Management¶
Administrators¶
On the Settings > Administrators page, you can search, add, modify, and disable/enable all administrator accounts.
Administrator account roles are currently divided into two types: Administrator and Developer:
- Administrator: Has all management permissions, can log in to the management backend and the DataFlux f(x) development platform;
- Developer: Can only log in to the DataFlux f(x) development platform.
Add Administrator¶
On the Settings > Administrators page, click Add Administrator in the upper right corner. In the pop-up dialog, fill in the administrator account information, select the role permissions, enter the password, and click OK to add a new administrator.
Modify¶
On the Settings > Administrators page, click Modify on the right side of the account to enter the Edit Administrator Information page. You can modify the administrator account and role permissions.
Reset Password¶
On the Settings > Administrators page, click Reset Password to modify the password of the administrator account.
Disable/Enable Member¶
On the Settings > Administrators page, click Disable or Enable on the right side of the account to switch the account status of the administrator.
Note: Once the currently logged-in account is disabled, the login account information becomes invalid, and it will automatically log out of the management backend. It will not be able to log in to the management backend until it is re-enabled.
Basic Information¶
On the Guance management backend Settings > Basic Information page, you can customize the default language, product name, logo, and browser display icon.
In addition, you can also view the workspace's License information and software information, including its service expiration time, DataKit quantity limit, License version, ownership, and expiration time:
User Settings¶
On the Settings > User Settings page, you can modify the password of the currently logged-in account.
Mapping Rules¶
Guance Deployment Plan supports single sign-on (SSO) application access for OpenID Connect/OAuth 2.0/LDAP protocols and configures mapping rules for such login accounts. After enabling mapping, you can dynamically assign access permissions to enterprise employees, and employees can access Guance based on the assigned role permissions.
When a single sign-on account is set as the workspace owner, note that:
The role of this account in this workspace is fixed as the owner, not affected by mapping rule matching. Otherwise, it will access the workspace according to the actual mapping rule matching role.
In addition to configuring mapping rules in the management backend, you also need to configure Keycloak single sign-on mapping rules. The mapping rules will take effect only after both configurations are completed.
Application Scope¶
In Management > Mapping Rules, for the application scope of mapping rules, you can choose Only effective for the first login and Globally effective:
Only effective for the first login
When you choose to enable this option, if a single sign-on user account is logging in for the first time, it will be dynamically assigned to the workspace and granted a role based on the mapping rules.
Note: SSO member accounts that have already logged in are not affected by the mapping rules.
Append effective
After enabling, single sign-on accounts will be assigned to workspaces and roles according to the mapping rules, while the original workspace and role remain unchanged.
For example, if a member originally had the Standard role, and a new mapping rule grants the Administrator role, they will have both the Standard and Administrator roles.
Globally effective
When you choose to enable this option, single sign-on user accounts will be stripped of their current roles in the workspace and dynamically assigned roles based on the attribute fields and values provided by the identity provider's assertion side. If no mapping rule is matched, the user account will be stripped of all roles and will not be allowed to log in to the Guance workspace.
Note: Each login of the user needs to go through the dynamic workspace joining and role assignment process; once the corresponding mapping rule is deleted in the management backend, the user's corresponding workspace will be considered inaccessible.
Not enabled: Single sign-on users will continue to have the roles previously assigned to their accounts, and these roles will not be affected by changes in the identity provider's assertions.
Add Mapping¶
After configuring the mapping rules, the management backend will add members to the corresponding workspace and grant the corresponding roles based on the mapping relationship. In Management > Mapping Rules, click Add Mapping.
In the new mapping dialog, enter the Attribute Field and its Attribute Value, select the Role, and click Save.
| Field | Description |
|---|---|
| Attribute Field/Attribute Value | The attribute field and attribute value in the mapping configuration must match the attribute field and attribute value configured on the IdP account. After successful verification, the account will be granted the corresponding role permissions when logging in with the IdP account. |
| Workspace | All workspaces in the management backend. |
| Role | Guance supports four default member roles Owner, Administrator, Standard, and Read-only. You can also create new roles in Role Management and assign permission scopes to the roles to meet the needs of different users. |
Search/Edit/Delete Mapping Role¶
- Search: Supports filtering and viewing configured mapping roles by workspace, role, attribute field, and attribute value;
- Edit/Delete: Supports clicking the Edit/Delete button on the right to modify the configured mapping roles. Modifications do not affect the current role and permissions of the logged-in account, but only affect subsequent logged-in user accounts.
Operation Audit¶
Go to Management > Operation Audit to view all audit events.
Time Widget¶
By default, all audit events are listed. You can add a time range for further filtering.
After selecting a date range, all audit events within the selected time range are listed. The default start time is 00:00:00, and the default end time is 23:59:59.
- After selecting the time range, click Select Time to customize the time range;
- Click Clear to clear the time filter conditions.
Search & Export¶
| Operation | Description |
|---|---|
| Search | You can search based on the audit event title and description content. |
| Export | Click the button to export the current audit event CSV file. |
Audit Event Details Page¶
Click on a specific event in the list to expand its details page. In the details page, you can view the attributes and content of the audit event.
Workspace Audit Events¶
You can view all workspace audit events.
You can filter events based on workspace or time range, or directly enter the relevant title and description to search and locate:
Security Settings¶
Password Rotation Policy¶
To further enhance the security of the management backend, Guance Deployment Plan provides a password rotation policy. By default, the Password Rotation Policy is Not Enabled.
You can choose the password validity period as needed: 3 months, 6 months, 12 months; default is off.
Note: 7 days before the password expires, you will receive a management backend password expiration reminder email every day. You can reset the password in the email, and the new password cannot be the same as the current password.
Login Status Management¶
Guance supports unified setting of login session retention time for front-end users. When turned off, members in the front-end workspace can freely configure the session retention time; when turned on, members cannot freely modify it and must follow the settings here.
In Login Retention Time, click Modify to change the default login session retention time, including the inactive login session retention time and the maximum login session retention time. After setting, timed-out login sessions will become invalid.
- Inactive login session retention time: Supports setting a range of 30 to 1440 minutes, default is 180 minutes;
- Maximum login session retention time: Supports setting a range of 1 to 7 days, default is 7 days.
Console/Management Backend MFA Security Authentication¶
Guance workspace and management backend both provide mandatory two-factor MFA security authentication management, adding an extra layer of security protection beyond the account username and password. After enabling MFA authentication, you need to perform a secondary verification when logging in, thereby helping you improve the security of your account.
If no secondary verification is needed, you can check "Trusted Device" to simplify your login process.
- Default: Members can use any authenticator APP to complete MFA binding and identity verification;
- Custom: Members need to complete MFA binding and identity verification through a specified APP, which needs to be implemented through DataFlux Func. In custom MFA mode, when users unbind MFA, the MFA of the corresponding account on the Guance side will also be unbound.
Independent Alarm Notification¶
Guance supports configuring Independent Alarm Notification for monitor detection results in the alarm non-aggregation mode.
In the alarm non-aggregation mode, alarm events will be merged into one notification every 20 seconds and sent to the corresponding notification target. Supports Enable/Disable independent alarm notification, configuring whether alarm notifications are merged into one.
Event Link Login-Free View¶
Supports the jump link built into the alarm notification to be viewed through public sharing. You can configure Event Link Login-Free View. After enabling this configuration, all alarm notification event links sent by the workspace can be accessed without logging in. After turning it off, all historical login-free link view permissions will become invalid.
Login Method Management¶
Currently, it supports logging into the Guance console through local accounts, LDAP accounts, and OIDC. Click Modify to manage the login channels for user accounts.
- Local account: The account generated by registering Guance;
- LDAP account;
-
OIDC: Single sign-on through the OpenID Connect protocol, refer to:
DataKit Management¶
On this page, administrators can view the host information of the Datakit that has been installed on the current platform, including the running ID, IP address, operating system, hardware platform, count, and DataKit version under different workspaces.
Note: If DataKit is running in gateway mode, the [Count] here does not follow physical counting, but follows CPU Core counting.
For this list, you can manage it through the following operations:
- Click on the workspace and DataKit version for dropdown filtering;
- In the search bar, directly enter the host name, running ID, IP address, and other information to locate the data;
- You can check "Only show online hosts" and filter out hosts that have reported data within the last 10 minutes, 15 minutes, 30 minutes, 1 hour, or 3 hours based on the time selection.
-
You can export the DataKit list data for subsequent problem backtracking and usage as expansion report basis.
-
The display information of the specific list can be adjusted through the display columns:
Note: If the current platform's DataKit usage exceeds the license limit, you need to pay attention to the DataKit usage of each workspace. At the same time, if this situation occurs, the management backend and workspace login users need to perform subsequent renewal operations, and the Guance version cannot be upgraded temporarily. If you need to increase the number of DataKits, please contact your account manager to purchase more.
Global Configuration¶
Incident Tracking Level Management¶
You can uniformly manage the incident tracking Issue level configuration of each workspace from this entry.
Note: After enabling the global configuration, the incident tracking level configured at the workspace level will no longer apply.
Click Add Level, select the level color block, enter the level name and its description, and the creation will be successful.
For levels, you can perform the following operations:
-
Edit: Click the edit button to modify the color, name, and description of the current custom level.
-
Delete: Click to delete the current level. After deletion, if the workspace has monitors, intelligent monitoring, issue auto-discovery, and other rules that apply this level, the level of newly created issues will be set to empty.
Global DCA Configuration¶
DCA is the DataKit online management platform. On this platform, you can view the running status of DataKit and uniformly manage and configure collectors, blacklists, and Pipelines.
After enabling this configuration, the DCA address configuration here will be synchronized to all workspaces, and the original DCA address configured in the workspace will be overwritten.
- Enable the switch;
- Enter the new DCA access address;
- Click OK.
After enabling the new configuration here, click the "Configure DCA Address" button in the workspace, and the address will be automatically filled with the address configured in the management backend, and it cannot be edited.
If you choose to turn off the DCA configuration, the workspace will revert to the original DCA configuration. At this time, you can edit the DCA address.