Users & Roles
Feature
There are 3 options for managing users inside Germain
Database (JDBC) Authentication
LDAP
OAuth2
These can be used in combination to allow many possible ways of authenticating a user.
Configure
Database (JDBC) Authentication
Users and Roles are both stored inside the Germain configuration database. To view the list of users, go to System > Auth Settings > Users in the menu.
Setup
Go to System > Auth Settings > Authentication
Click :plus: Add New Configuration
Select the JDBC Provider option and click Next.
Provide the following values:
- Provider Name (The name of this provider)
- Query for usernames (The query used to authenticate the user - lf using the default Germain database, leave it as the default)
- Query for authorities (The query used to populate the users roles - lf using the default Germain database, leave it as the default)Click Finish.
Restart the Germain server for the new provider to start working.
Creating a User
Go to System > Auth Settings > Users
Click :plus: Add New User
Provide the following values:
- Email (will be used as username to log in)
- Roles (add at least one of the configured roles - this will determine what the user will be able to do within the system)
- Teams (The teams this user is a member of - this will determine what dashboards the user can see)
- Send Welcome Email (check if you want to send an invitation email with password setup steps)If Send Welcome Email is checked, the user will get an email containing information to login to Germain. If not, you can always reset the users password later by clicking on the user in the list and clicking Reset Password. This will send a new email to the user asking them to reset their password.

Login
Login using the username and password fields on the Germain login page.
LDAP
When using LDAP, Users and Groups are stored and managed in your external LDAP system. The Groups that a user is a member of (in LDAP) will be mapped to Roles within Germain (the Role name in Germain should match the Group name in LDAP).
Setup
Go to System > Auth Settings > Authentication
Click :plus: Add New Configuration
Select the LDAP Provider option and click Next.
Provide requested values, for an example:
Click Finish.
Restart the Germain server for the new provider to start working.
Creating a User
Create users and manage their groups inside your LDAP service.
Login
Login using the username and password fields on the Germain login page.
OAuth2
In OAuth2, users are managed in an external OAuth2 provider and redirected to that service to login.
Setup
Go to System > Auth Settings > Authentication
Click :plus: Add New Configuration
Select the OAuth Provider option and click Next.
Provide the requested values, for an example of how to setup for Okta, see here.
Click Finish.
Restart the Germain server for the new provider to start working.
Creating a User
Create users and manage their groups inside your OAuth service.
Login
When configured, a new option will appear on the Germain login page. To login with your OAuth2 service, click the button and follow the login steps of your OAuth2 service. Upon successful login you will be redirected back to the Germain Workspace.

Roles
Roles define what a user is able to do within Germain. To view the list of roles, go to System > Auth Settings > User Roles in the menu.
By default, the following two roles are configured, but you can create as many custom roles as you like.
germain_apm_admin
germain_apm_user
Creating a Role
Go to System > Auth Settings > User Roles
Click :plus: Add New Configuration
Provide the Name of the role. (Note: If you are using LDAP or OAuth and want to map Groups in that system to Roles in Germain, make sure the Role name you provide matches an LDAP/OAuth group name)
Select which Permissions should be applied to the Role.
The following Permissions are available:
Create Inactive Config: Allows a User to create any monitoring, analytics or automation, but not give that user the permission to enable it. Another individual, with "Create/Edit Config" permission, will have to enable it.
Create/Edit Config: allows to create/edit/delete/enable/disable any Germain config objects
Create Dashboard: allows to create/edit dashboard
Edit UI Field/Column: allows a user to edit Germain’s user interface e.g. add a column to a dashboard.
View Data: allows to run a query against Germain’s datamart (business and meta data)
View User Replay: allows to view user session replay video
Manage Users: allows to create/edit/delete users
Monitor: allows engines/agents to get their config from the APM server
User Access Requests
Germain allows non registered users to request access (when using Database (JDBC) Authentication).
To review User Access Requests follow these steps:
Go to System > Auth Settings > Users
Approve or Reject each access request
If approving the request, you will be asked to provide the Roles and Teams the user should be a member of:
Once selected, click Create User to create the new user