Feature

There are 3 options for managing users inside Germain

  1. Database (JDBC) Authentication

  2. LDAP

  3. OAuth2

These can be used in combination to allow many possible ways of authenticating a user.

Configure

Database (JDBC) Authentication

Users and Roles are both stored inside the Germain configuration database. To view the list of users, go to System > Auth Settings > Users in the menu.

Setup

  1. Go to System > Auth Settings > Authentication

  2. Click :plus: Add New Configuration

  3. Select the JDBC Provider option and click Next.

  4. Provide the following values:
    - Provider Name (The name of this provider)
    - Query for usernames (The query used to authenticate the user - lf using the default Germain database, leave it as the default)
    - Query for authorities (The query used to populate the users roles - lf using the default Germain database, leave it as the default)

  6. Click Finish.

  7. Restart the Germain server for the new provider to start working.

Creating a User

  1. Go to System > Auth Settings > Users

  2. Click :plus: Add New User

  3. Provide the following values:
    - Email (will be used as username to log in)
    - Roles (add at least one of the configured roles - this will determine what the user will be able to do within the system)
    - Teams (The teams this user is a member of - this will determine what dashboards the user can see)
    - Send Welcome Email (check if you want to send an invitation email with password setup steps)

  5. If Send Welcome Email is checked, the user will get an email containing information to login to Germain. If not, you can always reset the users password later by clicking on the user in the list and clicking Reset Password. This will send a new email to the user asking them to reset their password.

Login

Login using the username and password fields on the Germain login page.

LDAP

When using LDAP, Users and Groups are stored and managed in your external LDAP system. The Groups that a user is a member of (in LDAP) will be mapped to Roles within Germain (the Role name in Germain should match the Group name in LDAP).

Setup

  1. Go to System > Auth Settings > Authentication

  2. Click :plus: Add New Configuration

  3. Select the LDAP Provider option and click Next.

  4. Provide requested values, for an example:

  6. Click Finish.

  7. Restart the Germain server for the new provider to start working.

Creating a User

Create users and manage their groups inside your LDAP service.

Login

Login using the username and password fields on the Germain login page.

OAuth2

In OAuth2, users are managed in an external OAuth2 provider and redirected to that service to login.

Setup

  1. Go to System > Auth Settings > Authentication

  2. Click :plus: Add New Configuration

  3. Select the OAuth Provider option and click Next.

  4. Provide the requested values, for an example of how to setup for Okta, see here.

  5. Click Finish.

  6. Restart the Germain server for the new provider to start working.

Creating a User

Create users and manage their groups inside your OAuth service.

Login

When configured, a new option will appear on the Germain login page. To login with your OAuth2 service, click the button and follow the login steps of your OAuth2 service. Upon successful login you will be redirected back to the Germain Workspace.

Roles

Roles define what a user is able to do within Germain. To view the list of roles, go to System > Auth Settings > User Roles in the menu.

By default, the following two roles are configured, but you can create as many custom roles as you like.

  • germain_apm_admin

  • germain_apm_user

Creating a Role

  1. Go to System > Auth Settings > User Roles

  2. Click :plus: Add New Configuration

  3. Provide the Name of the role. (Note: If you are using LDAP or OAuth and want to map Groups in that system to Roles in Germain, make sure the Role name you provide matches an LDAP/OAuth group name)

  4. Select which Permissions should be applied to the Role.

The following Permissions are available:

  • Create Inactive Config: Allows a User to create any monitoring, analytics or automation, but not give that user the permission to enable it. Another individual, with "Create/Edit Config" permission, will have to enable it.

  • Create/Edit Config: allows to create/edit/delete/enable/disable any Germain config objects

  • Create Dashboard: allows to create/edit dashboard

  • Edit UI Field/Column: allows a user to edit Germain’s user interface e.g. add a column to a dashboard.

  • View Data: allows to run a query against Germain’s datamart (business and meta data)

  • View User Replay: allows to view user session replay video

  • Manage Users: allows to create/edit/delete users

  • Monitor: allows engines/agents to get their config from the APM server

User Access Requests

Germain allows non registered users to request access (when using Database (JDBC) Authentication).

To review User Access Requests follow these steps:

  1. Go to System > Auth Settings > Users

  2. Approve or Reject each access request

  4. If approving the request, you will be asked to provide the Roles and Teams the user should be a member of:

  6. Once selected, click Create User to create the new user