Coralogix provides you with a way to easily manage users under different teams, with different data access, and manage your users’ SSO logins. In this short tutorial we will show you how.
1) Name your first Team by signing up to Coralogix:
2) Invite your teammates to the new Team you created and set their permissions (Settings –> Account –> Invites):
The list below shows you the type of users and what they can access.
3) Manage users: Add/remove or change permissions from the teammates view (Settings –> Account –> Team Users):
Note: Only Admin users can invite teammates and manage users.
4) For Single Sign-On (SSO) integration with your IdP, follow our tutorial here.
Note: In case your admin has configured SAML SSO integration no password is needed in order for you to sign-in to Coralogix. Also, in case SSO was enabled, only the admin can change the password, and his password only.
5) To create a new Team, you need to log out and log in again, and choose ‘CREATE NEW TEAM’.
Each user can be assigned to one or more teams and view only the data sent to the Teams they are assigned to. After login in, users can choose the Team they would like to work on.
Note: a new team has a different Private Key for sending data.
Team administrators can define the duration of idle sessions for all users in the team. Users will automatically get logged out after the inactivity period. The idle session length can be set to any value between 1 to 60 minutes.
The feature can be enabled under Account settings -> Security -> Sessions
Configuration example:
Role-based access control allows account administrators to allocate team users into groups with specific Applications/Subsystems data permissions, enabling access to specific sets of data. You can also assign Team users into multiple groups with different action permissions to any sub-set of users. As indicated previously, by default 3 groups are created: Admins, Users, and Read-only.
User roles are determined when a user is initially invited to a Team (in the Invites page). You may change users roles by either assigning them to a different group from the Team Members page:
Or by adding the user to the group by choosing him in the Members option. You can also change permissions to an entire group by changing the role in the Select Role option.
In Manage application scope you may choose specific applications that will be visible to the group across Coralogix. For example, in the AWS people group, choosing application “AWS” will give access to aws-related information only to the users who are members of the AWS people group (access to view aws logs in the Logs view, aws logs in the LiveTail view, aws-related alerts, AWS traces etc.). You can also choose a different Filter type to include several applications which start, end or include a search term.
The same goes for Manage subsystem scope.
Note: If Application and Subsystem are not specified then users have access to all applications and subsystems.
As applied for logs today, RBAC scoping will be applied for tracing as well. In case a user does not have the permission to view a specific subsystem, the relevant trace will be marked as N\A(out of scope) and the relevant spans will not be visible (grayed out) for him (only latency will be shown).
Note: This feature is opened upon request. To enable RBAC for your account, please contact us through our in-app chat, or via email to [email protected]
Questions? We love to help! Check out our website and in-app chats.