Commit 800431bc by Diana Payton Committed by GitHub

Docs: Edited Enterprise docs (#22602)

* Update white-labeling.md

* Update team-sync.md

* Update saml.md

* Update saml.md

* Update menu.yaml

* Update reporting.md

* Update saml.md

* Update reporting.md

* Update reporting.md

* Update enhanced_ldap.md

* Update _index.md

* content updates

content updates

* Update menu.yaml

* Update datasource_permissions.md

* Update _index.md

* Minor edits

* Update _index.md

* Update docs/sources/enterprise/_index.md

Co-Authored-By: Emil Tullstedt <sakjur@gmail.com>

* Update _index.md

* Update saml.md

* Update reporting.md

Co-authored-by: Emil Tullstedt <sakjur@gmail.com>
parent 763fb3bc
...@@ -6,7 +6,7 @@ type = "docs" ...@@ -6,7 +6,7 @@ type = "docs"
[menu.docs] [menu.docs]
name = "Grafana Enterprise" name = "Grafana Enterprise"
identifier = "enterprise" identifier = "enterprise"
weight = 30 weight = 100
+++ +++
# Grafana Enterprise # Grafana Enterprise
...@@ -17,58 +17,62 @@ Building on everything you already know and love about Grafana, Grafana Enterpri ...@@ -17,58 +17,62 @@ Building on everything you already know and love about Grafana, Grafana Enterpri
Grafana Enterprise includes all of the features found in the open source edition and more. Grafana Enterprise includes all of the features found in the open source edition and more.
## Enhanced LDAP Integration [Learn more about Grafana Enterprise.](https://grafana.com/enterprise)
With Grafana Enterprise you can set up synchronization between LDAP Groups and Teams. [Learn More]({{< relref "../auth/enhanced_ldap.md" >}}). ## Enhanced security features
## SAML Authentication Grafana Enterprise includes integrations with more ways to authenticate your users and enhanced authorization capabilities.
Enables your Grafana Enterprise users to authenticate with SAML. [Learn More]({{< relref "saml.md" >}}). ### Data source permissions
## Team Sync [Data source permissions]({{< relref "datasource_permissions.md" >}}) allow you to restrict query access to only specific teams and users.
Team Sync allows you to setup synchronization between teams in Grafana and teams in your auth provider so that your users automatically end up in the right team. [Learn More]({{< relref "team-sync.md" >}}). ### Enhanced LDAP integration
Supported auth providers: With Grafana Enterprise [enhanced LDAP]({{< relref "enhanced_ldap.md" >}}), you can set up synchronization between LDAP groups and Grafana teams.
* [LDAP]({{< relref "enhanced_ldap.md#ldap-group-synchronization-for-teams" >}}) ### SAML authentication
* [GitHub OAuth]({{< relref "../auth/github.md#team-sync-enterprise-only" >}})
* [GitLab OAuth]({{< relref "../auth/gitlab.md#team-sync-enterprise-only" >}})
* [Auth Proxy]({{< relref "../auth/auth-proxy.md#team-sync-enterprise-only">}})
## White labeling [SAML authentication]({{< relref "saml.md" >}}) enables your Grafana Enterprise users to authenticate with SAML.
White labeling makes it possible to customize the logos and footer links of Grafana. [Learn More]({{< relref "white-labeling.md" >}}). ### Team sync
## Data source permissions [Team sync]({{< relref "team-sync.md" >}}) allows you to set up synchronization between teams in Grafana and teams in your auth provider so that your users automatically end up in the right team.
Data source permissions allow you to restrict query access to only specific Teams and Users. [Learn More]({{< relref "datasource_permissions.md" >}}). Supported auth providers:
* [Auth Proxy]({{< relref "../auth/auth-proxy.md#team-sync-enterprise-only">}})
* [GitHub OAuth]({{< relref "../auth/github.md#team-sync-enterprise-only" >}})
* [GitLab OAuth]({{< relref "../auth/gitlab.md#team-sync-enterprise-only" >}})
* [LDAP]({{< relref "enhanced_ldap.md#ldap-group-synchronization-for-teams" >}})
## Reporting ## Reporting
Reporting makes it possible to take any dashboard, generate a PDF report, and set up a schedule to have it delivered. [Learn More]({{< relref "reporting.md" >}}). [Reporting]({{< relref "reporting.md" >}}) allows you to take any dashboard, generate a PDF report, and set up a schedule to have it emailed to whoever you choose.
## Enterprise Plugins ## White labeling
With a Grafana Enterprise license you will get access to enterprise plugins, including: [White labeling]({{< relref "white-labeling.md" >}}) allows you to replace the Grafana brand and logo with your own corporate brand and logo. You can also change footer links to point to your custom resources.
* [Splunk](https://grafana.com/plugins/grafana-splunk-datasource) ## Enterprise plugins
With a Grafana Enterprise license, you get access to premium plugins, including:
* [Amazon Timestream](https://grafana.com/plugins/grafana-timestream-datasource)
* [AppDynamics](https://grafana.com/plugins/dlopes7-appdynamics-datasource) * [AppDynamics](https://grafana.com/plugins/dlopes7-appdynamics-datasource)
* [DataDog](https://grafana.com/plugins/grafana-datadog-datasource) * [DataDog](https://grafana.com/plugins/grafana-datadog-datasource)
* [Dynatrace](https://grafana.com/plugins/grafana-dynatrace-datasource) * [Dynatrace](https://grafana.com/plugins/grafana-dynatrace-datasource)
* [New Relic](https://grafana.com/plugins/grafana-newrelic-datasource) * [New Relic](https://grafana.com/plugins/grafana-newrelic-datasource)
* [Amazon Timestream](https://grafana.com/plugins/grafana-timestream-datasource)
* [Oracle Database](https://grafana.com/plugins/grafana-oracle-datasource) * [Oracle Database](https://grafana.com/plugins/grafana-oracle-datasource)
* [Splunk](https://grafana.com/plugins/grafana-splunk-datasource)
## Try Grafana Enterprise ## Try Grafana Enterprise
You can learn more about Grafana Enterprise [here](https://grafana.com/enterprise). To purchase or obtain a trial license contact the Grafana Labs [Sales Team](https://grafana.com/contact?about=support&topic=Grafana%20Enterprise). To purchase or obtain a trial license contact the Grafana Labs [Sales Team](https://grafana.com/contact?about=support&topic=Grafana%20Enterprise).
## License file management ## License file management
To download your Grafana Enterprise license log in to your [Grafana.com](https://grafana.com) account and go to your **Org To download your Grafana Enterprise license log in to your [Grafana.com](https://grafana.com) account and go to your **Org Profile**. In the side menu there is a section for Grafana Enterprise licenses. At the bottom of the license details page there is **Download Token** link that will download the *license.jwt* file containing your license.
Profile**. In the side menu there is a section for Grafana Enterprise licenses. At the bottom of the license
details page there is **Download Token** link that will download the *license.jwt* file containing your license.
Place the *license.jwt* file in Grafana's data folder. This is usually located at `/var/lib/grafana/data` on Linux systems. Place the *license.jwt* file in Grafana's data folder. This is usually located at `/var/lib/grafana/data` on Linux systems.
...@@ -79,6 +83,4 @@ You can also configure a custom location for the license file via the ini settin ...@@ -79,6 +83,4 @@ You can also configure a custom location for the license file via the ini settin
license_path = /company/secrets/license.jwt license_path = /company/secrets/license.jwt
``` ```
This setting can also be set via ENV variable which is useful if you're running Grafana via docker and have a custom This setting can also be set with an environment variable, which is useful if you're running Grafana with Docker and have a custom volume where you have placed the license file. In this case, set the environment variable `GF_ENTERPRISE_LICENSE_PATH` to point to the location of your license file.
volume where you have placed the license file. In this case set the ENV variable `GF_ENTERPRISE_LICENSE_PATH` to point
to the location of your license file.
...@@ -7,31 +7,29 @@ type = "docs" ...@@ -7,31 +7,29 @@ type = "docs"
name = "Datasource" name = "Datasource"
identifier = "datasource-permissions" identifier = "datasource-permissions"
parent = "enterprise" parent = "enterprise"
weight = 4 weight = 200
+++ +++
# Data source permissions # Data source permissions
> Only available in Grafana Enterprise.
Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific **Users** and **Teams**. Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific **Users** and **Teams**.
## Restricting Access - Enable Permissions > Only available in Grafana Enterprise.
## Enable data source permissions
{{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_enable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_enable.gif" >}} {{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_enable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_enable.gif" >}}
By default, permissions are disabled for data sources and a data source in an organization can be queried by any user in By default, data sources in an organization can be queried by any user in that organization. For example, a user with the `Viewer` role can issue any possible query to a data source, not just
that organization. For example a user with `Viewer` role can still issue any possible query to a data source, not just queries that exist on dashboards they have access to.
those queries that exist on dashboards he/she has access to.
When permissions are enabled for a data source in an organization you will restrict admin and query access for that When permissions are enabled for a data source in an organization, you restrict admin and query access for that data source to [admin users]({{< relref "../permissions/organization_roles/#admin-role" >}}) in that organization.
data source to [admin users]({{< relref "../permissions/organization_roles/#admin-role" >}}) in that organization.
**To enable permissions for a data source:** **Enable permissions for a data source:**
1. Navigate to Configuration / Data Sources. 1. Navigate to **Configuration > Data Sources**.
2. Select the data source you want to enable permissions for. 2. Select the data source you want to enable permissions for.
3. Select the Permissions tab and click on the `Enable` button. 3. On the Permissions tab, click **Enable**.
<div class="clearfix"></div> <div class="clearfix"></div>
...@@ -39,31 +37,30 @@ data source to [admin users]({{< relref "../permissions/organization_roles/#admi ...@@ -39,31 +37,30 @@ data source to [admin users]({{< relref "../permissions/organization_roles/#admi
{{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_add_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_add.gif" >}} {{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_add_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_add.gif" >}}
After you have [enabled permissions](#restricting-access-enable-permissions) for a data source you can assign query After you have enabled permissions for a data source you can assign query permissions to users and teams which will allow access to query the data source.
permissions to users and teams which will allow access to query the data source.
**Assign query permission to users and teams:** **Assign query permission to users and teams:**
1. Navigate to Configuration / Data Sources. 1. Navigate to **Configuration > Data Sources**.
2. Select the data source you want to assign query permissions for. 2. Select the data source you want to assign query permissions for.
3. Select the Permissions tab. 3. On the Permissions tab, click **Add Permission**.
4. click on the `Add Permission` button. 4. Select **Team** or **User**.
5. Select Team/User and find the team/user you want to allow query access and click on the `Save` button. 5. Select the entity you want to allow query access and then click **Save**.
<div class="clearfix"></div> <div class="clearfix"></div>
## Restore Default Access - Disable Permissions ## Disable data source permissions
{{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_disable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_disable.gif" >}} {{< docs-imagebox img="/img/docs/enterprise/datasource_permissions_disable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/img/docs/enterprise/datasource_permissions_disable.gif" >}}
If you have enabled permissions for a data source and want to return data source permissions to the default, i.e. If you have enabled permissions for a data source and want to return data source permissions to the default, then you can disable permissions with a click of a button.
data source can be queried by any user in that organization, you can disable permissions with a click of a button.
Note that all existing permissions created for data source will be deleted. Note that *all* existing permissions created for the data source will be deleted.
**Disable permissions for a data source:** **Disable permissions for a data source:**
1. Navigate to Configuration / Data Sources. 1. Navigate to **Configuration > Data Sources**.
2. Select the data source you want to disable permissions for. 2. Select the data source you want to disable permissions for.
3. Select the Permissions tab and click on the `Disable Permissions` button. 3. On the Permissions tab, click **Disable Permissions**.
<div class="clearfix"></div> <div class="clearfix"></div>
...@@ -7,40 +7,39 @@ type = "docs" ...@@ -7,40 +7,39 @@ type = "docs"
name = "Enhanced LDAP" name = "Enhanced LDAP"
identifier = "enhanced-ldap" identifier = "enhanced-ldap"
parent = "enterprise" parent = "enterprise"
weight = 3 weight = 300
+++ +++
# Enhanced LDAP integration # Enhanced LDAP integration
> Only available in Grafana Enterprise. The enhanced LDAP integration adds additional functionality on top of the [LDAP integration]({{< relref "../auth/ldap.md" >}}) available in the open source edition of Grafana.
The enhanced LDAP integration adds additional functionality on top of the existing [LDAP integration]({{< relref "../auth/ldap.md" >}}). > Enhanced LDAP integration is only available in Grafana Enterprise.
## LDAP Group Synchronization for Teams ## LDAP group synchronization for teams
{{< docs-imagebox img="/img/docs/enterprise/team_members_ldap.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}} {{< docs-imagebox img="/img/docs/enterprise/team_members_ldap.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
With the enhanced LDAP integration it's possible to setup synchronization between LDAP groups and teams. This enables LDAP users which are members With enhanced LDAP integration, you can set up synchronization between LDAP groups and teams. This enables LDAP users that are members
of certain LDAP groups to automatically be added/removed as members to certain teams in Grafana. Currently the synchronization will only happen every of certain LDAP groups to automatically be added or removed as members to certain teams in Grafana.
time a user logs in, unless Grafana v6.3 (or later) is used with active background synchronization enabled.
Grafana keeps track of all synchronized users in teams and you can see which users have been synchronized from LDAP in the team members list, see `LDAP` label in screenshot. Grafana keeps track of all synchronized users in teams, and you can see which users have been synchronized from LDAP in the team members list, see `LDAP` label in screenshot.
This mechanism allows Grafana to remove an existing synchronized user from a team when its LDAP group membership changes. This mechanism also enables you to manually add This mechanism allows Grafana to remove an existing synchronized user from a team when its LDAP group membership changes. This mechanism also allows you to manually add
a user as member of a team and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships. a user as member of a team, and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.
[Learn more about Team Sync]({{< relref "team-sync.md">}}) [Learn more about team sync.]({{< relref "team-sync.md">}})
<div class="clearfix"></div> <div class="clearfix"></div>
## Active LDAP Synchronization ## Active LDAP synchronization
> Only available in Grafana Enterprise v6.3+ In the open source version of Grafana, user data from LDAP is synchronized only during the login process when authenticating using LDAP.
In the open source version of Grafana, user data from LDAP will be synchronized only during the login process when authenticating using LDAP. With active LDAP synchronization, available in Grafana Enterprise v6.3+, you can configure Grafana to actively sync users with LDAP servers in the background. Only users that have logged into Grafana at least once are synchronized.
With this feature you can configure Grafana to actively sync users with LDAP servers in the background. Only users that have logged into Grafana at least once will be synchronized.
Users with updated role and team membership will need to refresh the page to get access to the new features. Users with updated role and team membership will need to refresh the page to get access to the new features.
Removed users will be automatically logged out and their account disabled. They will be displayed in the Server Admin / Users page with a `disabled` label. Disabled users will keep their custom permissions on dashboards, folders and datasources so if you add them back in your LDAP database, they will have access to the application with the same custom permissions as before.
Removed users are automatically logged out and their account disabled. These accounts are displayed in the Server Admin > Users page with a `disabled` label. Disabled users keep their custom permissions on dashboards, folders, and data sources, so if you add them back in your LDAP database, they have access to the application with the same custom permissions as before.
```bash ```bash
[auth.ldap] [auth.ldap]
...@@ -61,6 +60,4 @@ sync_cron = "0 0 1 * * *" # This is default value (At 1 am every day) ...@@ -61,6 +60,4 @@ sync_cron = "0 0 1 * * *" # This is default value (At 1 am every day)
active_sync_enabled = true # enabled by default active_sync_enabled = true # enabled by default
``` ```
### Not compatible with Single Bind Single bind configuration (as in the [Single bind example]({{< relref "../auth/ldap.md#single-bind-example">}})) is not supported with active LDAP synchronization because Grafana needs user information to perform LDAP searches.
Single Bind configuration (as in the [Single Bind Example]({{< relref "../auth/ldap.md#single-bind-example">}})) is not supported with active LDAP synchronization because Grafana needs user information to perform LDAP searches.
...@@ -14,7 +14,7 @@ If your license has expired most of Grafana keeps working as normal. Some enterp ...@@ -14,7 +14,7 @@ If your license has expired most of Grafana keeps working as normal. Some enterp
> Replace your license as soon as possible. Running Grafana Enterprise with an expired license is unsupported and can lead to unexpected consequences. > Replace your license as soon as possible. Running Grafana Enterprise with an expired license is unsupported and can lead to unexpected consequences.
## Replacing your license ## Update your license
1. Locate your current `license.jwt` file. In a standard installation it is stored inside Grafana's data directory, which on a typical Linux installation is in `/var/lib/grafana/data`. This location might be overridden in the ini file [Configuration](https://grafana.com/docs/grafana/latest/installation/configuration/) 1. Locate your current `license.jwt` file. In a standard installation it is stored inside Grafana's data directory, which on a typical Linux installation is in `/var/lib/grafana/data`. This location might be overridden in the ini file [Configuration](https://grafana.com/docs/grafana/latest/installation/configuration/)
``` ```
...@@ -31,19 +31,19 @@ The configuration file's location may also be overridden by the `GF_ENTERPRISE_L ...@@ -31,19 +31,19 @@ The configuration file's location may also be overridden by the `GF_ENTERPRISE_L
Your current data source permissions will keep working as expected, but you'll be unable to add new data source permissions until the license has been renewed. Your current data source permissions will keep working as expected, but you'll be unable to add new data source permissions until the license has been renewed.
## Reporting ## LDAP authentication
- You're unable to configure new reports or generate previews. * LDAP synchronization is not affected by an expired license.
- Scheduled reports are not generated or sent. * Enhanced LDAP debugging is unavailable.
## SAML authentication ## SAML authentication
SAML is not affected by an expired license. SAML authentication is not affected by an expired license.
## LDAP authentication ## Reporting
- LDAP synchronization is not affected by an expired license. * You're unable to configure new reports or generate previews.
- Enhanced LDAP debugging is unavailable. * Scheduled reports are not generated or sent.
## Enterprise plugins ## Enterprise plugins
......
...@@ -6,47 +6,46 @@ type = "docs" ...@@ -6,47 +6,46 @@ type = "docs"
aliases = ["/docs/grafana/latest/administration/reports"] aliases = ["/docs/grafana/latest/administration/reports"]
[menu.docs] [menu.docs]
parent = "enterprise" parent = "enterprise"
weight = 8 weight = 400
+++ +++
# Reporting # Reporting
> Only available in Grafana Enterprise v6.4+. Reporting allows you to automatically generate PDFs from any of your dashboards and have Grafana email them to interested parties on a schedule.
Reporting allows you to generate PDFs from any of your Dashboards and have them sent out to interested parties on a schedule. > Only available in Grafana Enterprise v6.4+.
{{< docs-imagebox img="/img/docs/enterprise/reports_list.png" max-width="500px" class="docs-image--no-shadow" >}} {{< docs-imagebox img="/img/docs/enterprise/reports_list.png" max-width="500px" class="docs-image--no-shadow" >}}
## Dashboard as a Report Any changes you make to a dashboard used in a report are reflected the next time the report is sent. For example, if you change the time range in the dashboard, then the time range in the report changes as well.
With Reports there are a few things to keep in mind, most importantly, any changes you make to the Dashboard used in a report will be reflected in the report. If you change the time range in the Dashboard the time range will be the same in the report as well.
## Setup ## Requirements
> SMTP must be configured for reports to be sent * SMTP must be configured for reports to be sent. Refer to [SMTP]({{< relref "../installation/configuration.md#smtp" >}}) in [Configuration]({{< relref "../installation/configuration.md" >}}) for more information.
* The Image Renderer plugin must be installed or the remote rendering service must be set up. Refer to [Image rendering]({{< relref "../administration/image_rendering.md" >}}) for more information.
## Create or update a report
### Rendering Currently only Organization Admins can create reports.
> Reporting requires the [rendering plugin]({{< relref "../administration/image_rendering.md#grafana-image-renderer-plugin" >}}). 1. Click on the reports icon in the side menu. The Reports tab allow you to view, create, and update your reports.
1. Enter report information. All fields are required unless otherwise indicated.
Reporting with the built-in image rendering is not supported. We recommend installing the image renderer plugin. * **Name -** Name of the report as you want it to appear in the Reports list.
* **Choose dashboard -** Select the dashboard to generate the report from.
## Usage * **Recipients -** Enter the emails of the people or teams that you want to receive the report.
* **Reply to -** (optional) The address that will appear in the **Reply to** field of the email.
* **Custom message -** (optional) Message body in the email with the report.
1. **Preview** the report to make sure it appears as you expect. Update if necessary.
1. Enter scheduling information. Options vary depending on the frequency you select.
1. **Save** the report.
{{< docs-imagebox img="/img/docs/enterprise/reports_create_new.png" max-width="500px" class="docs-image--no-shadow" >}} {{< docs-imagebox img="/img/docs/enterprise/reports_create_new.png" max-width="500px" class="docs-image--no-shadow" >}}
Currently only Organisation Admins can create reports. To get to report click on the reports icon in the side menu. This will allow you to list, create and update your reports. ## Troubleshoot reporting
| Setting | Description |
| --------------|------------------------------------------------------------------ |
| Name | name of the Report |
| Dashboard | what dashboard to generate the report from |
| Recipients | emails of the people who will receive this report |
| ReplyTo | your email address, so that the recipient can respond |
| Message | message body in the email with the report |
| Schedule | how often do you want the report generated and sent |
## Debugging errors To troubleshoot and get more log information, enable debug logging in the configuration file. Refer to [Configuration]({{< relref "../installation/configuration.md#filters" >}}) for more information.
If you have problems with the reporting feature you can enable debug logging by switching the logger to debug (`filters = report:debug`). Learn more about making configuration changes [here]({{< relref "../installation/configuration.md#filters" >}}). ```bash
[log]
filters = saml.auth:debug
```
...@@ -7,41 +7,45 @@ type = "docs" ...@@ -7,41 +7,45 @@ type = "docs"
[menu.docs] [menu.docs]
name = "Team sync" name = "Team sync"
parent = "enterprise" parent = "enterprise"
weight = 5 weight = 600
+++ +++
# Team sync # Team sync
> Only available in Grafana Enterprise.
{{< docs-imagebox img="/img/docs/enterprise/team_members_ldap.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}} {{< docs-imagebox img="/img/docs/enterprise/team_members_ldap.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
With the Team Sync it's possible to setup synchronization between your auth providers teams and teams in Grafana. This enables LDAP or GitHub OAuth users which are members Team sync lets you set up synchronization between your auth providers teams and teams in Grafana. This enables LDAP or GitHub OAuth users who are members
of certain teams/groups to automatically be added/removed as members to certain teams in Grafana. Currently the synchronization will only happen every of certain teams or groups to automatically be added or removed as members of certain teams in Grafana.
time a user logs in, unless LDAP is used together with active background synchronization that was added in Grafana 6.3.
> Only available in Grafana Enterprise.
Grafana keeps track of all synchronized users in teams, and you can see which users have been synchronized in the team members list, see `LDAP` label in screenshot.
This mechanism allows Grafana to remove an existing synchronized user from a team when its group membership changes. This mechanism also enables you to manually add a user as member of a team, and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.
Grafana keeps track of all synchronized users in teams and you can see which users have been synchronized in the team members list, see `LDAP` label in screenshot. > Currently the synchronization only happens when a user logs in, unless LDAP is used with the active background synchronization that was added in Grafana 6.3.
This mechanism allows Grafana to remove an existing synchronized user from a team when its LDAP group membership (for example) changes. This mechanism also enables you to manually add a user as member of a team and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.
<div class="clearfix"></div> <div class="clearfix"></div>
### Enable synchronization for a team ## Synchronize a Grafana team with an external group
If you have already grouped some users into a team, then you can synchronize that team with an external group.
{{< docs-imagebox img="/img/docs/enterprise/team_add_external_group.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}} {{< docs-imagebox img="/img/docs/enterprise/team_add_external_group.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
1. Navigate to Configuration / Teams. 1. In Grafana, navigate to **Configuration > Teams**.
2. Select a team. 1. Select a team.
3. Select the External group sync tab and click on the `Add group` button. 1. On the External group sync tab, and click **Add group**.
4. Insert the value of the group you want to sync with. This becomes what Grafana denominates as a `GroupID`. 1. Insert the value of the group you want to sync with. This becomes the Grafana `GroupID`.
Examples:
- Using LDAP as an example, this is the LDAP distinguished name (DN) of LDAP group you want to synchronize with the team. - For LDAP, this is the LDAP distinguished name (DN) of LDAP group you want to synchronize with the team.
- Using Auth Proxy as an example, this is the value we receive as part of the custom `Groups` header. - For Auth Proxy, this is the value we receive as part of the custom `Groups` header.
5. Click on `Add group` button to save. 1. Click `Add group` to save.
### Supported Providers ## Supported providers
* [LDAP]({{< relref "enhanced_ldap.md#ldap-group-synchronization-for-teams" >}}) * [Auth Proxy]({{< relref "../auth/auth-proxy.md#team-sync-enterprise-only">}})
* [GitHub OAuth]({{< relref "../auth/github.md#team-sync-enterprise-only" >}}) * [GitHub OAuth]({{< relref "../auth/github.md#team-sync-enterprise-only" >}})
* [GitLab OAuth]({{< relref "../auth/gitlab.md#team-sync-enterprise-only" >}}) * [GitLab OAuth]({{< relref "../auth/gitlab.md#team-sync-enterprise-only" >}})
* [Auth Proxy]({{< relref "../auth/auth-proxy.md#team-sync-enterprise-only">}}) * [LDAP]({{< relref "enhanced_ldap.md#ldap-group-synchronization-for-teams" >}})
...@@ -7,27 +7,31 @@ type = "docs" ...@@ -7,27 +7,31 @@ type = "docs"
[menu.docs] [menu.docs]
name = "White-labeling" name = "White-labeling"
parent = "enterprise" parent = "enterprise"
weight = 5 weight = 700
+++ +++
# White labeling # White labeling
> Only available in Grafana Enterprise v6.6+. White labeling allows you to replace the Grafana brand and logo with your own corporate brand and logo.
{{< docs-imagebox img="/img/docs/v66/whitelabeling_1.png" max-width="800px" caption="White labeling example" >}} > Only available in Grafana Enterprise v6.6+.
Grafana Enterprise has white labeling options in the `grafana.ini` file (can also be set via ENV variables). Grafana Enterprise has white labeling options in the `grafana.ini` file. As with all configuration options, you can also be set set them with environment variables.
You can change the following elements: You can change the following elements:
- Application Title - Application title
- Login Background - Login background
- Login Logo - Login logo
- Side menu top logo - Side menu top logo
- Footer & Help menu links - Footer and help menu links
- Fav icon (shown in browser tab) - Fav icon (shown in browser tab)
> You will have to host your logo and other images used by the white labeling feature separately. > You will have to host your logo and other images used by the white labeling feature separately. Make sure Grafana can access the URL where the assets are stored.
{{< docs-imagebox img="/img/docs/v66/whitelabeling_1.png" max-width="800px" caption="White labeling example" >}}
The configuration file in Grafana Enterprise contains the following options. Each option is defined in the file. For more information about configuring Grafana, refer to [Configuration]({{< relref "../installation/configuration.md">}}).
```ini ```ini
# Enterprise only # Enterprise only
...@@ -50,21 +54,24 @@ You can change the following elements: ...@@ -50,21 +54,24 @@ You can change the following elements:
# Set to complete URL to override apple/ios icon # Set to complete URL to override apple/ios icon
;apple_touch_icon = ;apple_touch_icon =
```
# Below is an example for how to replace the default footer & help links with 2 custom links Below is an example for how to replace the default footer and help links with two custom links.
;footer_links = support guides
;footer_links_support_text = Support ```ini
;footer_links_support_url = http://your.support.site footer_links = support guides
;footer_links_guides_text = Guides footer_links_support_text = Support
;footer_links_guides_url = http://your.guides.site footer_links_support_url = http://your.support.site
footer_links_guides_text = Guides
footer_links_guides_url = http://your.guides.site
``` ```
Here is the same example using environment variables instead of the custom.ini or grafana.ini file.
ENV Variables:
``` ```
- GF_WHITE_LABELING_FOOTER_LINKS=support guides GF_WHITE_LABELING_FOOTER_LINKS=support guides
- GF_WHITE_LABELING_FOOTER_LINKS_SUPPORT_TEXT=Support GF_WHITE_LABELING_FOOTER_LINKS_SUPPORT_TEXT=Support
- GF_WHITE_LABELING_FOOTER_LINKS_SUPPORT_URL=http://your.support.site GF_WHITE_LABELING_FOOTER_LINKS_SUPPORT_URL=http://your.support.site
- GF_WHITE_LABELING_FOOTER_LINKS_GUIDES_TEXT=Guides GF_WHITE_LABELING_FOOTER_LINKS_GUIDES_TEXT=Guides
- GF_WHITE_LABELING_FOOTER_LINKS_GUIDES_URL=http://your.guides.site GF_WHITE_LABELING_FOOTER_LINKS_GUIDES_URL=http://your.guides.site
``` ```
...@@ -14,15 +14,15 @@ ...@@ -14,15 +14,15 @@
children: children:
- name: Requirements - name: Requirements
link: /installation/requirements/ link: /installation/requirements/
- name: Install on Ubuntu / Debian - name: Install on Ubuntu/Debian
link: /installation/debian/ link: /installation/debian/
- name: Install on Centos / Redhat - name: Install on Centos/RedHat/SUSE
link: /installation/rpm/ link: /installation/rpm/
- name: Install on Windows - name: Install on Windows
link: /installation/windows/ link: /installation/windows/
- name: Install on macOS - name: Install on macOS
link: /installation/mac/ link: /installation/mac/
- name: Install using Docker - name: Run Docker image
link: /installation/docker/ link: /installation/docker/
- name: Upgrade Grafana - name: Upgrade Grafana
link: /installation/upgrading/ link: /installation/upgrading/
...@@ -109,7 +109,7 @@ ...@@ -109,7 +109,7 @@
name: Dashboard list name: Dashboard list
- link: /features/panels/text/ - link: /features/panels/text/
name: Text name: Text
- name: Dashboard Features - name: Dashboard features
link: /features/dashboard/ link: /features/dashboard/
children: children:
- link: /features/dashboard/dashboards/ - link: /features/dashboard/dashboards/
...@@ -140,7 +140,7 @@ ...@@ -140,7 +140,7 @@
name: JSON Model name: JSON Model
- link: /reference/scripting/ - link: /reference/scripting/
name: Scripted dashboards name: Scripted dashboards
- name: Data Sources - name: Data sources
link: /features/datasources/ link: /features/datasources/
children: children:
- link: /features/datasources/add-data-source/ - link: /features/datasources/add-data-source/
...@@ -192,7 +192,7 @@ ...@@ -192,7 +192,7 @@
link: /features/reporting/ link: /features/reporting/
- name: Navigation links - name: Navigation links
link: /features/navigation-links/ link: /features/navigation-links/
- name: What's New In Grafana - name: What's new In Grafana
link: /whatsnew/ link: /whatsnew/
children: children:
- name: Version 6.6 - name: Version 6.6
...@@ -245,12 +245,12 @@ ...@@ -245,12 +245,12 @@
children: children:
- name: Overview - name: Overview
link: /enterprise/ link: /enterprise/
- name: Reporting
link: /enterprise/reporting/
- name: Data source permissions - name: Data source permissions
link: /enterprise/datasource_permissions/ link: /enterprise/datasource_permissions/
- name: Enhanced LDAP - name: Enhanced LDAP
link: /enterprise/enhanced_ldap/ link: /enterprise/enhanced_ldap/
- name: Reporting
link: /enterprise/reporting/
- name: SAML authentication - name: SAML authentication
link: /enterprise/saml/ link: /enterprise/saml/
- name: Team sync - name: Team sync
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment