Manage Teams

The following article exclusively pertains to a Graylog Enterprise feature or functionality. To learn more about obtaining an Enterprise license, please contact the Graylog Sales team.

Teams in Graylog let you easily assign permissions to multiple users who need the same access. You create teams with specific roles, then assign users to teams. Users in a team receive all the roles assigned to that team. You can also set default collections for teams so that all entities created by team members are available in the same collections for sharing.

Graylog provides two methods for team management:

  • Integration with your organization’s authoritative identity source

  • Manual team management

For information about the identity sources Graylog can sync with as well as how to integrate these sources, see Single Sign-On.

This article explains how to create and manage teams in the Graylog web interface if you are not synchronizing with an identity source.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

  • You must be a Graylog administrator to create and manage teams.

Create Teams

To perform team management operations in Graylog, navigate to System > Users and Teams, then select the Teams Overview tab.

This page lists existing teams and allows you to view details about each team.

To create a new team:

  1. Click Create team.

  2. Enter a Name and Description in the Profile section to identify the team.

  3. Select users to assign to the team from the Assign Users drop-down menu. Assign multiple users by continuing to select users. Note that you can filter the list by typing in the field, which is useful when you have a large user list.

  4. Click Assign User. The users you selected are displayed in the Selected Users section.

  5. Select roles to assign to the team from the Assign Roles drop-down menu. Assign multiple roles by continuing to select roles. Note that you can filter the list by typing in the field. Selected roles are added automatically the to Selected Roles section.

  6. Click Create team.

The new team is added to the list on the Teams Overview page.

Edit Teams

You can assign new users to a team, update the roles, and change other details after it is created.

Hint: You can assign default collections to teams only when you edit them.

To edit an existing team:

  1. Find the team in the list on the Teams Overview page, then click Edit in the Actions column. Note that you can use the search bar to filter the list, which is useful if you have many teams.

  2. Update the profile, assigned users, or assigned roles, as necessary. Note that you must save changes to each section independently of the others.

  3. (Optional) Assign a default collection. Note that you can assign multiple collections. All shareable entities created by team members are automatically added to default collections for easy sharing. See Collections for complete details.

Hint: Teams created through integration with an external identity provider cannot be manually managed in Graylog. You cannot add or remove members or assign roles within Graylog for these teams. All membership and role changes must be made directly in the identity provider. When you configure the integration, ensure that team roles are correctly defined. To modify roles or membership later, update the identity provider configuration. See Single Sign-On for more information.

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: