Users and Teams

Graylog allows you to manage users either individually or in teams. With either method, you have the option to integrate with your organization's authoritative identity source to provide single sign-on (SSO) and manage assigned permissions. This article provides an overview of users and teams in Graylog.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

  • You must be a Graylog administrator to create and manage users and teams.

  • Graylog Enterprise license is required for teams.

Users

Graylog provides multiple methods for adding and managing your users. In the Graylog web interface, visit the Users Overview page at System > Users and Teams. The Users tab lists all existing users with details such as their email address and any roles assigned to them. You can also create new users here.

Hint: The Users and Teams page is available only to users with the User Inspector role. Typically, this role is assigned only to administrators.

For detailed information about creating users or updating existing users, see Manage Users.

Graylog can also sync with your organization’s authoritative identity source, such as Active Directory, LDAP, or any OIDC-compliant provider. When you establish this connection, users are automatically imported to Graylog and you can determine what roles imported users should be assigned. In this way, Graylog can set access using the current roles and groups from the identity source, reflecting the organizational permissions structure.

For detailed information about creating teams, see Manage Teams. For information about integrating your identity source, see Single Sign-On.

Teams

This is a Graylog Enterprise feature. A valid Graylog Enterprise license is required.

The Teams feature groups users so that you can more easily assign roles. You can create teams based on work groups, shared responsibilities, physical location, or any classification useful to your organization. When you create a team, you can determine the roles that team’s members are assigned.

Users can be assigned to as many teams as necessary, or to no team. Each team can be assigned as many permissions as necessary, or no permissions. All permissions from the team are assigned to each member of the team, so a user in a team receives all the permissions for the team.

For large organizations, the Teams feature can reduce the time spent managing user access. Administrators can apply unique sets of roles to each team without worrying that any user has too much or too little access to complete their required tasks.

Team Assignment Example

Sally, an IT admin, has an organization with 10 teams, with 5 users on each team. Because each team is focused on different areas, Sally sets the Graylog roles on each team so the team members have the permissions they need for their jobs.

For example, the analyst team is assigned the Reports Manager role so that they can produce and distribute reports from the data. Of course, they also need the appropriate permissions to access the data. The security team is assigned all security-focused roles, and so forth. In this way, all teams get only the roles they require and Sally saves time by assigning roles through teams instead of to all her individual users.

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: