specific IdP, such as the Okta documentation for Mapbox SAML apps for details.
Contact our team with questions about these user roles or to share feedback about which roles you'd like to see next.
To complete the initial connection between your identity provider and mapbox.com, enter the following required information in your Mapbox account's SSO setup page:
Identity Provider sign-on URL, also could be referred to as SSO URL or SAML endpoint in your IdP
IssuerID, also could be referred to as Entity ID, Issuer, or Issuer URL in your IdP
X.509 Certificate, pasted as text into the field
Be sure to include
— BEGIN CERTIFICATE — and
— END CERTIFICATE — when pasting your X.509 certificate into the Mapbox form.
Click Enable single sign-on to submit the form.
Once you have saved the integration, return to your identity provider to assign the application to yourself for testing. When assigned, try clicking the tile, chiclet, or link for your Mapbox app to login. From the Mapbox account, you can also click the test SAML configuration button in the Security settings to login with SSO.
Enabling SSO for an account does not invalidate password authentication. Any users logging in with the password (and optional 2FA) will assume the
Root user role. The account's master password is still a valid authentication method to make sure your transition period is seamless and
Root users have direct access to the account if your identity provider has an outage.
To encourage your users to login to Mapbox through your identity provider, we recommend the following:
- Assign yourself the
Rootuser role in your IdP so you will have access to settings
- Assign most others the
Adminuser role so they will not have access to settings
- Change the email for the account to an email address that the
Rootuser(s) can access
- Change the password for the account
- Save the new password in a safe location with limited access (identity provider, shared password manager, or IT vault)
- If 2FA is enabled for the account, either turn it off or save the recovery codes with the new password
These changes should effectively push all the
Admin users to authentication with Single sign-on, as they'll no longer have the password.