diff --git a/source/administration-guide/admin-tools/admin-tools-index.rst b/source/administration-guide/admin-tools/admin-tools-index.rst new file mode 100644 index 00000000000..833d5490fcf --- /dev/null +++ b/source/administration-guide/admin-tools/admin-tools-index.rst @@ -0,0 +1,40 @@ +Administration Tools & Utilities +================================ + +Use administrative tools and utilities to automate tasks, export data, and troubleshoot your deployment. This section centralizes command-line tools and operational utilities. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + mmctl-command-line-tool + command-line-tools + generating-support-packet + ../user-experience/system-wide-notifications + ../user-experience/in-product-notices + feature-labels + ../monitoring-observability/monitoring-and-performance + ../monitoring-observability/statistics + request-server-health-check + telemetry + +Streamline administration with automation tools, simplify troubleshooting, and maintain operational hygiene. + +- `Use mmctl or the CLI for automation `_ +- `Generate and review support packets `_ +- `Manage system notices `_ +- `Track product limits and usage statistics `_ +- `Configure automated health checks `_ +- `Manage teams and channels `_ + +- :doc:`Cloud data export ` +- :doc:`Command line tools ` +- :doc:`Configure health check probes ` +- :doc:`Error codes ` +- :doc:`Feature labels ` +- :doc:`Generating support packet ` +- :doc:`mmctl command line tool ` +- :doc:`Product limits ` +- :doc:`Request server health check ` +- :doc:`Server maintenance ` +- :doc:`Telemetry ` \ No newline at end of file diff --git a/source/administration-guide/manage/cloud-data-export.rst b/source/administration-guide/admin-tools/cloud-data-export.rst similarity index 92% rename from source/administration-guide/manage/cloud-data-export.rst rename to source/administration-guide/admin-tools/cloud-data-export.rst index 92a8a02150f..89b2997afec 100644 --- a/source/administration-guide/manage/cloud-data-export.rst +++ b/source/administration-guide/admin-tools/cloud-data-export.rst @@ -106,9 +106,9 @@ How does the process work? Before you export and migrate your data, you must :doc:`install Mattermost ` on the server you’ll be using to run Mattermost. The migration is done using the mmctl CLI tool, which is a remote CLI tool for Mattermost that's installed locally and uses the Mattermost API. ``mmctl`` is pre-installed. -The :ref:`mmctl usage notes ` provide some additional context and information which you can reference before and during the process. +The :ref:`mmctl usage notes ` provide some additional context and information which you can reference before and during the process. -You'll be using the :ref:`mmctl export ` commands to export your Cloud data for channels, messages, users, etc. The export file is downloaded to a location specified in the export commands. Once the export is complete, you'll import the data into your self-hosted instance. +You'll be using the :ref:`mmctl export ` commands to export your Cloud data for channels, messages, users, etc. The export file is downloaded to a location specified in the export commands. Once the export is complete, you'll import the data into your self-hosted instance. Alternatively, you can export the data to an Amazon S3 cloud storage location in cases where an export is quite large and challenging to download from the Mattermost server. See the `create the export <#create-the-export>`__ section below for details. @@ -188,21 +188,21 @@ Finally, it's time to take our export from the source server and use it as an im | **Mattermost configuration setting** | **Large file import recommendation** | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | :ref:`Maximum Users Per Team | Increase this value to a number that **exceeds** the maximum number of users, per team, in the import file. | -| ` | | +| ` | | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | :ref:`Maximum File Size | Temporarily increase this value to be **larger** than the size of the import file. | -| ` | Following a successful import, we strongly recommend reverting this value to a reasonable limit for daily expected usage. | +| ` | Following a successful import, we strongly recommend reverting this value to a reasonable limit for daily expected usage. | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | :ref:`Write Timeout | Temporarily adjust this value based on import file speed and network path to enable the file to upload without timeouts. | -| ` | Start with a value of **3600** and adjust if needed. | +| ` | Start with a value of **3600** and adjust if needed. | | | Following a successful import, we strongly recommend reverting this setting to its initial or previous value. | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | :ref:`Read Timeout | Temporarily adjust this value based on import file speed and network path to enable the file to upload without timeouts. | -| ` | Start with a value of **3600** and adjust if needed. | +| ` | Start with a value of **3600** and adjust if needed. | | | Following a successful import, we strongly recommend reverting this setting to its initial or previous value. | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | :ref:`Amazon S3 Request Timeout | If using cloud-based file storage, adjust this value to ensure your storage requests don't time out too soon. | -| ` | | +| ` | | +-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------+ Next, log into the destination server using ``mmctl`` the same way you logged into the source server: diff --git a/source/administration-guide/manage/command-line-tools.rst b/source/administration-guide/admin-tools/command-line-tools.rst similarity index 88% rename from source/administration-guide/manage/command-line-tools.rst rename to source/administration-guide/admin-tools/command-line-tools.rst index 781a9ec457c..673a61375a4 100644 --- a/source/administration-guide/manage/command-line-tools.rst +++ b/source/administration-guide/admin-tools/command-line-tools.rst @@ -8,7 +8,7 @@ In self-managed deployments, a ``mattermost`` command is available for configuri .. important:: - From Mattermost v6.0, the majority of these CLI commands have been replaced with equivalents available using the :doc:`mmctl command line tool `. However, :ref:`mattermost import ` commands, :ref:`mattermost export ` commands, and related subcommands, remain available and fully supported from Mattermost v6.0. + From Mattermost v6.0, the majority of these CLI commands have been replaced with equivalents available using the :doc:`mmctl command line tool `. However, :ref:`mattermost import ` commands, :ref:`mattermost export ` commands, and related subcommands, remain available and fully supported from Mattermost v6.0. These ``mattermost`` commands include the following functionality: @@ -84,7 +84,7 @@ Use the CLI The Docker Install tab details and command references below also apply to the `Mattermost docker preview image `_. .. note:: - - The CLI is run in a single node which bypasses the mechanisms that a :doc:`High Availability environment ` uses to perform actions across all nodes in the cluster. As a result, when running :doc:`CLI commands ` in a High Availability environment, tasks that change configuration settings require a server restart. + - The CLI is run in a single node which bypasses the mechanisms that a :doc:`High Availability environment ` uses to perform actions across all nodes in the cluster. As a result, when running :doc:`CLI commands ` in a High Availability environment, tasks that change configuration settings require a server restart. - Parameters in CLI commands are order-specific. - If special characters (``!``, ``|``, ``(``, ``)``, ``\``, ``'``, or ``"``) are used, the entire argument needs to be surrounded by single quotes, or the individual characters need to be escaped out. @@ -248,7 +248,7 @@ Child Commands - `mattermost export csv`_ - Deprecated from Mattermost v10.5. - `mattermost export global-relay-zip`_ - Deprecated from Mattermost v10.5. - `mattermost export schedule`_ - Schedule a compliance export job. - - `mattermost export bulk`_ - Export data to a file compatible with the Mattermost :doc:`Bulk Import format `. Deprecated in favor of :ref:`mmctl export commands `. + - `mattermost export bulk`_ - Export data to a file compatible with the Mattermost :doc:`Bulk Import format `. Deprecated in favor of :ref:`mmctl export commands `. mattermost export actiance ~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -290,7 +290,7 @@ Options mattermost export bulk ~~~~~~~~~~~~~~~~~~~~~~ -From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl export commands ` as the supported way to export data out of Mattermost. +From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl export commands ` as the supported way to export data out of Mattermost. ---- @@ -316,18 +316,18 @@ Description Import data into Mattermost. Child Command - - `mattermost import bulk`_ - Import a Mattermost Bulk Import File. Deprecated in favor of :ref:`mmctl import commands `. + - `mattermost import bulk`_ - Import a Mattermost Bulk Import File. Deprecated in favor of :ref:`mmctl import commands `. - `mattermost import slack`_ - Import a team from Slack. mattermost import bulk ~~~~~~~~~~~~~~~~~~~~~~ -From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl import commands ` as the supported way to import data into Mattermost. +From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl import commands ` as the supported way to import data into Mattermost. mattermost import slack ~~~~~~~~~~~~~~~~~~~~~~~ -See the :ref:`mmctl import commands ` documentation as the preferred way to import Slack data into Mattermost. +See the :ref:`mmctl import commands ` documentation as the preferred way to import Slack data into Mattermost. Description Import a team from a Slack export zip file. @@ -380,7 +380,7 @@ mattermost version .. note:: - From Mattermost v6.5, this CLI command no longer interacts with the database. The :ref:`mattermost db migrate ` CLI command has been introduced to trigger schema migrations. + From Mattermost v6.5, this CLI command no longer interacts with the database. The :ref:`mattermost db migrate ` CLI command has been introduced to trigger schema migrations. Desription Displays Mattermost version information. @@ -398,7 +398,7 @@ Troubleshooting Executing a command hangs and doesn't complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -If you have Bleve search indexing enabled, temporarily disable it in **System Console > Experimental > Bleve** and run the command again. You can also optionally use the new :doc:`mmctl Command Line Tool `. +If you have Bleve search indexing enabled, temporarily disable it in **System Console > Experimental > Bleve** and run the command again. You can also optionally use the new :doc:`mmctl Command Line Tool `. Bleve does not support multiple processes opening and manipulating the same index. Therefore, if the Mattermost server is running, an attempt to run the CLI will lock when trying to open the indeces. diff --git a/source/administration-guide/manage/configure-health-check-probes.rst b/source/administration-guide/admin-tools/configure-health-check-probes.rst similarity index 95% rename from source/administration-guide/manage/configure-health-check-probes.rst rename to source/administration-guide/admin-tools/configure-health-check-probes.rst index 1fabf1c8626..a754f0f214e 100644 --- a/source/administration-guide/manage/configure-health-check-probes.rst +++ b/source/administration-guide/admin-tools/configure-health-check-probes.rst @@ -10,7 +10,7 @@ Before you begin, you should have a running Mattermost server. If you don't, you .. note:: - :doc:`Highly available Mattermost cluster support ` requires Mattermost Enterprise. + :doc:`Highly available Mattermost cluster support ` requires Mattermost Enterprise. You can perform a health check with the following 2 methods: diff --git a/source/administration-guide/manage/admin/error-codes.rst b/source/administration-guide/admin-tools/error-codes.rst similarity index 87% rename from source/administration-guide/manage/admin/error-codes.rst rename to source/administration-guide/admin-tools/error-codes.rst index ee20e335e7d..180b38d5694 100644 --- a/source/administration-guide/manage/admin/error-codes.rst +++ b/source/administration-guide/admin-tools/error-codes.rst @@ -1,7 +1,7 @@ Mattermost error codes ====================== -.. include:: ../../../_static/badges/allplans-selfhosted.rst +.. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: Mattermost is designed to deploy in private networks which may be disconnected or “air-gapped” from the internet. In these deployments, links to Mattermost’s online documentation may be unavailable. @@ -19,7 +19,7 @@ A safety limits exceeded error (``ERROR_SAFETY_LIMITS_EXCEEDED``) displays in th 2,500 users represents a “high upper limit” for deployments that are approximately 100 times the recommended size, which is far beyond the intended design of the product. -The free version of Mattermost is intended for approximately 50 users. If your Mattermost materially exceeds this recommended size, system admins should seek to either `purchase a commercial license `_, or apply for a :doc:`non-profit subscription ` license. Alternatively, admins can :ref:`deactivate users ` until the user count falls below the high upper limit. +The free version of Mattermost is intended for approximately 50 users. If your Mattermost materially exceeds this recommended size, system admins should seek to either `purchase a commercial license `_, or apply for a :doc:`non-profit subscription ` license. Alternatively, admins can :ref:`deactivate users ` until the user count falls below the high upper limit. ERROR_LICENSED_USERS_LIMIT_EXCEEDED ----------------------------------- @@ -33,7 +33,7 @@ This error occurs when: To resolve this error, system administrators can: -- :ref:`Deactivate users ` to reduce the active user count below the license limit. +- :ref:`Deactivate users ` to reduce the active user count below the license limit. - Contact `Mattermost Sales `_ to discuss license options. `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/manage/feature-labels.rst b/source/administration-guide/admin-tools/feature-labels.rst similarity index 100% rename from source/administration-guide/manage/feature-labels.rst rename to source/administration-guide/admin-tools/feature-labels.rst diff --git a/source/administration-guide/manage/admin/generating-support-packet.rst b/source/administration-guide/admin-tools/generating-support-packet.rst similarity index 94% rename from source/administration-guide/manage/admin/generating-support-packet.rst rename to source/administration-guide/admin-tools/generating-support-packet.rst index dadff5c2ff9..03ae3c22f60 100644 --- a/source/administration-guide/manage/admin/generating-support-packet.rst +++ b/source/administration-guide/admin-tools/generating-support-packet.rst @@ -1,10 +1,10 @@ Generate a Support Packet ========================== -.. include:: ../../../_static/badges/ent-pro-selfhosted.rst +.. include:: ../../_static/badges/ent-pro-selfhosted.rst :start-after: :nosearch: -The Support Packet is used to help customers diagnose and troubleshoot issues. Use the System Console or the :ref:`mmctl system supportpacket ` command to generate a zip file that includes configuration information, logs, plugin details, and data on external dependencies across all nodes in a high-availability cluster. Confidential data, such as passwords, are automatically stripped. +The Support Packet is used to help customers diagnose and troubleshoot issues. Use the System Console or the :ref:`mmctl system supportpacket ` command to generate a zip file that includes configuration information, logs, plugin details, and data on external dependencies across all nodes in a high-availability cluster. Confidential data, such as passwords, are automatically stripped. Generate --------- @@ -17,14 +17,14 @@ Generate 1. Go to the System Console, and select **Commercial Support** from the System Console menu. - .. image:: ../../../images/system-console-commercial-support.png + .. image:: ../../images/system-console-commercial-support.png :alt: Example of available System Console menu options. 2. Select **Download Support Packet**. A zip file is downloaded to the local machine. You'll be notified if any packet files are unavailable during packet generation. See the ``warning.txt`` file for details. .. tab:: mmctl - Run the :ref:`mmctl system supportpacket ` command to generate and download a Support Packet to share with Mattermost Support. + Run the :ref:`mmctl system supportpacket ` command to generate and download a Support Packet to share with Mattermost Support. .. code-block:: sh @@ -107,11 +107,11 @@ The contents of a Mattermost Support Packet can differ by server version. Select .. note:: - From Mattermost v10.10, Support Packets from :doc:`high availability ` deployments organize cluster-specific files (such as log files) in subdirectories named after each cluster node, while cluster-wide files remain in the root directory. + From Mattermost v10.10, Support Packets from :doc:`high availability ` deployments organize cluster-specific files (such as log files) in subdirectories named after each cluster node, while cluster-wide files remain in the root directory. Support packet file organization has been improved to make it easier to identify cluster-wide versus cluster-specific files: - - **Cluster-wide files** (identical across all nodes in a :doc:`high-availability cluster `) remain in the root directory of the support packet. + - **Cluster-wide files** (identical across all nodes in a :doc:`high-availability cluster `) remain in the root directory of the support packet. - **Cluster-specific files** (unique per node) are now organized in subdirectories named after each cluster node. **Cluster-wide files (root directory):** diff --git a/source/administration-guide/manage/mmctl-command-line-tool.rst b/source/administration-guide/admin-tools/mmctl-command-line-tool.rst similarity index 99% rename from source/administration-guide/manage/mmctl-command-line-tool.rst rename to source/administration-guide/admin-tools/mmctl-command-line-tool.rst index 89b13e13ab1..50369f70b50 100644 --- a/source/administration-guide/manage/mmctl-command-line-tool.rst +++ b/source/administration-guide/admin-tools/mmctl-command-line-tool.rst @@ -4,7 +4,7 @@ mmctl command line tool .. include:: ../../_static/badges/allplans-cloud-selfhosted.rst :start-after: :nosearch: -The mmctl is a CLI tool for the Mattermost server which is installed locally and uses the Mattermost API, but may also be used remotely. Authentication is done with either login credentials or an authentication token. This mmctl tool is included and replaces the :doc:`CLI `. The mmctl can currently be used alongside the Mattermost CLI tool. The Mattermost CLI tool will be deprecated in a future release. +The mmctl is a CLI tool for the Mattermost server which is installed locally and uses the Mattermost API, but may also be used remotely. Authentication is done with either login credentials or an authentication token. This mmctl tool is included and replaces the :doc:`CLI `. The mmctl can currently be used alongside the Mattermost CLI tool. The Mattermost CLI tool will be deprecated in a future release. Being installed locally enables system admins for both self-hosted and Cloud Mattermost instances to run CLI commands even in instances where there's no access to the server (e.g., via SSH). @@ -143,7 +143,7 @@ The API that the socket exposes follows the same specification that can be found Activating local mode ~~~~~~~~~~~~~~~~~~~~~ -To use local mode, the Mattermost server first needs to :ref:`have local mode enabled `. When local mode is enabled, a socket is created at ``/var/tmp/mattermost_local.socket`` by default. +To use local mode, the Mattermost server first needs to :ref:`have local mode enabled `. When local mode is enabled, a socket is created at ``/var/tmp/mattermost_local.socket`` by default. .. tip:: @@ -156,7 +156,7 @@ From Mattermost v10.8, when no authentication credentials are found in the authe Prior to Mattermost v10.8, you must append ``--local`` to the command you want to use, or set the environment variable as ``MMCTL_LOCAL=true``. -To use a socket file other than the default, you need to set the environment variable to ``MMCTL_LOCAL_SOCKET_PATH``. This file must match the :ref:`server configuration setting `. +To use a socket file other than the default, you need to set the environment variable to ``MMCTL_LOCAL_SOCKET_PATH``. This file must match the :ref:`server configuration setting `. Running mmctl tests ------------------- @@ -946,7 +946,7 @@ mmctl channel delete Permanently delete channels along with all related information including posts from the database. .. note:: - Requires the :ref:`Enable API Channel Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the channel using mmctl fails. + Requires the :ref:`Enable API Channel Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the channel using mmctl fails. **Format** @@ -1023,7 +1023,7 @@ List all Public, Private, and archived channels on specified teams. Archived cha mmctl channel make-private ~~~~~~~~~~~~~~~~~~~~~~~~~~ -This command is deprecated in favour of :ref:`mmctl channel modify ` and the ``--private`` flag. +This command is deprecated in favour of :ref:`mmctl channel modify ` and the ``--private`` flag. **Description** @@ -2272,7 +2272,7 @@ Migrate a file-based configuration to (or from) a database-based configuration. .. note:: - - To change the store type to use the database, a system admin needs to set a ``MM_CONFIG`` :ref:`environment variable ` and restart the Mattermost server. + - To change the store type to use the database, a system admin needs to set a ``MM_CONFIG`` :ref:`environment variable ` and restart the Mattermost server. - The ``migrate`` function requires local mode to be enabled. To do this, add the following line to your Mattermost Environment file: .. code-block:: sh @@ -5905,7 +5905,7 @@ mmctl team delete Permanently delete a team along with all related information including posts from the database. .. note:: - Requires the :ref:`Enable API Team Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the team using mmctl fails. + Requires the :ref:`Enable API Team Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the team using mmctl fails. **Format** @@ -6661,7 +6661,7 @@ mmctl user delete Permanently delete users along with all related information including posts from the database. .. note:: - Requires the :ref:`Enable API User Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the user using mmctl fails. + Requires the :ref:`Enable API User Deletion ` configuration setting to be set to ``true``. If this configuration setting is set to ``false``, attempting to delete the user using mmctl fails. **Format** diff --git a/source/administration-guide/manage/request-server-health-check.rst b/source/administration-guide/admin-tools/request-server-health-check.rst similarity index 90% rename from source/administration-guide/manage/request-server-health-check.rst rename to source/administration-guide/admin-tools/request-server-health-check.rst index 5ae60cd28db..2c5b19754f2 100644 --- a/source/administration-guide/manage/request-server-health-check.rst +++ b/source/administration-guide/admin-tools/request-server-health-check.rst @@ -27,7 +27,7 @@ Get started Getting started with a Mattermost Health Check is simple and involves 3 steps: -1. :doc:`Generate a Support Packet `: The Mattermost Support Packet contains critical information about your Mattermost environment, including logs, configurations, and usage data. +1. :doc:`Generate a Support Packet `: The Mattermost Support Packet contains critical information about your Mattermost environment, including logs, configurations, and usage data. 2. Submit Your Support Packet: Once you’ve generated the Support Packet, submit it through our Support System as a `standard support request `_. Please include “Health Check Provided” in the subject line. diff --git a/source/administration-guide/admin-tools/server-maintenance.rst b/source/administration-guide/admin-tools/server-maintenance.rst new file mode 100644 index 00000000000..f2377140ed6 --- /dev/null +++ b/source/administration-guide/admin-tools/server-maintenance.rst @@ -0,0 +1,33 @@ +Server maintenance +==================== + +This Server Maintenance Guide is organized into sections that provide the tools and knowledge needed to maintain your Mattermost server effectively, ensuring optimal security, scalability, and reliability. + +Whether you’re installing a license key, performing backups, upgrading the server, or using administrative tools like mmctl and the CLI, this guide offers comprehensive instructions to help you manage your server with confidence. Use the navigation below to access detailed information on each topic. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Install a license key + Generate a support packet + Backup and disaster recovery + Upgrade Mattermost server + Secure Mattermost + Mattermost error codes + Logging + mmctl + CLI + Feature labels + +* :doc:`Install a license key ` - Learn how to install a license key for Mattermost. +* :doc:`Generate a support packet ` - Learn how to generate a support packet for Mattermost. +* :doc:`Backup and disaster recovery ` - Learn about backup and disaster recovery for Mattermost. +* :doc:`Upgrade Mattermost server ` - Learn how to upgrading Mattermost server. +* :doc:`Secure Mattermost ` - Learn about securing Mattermost server. +* :doc:`Mattermost error codes ` - Learn about Mattermost error codes and troubleshooting. +* :doc:`Logging ` - Learn how to customize logging options based on business practices and needs. +* :doc:`mmctl ` - Learn about the mmctl command line tool for Mattermost. +* :doc:`CLI ` - Learn about command line tools for Mattermost. +* :doc:`Feature labels ` - Learn about Mattermost feature labels and their meanings. \ No newline at end of file diff --git a/source/administration-guide/manage/telemetry.rst b/source/administration-guide/admin-tools/telemetry.rst similarity index 98% rename from source/administration-guide/manage/telemetry.rst rename to source/administration-guide/admin-tools/telemetry.rst index 96d36238671..cc111776e74 100644 --- a/source/administration-guide/manage/telemetry.rst +++ b/source/administration-guide/admin-tools/telemetry.rst @@ -43,7 +43,7 @@ The following data is collected once every 24 hours: Opt out ~~~~~~~ -To opt out, you can disable this security update check feature for self-hosted deployments in the System Console by going to **Environment > SMTP > Enable Security Alerts**. See the :ref:`enable security alerts ` documentation for details. When this feature is disabled, you will not receive any security alerts. +To opt out, you can disable this security update check feature for self-hosted deployments in the System Console by going to **Environment > SMTP > Enable Security Alerts**. See the :ref:`enable security alerts ` documentation for details. When this feature is disabled, you will not receive any security alerts. Error and diagnostics reporting feature --------------------------------------- @@ -62,7 +62,7 @@ Mattermost error and diagnostic data is collected for the following purposes: Opt out ~~~~~~~ -To opt out, you can disable the error and diagnostics reporting feature for self-hosted deployments in the System Console by going to **Environment > Logging > Enable Diagnostics and Error Reporting**. See the :ref:`enable diagnostics and error reporting ` documentation for details. +To opt out, you can disable the error and diagnostics reporting feature for self-hosted deployments in the System Console by going to **Environment > Logging > Enable Diagnostics and Error Reporting**. See the :ref:`enable diagnostics and error reporting ` documentation for details. Deployment and server configuration data ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -175,7 +175,7 @@ Collaborative playbooks metadata is collected and sent every 24 hours. Visit the Android Mobile App performance monitoring ----------------------------------------- -To improve Android app performance, we are collecting trace events and device information, collectively known as metrics, to identify slow performing key areas. Those metrics will be sent only from users using the Android app Beta build starting in version v1.20, who are logged in to servers that allow sending :ref:`diagnostic information `. +To improve Android app performance, we are collecting trace events and device information, collectively known as metrics, to identify slow performing key areas. Those metrics will be sent only from users using the Android app Beta build starting in version v1.20, who are logged in to servers that allow sending :ref:`diagnostic information `. Trace events Includes duration on how long the action took place like startup, team/channel switch, posts loading/update and channel drawer open/close. The naming convention is interpreted as ``[start observation]:[end observation]``, e.g. ``start:overall`` as from app start until fully rendered or ``post_list:thread`` as on press of post at post list until thread is opened. diff --git a/source/administration-guide/administration-guide-index.rst b/source/administration-guide/administration-guide-index.rst index c57b7434393..7ca41e2463b 100644 --- a/source/administration-guide/administration-guide-index.rst +++ b/source/administration-guide/administration-guide-index.rst @@ -1,31 +1,79 @@ Administration Guide ===================== -Welcome to the Mattermost Administration Guide. This guide is organized into sections based on administrative tasks and scenarios to help you effectively manage and optimize your Mattermost workspace. - -Whether you’re configuring server settings, managing users, monitoring performance, or ensuring compliance, this guide provides all the information you need. Use the navigation below to access detailed instructions and best practices for each topic. - .. toctree:: :maxdepth: 1 :hidden: :titlesonly: + + Getting Started + Identity & Access Management + Enable Platform Features + User Experience & Engagement + Monitoring & Observability + Operations & Scaling + Compliance, Security & Auditing + Administration Tools + Licensing & Workspace Management + Configuration Settings Reference + +This guide helps system administrators run a secure, reliable, and scalable Mattermost deployment. It’s organized as a clear journey, showing the outcomes you need to achieve and the tasks required to get there, from onboarding and identity management, to feature enablement, monitoring, scaling, compliance, and ongoing workspace management. + +Getting Started +--------------- + +Move from a functional server to an evaluated and planned rollout. Learn migrations, initial governance, and early readiness tasks. :doc:`Explore the first steps ` + + +Identity & Access Management +---------------------------- + +Centralize authentication, map attributes, provision users, and control access across teams and channels. :doc:`Set up identity and access ` + + +Enable Platform Features +------------------------ + +Turn on collaboration features, plugins, and integrations that unlock key use cases for your organization. :doc:`Enable the right features ` + + +User Experience & Engagement +---------------------------- + +Shape how users work in Mattermost—optimize notifications, onboarding, and engagement for adoption. :doc:`Tune the user experience ` + + +Monitoring & Observability +-------------------------- + +Instrument your deployment to detect issues early. Configure logging, metrics, dashboards, and health probes. :doc:`Build observability ` + + +Operations & Scaling +-------------------- + +Harden and scale for reliability and growth. Optimize performance, plan capacity, and design for resilience. :doc:`Operate and scale ` + + +Compliance, Security & Auditing +------------------------------- + +Meet regulatory and organizational requirements with data retention, eDiscovery, audit logging, and policies. :doc:`Implement compliance controls ` + + +Administration Tools +-------------------- + +Use admin utilities to manage, troubleshoot, and maintain your deployment efficiently. :doc:`Work with admin tools ` + + +Licensing & Workspace Management +-------------------------------- + +Manage plans, billing, and workspace settings to align cost and capabilities with your needs. :doc:`Manage licensing and workspaces ` + + +Configuration Settings Reference +-------------------------------- - Self-hosted billing - Cloud workspace management - Server maintenance - Server configuration - User provisioning - User management - Monitoring and performance - Compliance - Migration - -* :doc:`Self-hosted billing ` - Billing and payment options for Mattermost self-hosted deployments. -* :doc:`Cloud workspace management ` - Learn how to manage cloud workspaces in Mattermost. -* :doc:`Server maintenance ` - Learn about Mattermost server maintenance and best practices. -* :doc:`Server configuration ` - Learn about server configuration and settings. -* :doc:`User provisioning ` - Learn about user provisioning and management. -* :doc:`User management ` - Learn about user management and best practices. -* :doc:`Monitoring and performance ` - Learn about monitoring and performance optimization. -* :doc:`Compliance ` - Learn about compliance and security best practices. -* :doc:`Migration ` - Learn about migrating to Mattermost. \ No newline at end of file +Look up every configuration setting and environment variable when you need precise details. :doc:`Browse all configuration options ` \ No newline at end of file diff --git a/source/administration-guide/cloud-workspace-management.rst b/source/administration-guide/cloud-workspace-management.rst deleted file mode 100644 index decb74a21c3..00000000000 --- a/source/administration-guide/cloud-workspace-management.rst +++ /dev/null @@ -1,25 +0,0 @@ -Cloud workspace management -========================== - -This section of the guide is for system admins of Mattermost Cloud deployments. - -.. tip:: - - If you're the system admin for a Mattermost self-hosted workspace, see the :doc:`Self-hosted administration ` documentation. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Workspace migration - Cloud data residency - Cloud IP Filtering - Cloud Bring Your Own Key (BYOK) - -* :doc:`Workspace migration ` - Migrate your workspace using the mmctl tool. -* :doc:`Cloud data residency ` - Find information about your data in the Cloud. -* :doc:`Cloud IP Filtering ` - Restrict access to your Mattermost Cloud workspace to a specific IP address range. -* :doc:`Cloud Bring Your Own Key (BYOK) ` - Learn how to manage data encryption processes within a Mattermost Cloud Enterprise Dedicated deployment. - -`Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/configure/compliance-configuration-settings.rst b/source/administration-guide/compliance-security-auditing/compliance-configuration-settings.rst similarity index 95% rename from source/administration-guide/configure/compliance-configuration-settings.rst rename to source/administration-guide/compliance-security-auditing/compliance-configuration-settings.rst index 743a85083a8..820db0972fb 100644 --- a/source/administration-guide/configure/compliance-configuration-settings.rst +++ b/source/administration-guide/compliance-security-auditing/compliance-configuration-settings.rst @@ -7,7 +7,7 @@ Compliance configuration settings Review and manage the following compliance configuration options in the System Console by selecting the **Product** |product-list| menu, selecting **System Console**, and then selecting **Compliance**: - `Data Retention Policies <#data-retention-policies>`__ -- `Compliance Export <#administration-guide/comply/compliance-export>`__ +- `Compliance Export <#administration-guide/compliance-security-auditing/compliance-export>`__ - `Compliance Monitoring <#compliance-monitoring>`__ - `Custom Terms of Service <#custom-terms-of-service>`__ @@ -45,7 +45,7 @@ Access the following configuration settings in the System Console by going to ** Global retention policy for messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Set how long Mattermost keeps messages across all teams and channels. This value is not used for any teams and channels that have a custom retention policy applied . Requires the :ref:`global retention policy for messages ` configuration setting to be set to ``true``. +Set how long Mattermost keeps messages across all teams and channels. This value is not used for any teams and channels that have a custom retention policy applied . Requires the :ref:`global retention policy for messages ` configuration setting to be set to ``true``. By default, messages are kept forever. If **Hours**, **Days**, or **Years** is chosen, set how many hours, days, or years messages are kept in Mattermost. Messages older than the duration you set will be deleted nightly. The minimum message retention time is one hour. @@ -57,7 +57,7 @@ The global retention time for messages can be superseded on a team or channel le .. note:: - From Mattermost v9.5, ``MessageRetentionDays`` has been deprecated in favor of ``MessageRetentionHours``. See :doc:`deprecated configuration settings ` for details. + From Mattermost v9.5, ``MessageRetentionDays`` has been deprecated in favor of ``MessageRetentionHours``. See :doc:`deprecated configuration settings ` for details. .. config:setting:: global-retention-policy-for-files :displayname: Global retention policy for files (Data Retention) @@ -69,7 +69,7 @@ The global retention time for messages can be superseded on a team or channel le Global retention policy for files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Set how long Mattermost keeps files across all teams and channels. Custom policies on team and channel level don't apply to file attachments. The global retention time for files will be used even if a custom policy for messages is in place. Requires the :ref:`global retention policy for files ` configuration setting to be set to ``true``. +Set how long Mattermost keeps files across all teams and channels. Custom policies on team and channel level don't apply to file attachments. The global retention time for files will be used even if a custom policy for messages is in place. Requires the :ref:`global retention policy for files ` configuration setting to be set to ``true``. By default, files are kept forever. If **Hours**, **Days**, or **Years** is chosen, set how many hours, days, or years files are kept in Mattermost. Files older than the duration you set will be deleted nightly. The minimum file retention time is one hour. @@ -79,7 +79,7 @@ By default, files are kept forever. If **Hours**, **Days**, or **Years** is chos .. note:: - From Mattermost v9.5, ``FileRetentionDays`` has been deprecated in favor of ``FileRetentionHours``. See :doc:`deprecated configuration settings ` for details. + From Mattermost v9.5, ``FileRetentionDays`` has been deprecated in favor of ``FileRetentionHours``. See :doc:`deprecated configuration settings ` for details. .. config:setting:: preserve-pinned-posts :displayname: Preserve pinned posts (Data Retention) @@ -103,7 +103,7 @@ From Mattermost v10.10, controls whether pinned posts are preserved when data re .. note:: - - This global configuration setting must be enabled with mmctl using the :ref:`mmctl config set ` command. + - This global configuration setting must be enabled with mmctl using the :ref:`mmctl config set ` command. - This configuration setting applies to team and channel policies as well as data retention, and can't be overridden in those more granular team or channel policies. - Files attached to the pinned message aren't preserved. - Only the pinned post is preserved. If it's attached to a thread or if it's the root post of a thread, the other threaded messages aren't preserved. @@ -153,7 +153,7 @@ Compliance export Access the following configuration settings in the System Console by going to **Compliance > Compliance Export**. -.. config:setting:: enable-administration-guide/comply/compliance-export +.. config:setting:: enable-administration-guide/compliance-security-auditing/compliance-export :displayname: Enable compliance export (Compliance Export) :systemconsole: Compliance > Compliance Export :configjson: .MessageExportSettings.EnableExport @@ -165,7 +165,7 @@ Access the following configuration settings in the System Console by going to ** Enable compliance export ~~~~~~~~~~~~~~~~~~~~~~~~ -**True**: Mattermost will generate a compliance export file that contains all messages that were posted in the last 24 hours. The export task is scheduled to run once per day. See the :doc:`documentation to learn more `. +**True**: Mattermost will generate a compliance export file that contains all messages that were posted in the last 24 hours. The export task is scheduled to run once per day. See the :doc:`documentation to learn more `. **False**: Mattermost doesn't generate a compliance export file. @@ -173,7 +173,7 @@ Enable compliance export | This feature's ``config.json`` setting is ``"EnableExport": false`` with options ``true`` and ``false``. | +----------------------------------------------------------------------------------------------------------+ -.. config:setting:: administration-guide/comply/compliance-export-time +.. config:setting:: administration-guide/compliance-security-auditing/compliance-export-time :displayname: Compliance export time (Compliance Export) :systemconsole: Compliance > Compliance Export :configjson: .MessageExportSettings.DailyRunTime diff --git a/source/administration-guide/comply/compliance-export.rst b/source/administration-guide/compliance-security-auditing/compliance-export.rst similarity index 87% rename from source/administration-guide/comply/compliance-export.rst rename to source/administration-guide/compliance-security-auditing/compliance-export.rst index b461b29a828..f47986267e7 100644 --- a/source/administration-guide/comply/compliance-export.rst +++ b/source/administration-guide/compliance-security-auditing/compliance-export.rst @@ -27,8 +27,8 @@ Use the following guides to configure exports for `CSV <#csv>`__, `Actiance XML .. note:: - - For self-hosted deployments, compliance exports are written to the ``exports`` subdirectory of the configured filestore in the chosen format. This will either be in the :ref:`Local Storage directory ` or the Mattermost S3 bucket if S3 storage is configured. - - Alternatively, you can specify an alternate filestore target and generate an S3 presigned URL for compliance exports. See the :ref:`dedicated export filestore target ` configuration settings documentation for details. + - For self-hosted deployments, compliance exports are written to the ``exports`` subdirectory of the configured filestore in the chosen format. This will either be in the :ref:`Local Storage directory ` or the Mattermost S3 bucket if S3 storage is configured. + - Alternatively, you can specify an alternate filestore target and generate an S3 presigned URL for compliance exports. See the :ref:`dedicated export filestore target ` configuration settings documentation for details. - Compliance exports don't contain posts sent before the feature was enabled. For self-hosted deployments, you can export past history via the ``export`` :doc:`command line tool <../manage/command-line-tools>`. CSV @@ -45,13 +45,13 @@ CSV You can review export job status in the System Console. - When the daily compliance export job is finished, a parent directory is created named based on when the export was started and the ``startTimestamp`` and ``endTimestamp`` of the export, e.g, ``administration-guide/comply/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075``. That parent directory contains 1 zip file for each batch, named based on the batch number and the start and end timestamps of the messages in that batch, e.g, ``batch001-1723105062492-1723106622163.zip``. Each zip file contains the same information available in previous Mattermost server releases. + When the daily compliance export job is finished, a parent directory is created named based on when the export was started and the ``startTimestamp`` and ``endTimestamp`` of the export, e.g, ``administration-guide/compliance-security-auditing/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075``. That parent directory contains 1 zip file for each batch, named based on the batch number and the start and end timestamps of the messages in that batch, e.g, ``batch001-1723105062492-1723106622163.zip``. Each zip file contains the same information available in previous Mattermost server releases. Working from the same example above, the directory would look like this: .. code-block:: bash - administration-guide/comply/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075 + administration-guide/compliance-security-auditing/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075 ├── batch001-1723105062492-1723106622163.zip ├── batch002-1723106622163-1723108196005.zip └── batch003-1723108196005-1723109100075.zip @@ -103,13 +103,13 @@ Actiance XML You can review export job status in the System Console. Once you've selected Actiance XML as your file format, you can set up an integration with Actiance Vantage archive system. - When the daily compliance export job is finished, a parent directory is created named based on when the export was started and the ``startTimestamp`` and ``endTimestamp`` of the export, e.g, ``administration-guide/comply/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075``. That parent directory contains 1 zip file for each batch, named based on the batch number and the start and end timestamps of the messages in that batch, e.g, ``batch001-1723105062492-1723106622163.zip``. Each zip file contains the same information available in previous Mattermost server releases. + When the daily compliance export job is finished, a parent directory is created named based on when the export was started and the ``startTimestamp`` and ``endTimestamp`` of the export, e.g, ``administration-guide/compliance-security-auditing/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075``. That parent directory contains 1 zip file for each batch, named based on the batch number and the start and end timestamps of the messages in that batch, e.g, ``batch001-1723105062492-1723106622163.zip``. Each zip file contains the same information available in previous Mattermost server releases. Working from the same example above, the directory would look like this: .. code-block:: bash - administration-guide/comply/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075 + administration-guide/compliance-security-auditing/compliance-export-2024-08-13-05h08m-1723105062492-1723109100075 ├── batch001-1723105062492-1723106622163.zip ├── batch002-1723106622163-1723108196005.zip └── batch003-1723108196005-1723109100075.zip @@ -192,7 +192,7 @@ Run the ``export`` :doc:`command line tool <../manage/command-line-tools>`. You How do I download compliance export jobs using mmctl? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -From Mattermost Server v10.11, system administrators can download compliance export jobs using the :ref:`mmctl compliance_export download ` command. This provides a command-line interface for retrieving completed compliance export jobs by job ID. +From Mattermost Server v10.11, system administrators can download compliance export jobs using the :ref:`mmctl compliance_export download ` command. This provides a command-line interface for retrieving completed compliance export jobs by job ID. What happens if I export data manually? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -201,7 +201,7 @@ If the compliance export job is run automatically, manually via the System Conso If the ``--exportFrom`` option is specified with the CLI command, all posts that have been made since the supplied timestamp will be exported. -When run manually via the System Console, ``.csv`` and Actiance XML files are written to the ``exports`` subdirectory of the configured :ref:`Local Storage Directory `. Files will be written to a folder with names based on an epoch time range. Global Relay EML export format files will be mailed to the configured email address when run manually. +When run manually via the System Console, ``.csv`` and Actiance XML files are written to the ``exports`` subdirectory of the configured :ref:`Local Storage Directory `. Files will be written to a folder with names based on an epoch time range. Global Relay EML export format files will be mailed to the configured email address when run manually. Is there a maximum row limit for CSV files? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/comply/compliance-monitoring.rst b/source/administration-guide/compliance-security-auditing/compliance-monitoring.rst similarity index 100% rename from source/administration-guide/comply/compliance-monitoring.rst rename to source/administration-guide/compliance-security-auditing/compliance-monitoring.rst diff --git a/source/administration-guide/compliance-security-auditing/compliance-security-auditing-index.rst b/source/administration-guide/compliance-security-auditing/compliance-security-auditing-index.rst new file mode 100644 index 00000000000..3fe8569f976 --- /dev/null +++ b/source/administration-guide/compliance-security-auditing/compliance-security-auditing-index.rst @@ -0,0 +1,30 @@ +Compliance, Security & Auditing +=============================== + +Meet organizational and regulatory requirements with policies, retention, legal holds, export, and audit logging. Use these guides to design and operate a compliant Mattermost deployment. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + compliance-with-mattermost + data-retention-policy + legal-hold + electronic-discovery + export-mattermost-channel-data + compliance-export + compliance-monitoring + custom-terms-of-service + +Align with compliance requirements, enforce retention and holds, and ensure complete auditability. + + +- :doc:`Compliance export ` +- :doc:`Compliance monitoring ` +- :doc:`Compliance with Mattermost ` +- :doc:`Custom terms of service ` +- :doc:`Data retention policy ` +- :doc:`Electronic discovery ` +- :doc:`Embedded JSON audit log schema ` +- :doc:`Export Mattermost channel data ` +- :doc:`Legal hold ` \ No newline at end of file diff --git a/source/administration-guide/compliance-security-auditing/compliance-with-mattermost.rst b/source/administration-guide/compliance-security-auditing/compliance-with-mattermost.rst new file mode 100644 index 00000000000..61437426de1 --- /dev/null +++ b/source/administration-guide/compliance-security-auditing/compliance-with-mattermost.rst @@ -0,0 +1,25 @@ +Compliance with Mattermost +========================== + +Mattermost is purpose-built to help enterprises keep sensitive data safe and compliant in the strictest, most complex environments. Mattermost Enterprise Edition includes features designed to make compliance with all relevant regulations and internal policies easy to achieve and maintain. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Compliance export + Compliance monitoring + Electronic discovery + Data retention + Export channel data + Legal Hold + JSON audit log schema + +* :doc:`Compliance exports ` - Export compliance reports to third-party systems to archive history. +* :doc:`Compliance monitoring ` - Enable oversight and prevent unauthorized queries with compliance exports. +* :doc:`Electronic discovery ` - Extract data from Mattermost for eDiscovery. +* :doc:`Data retention ` - Control how long data is stored in Mattermost with global and custom retention policies to meet data retention compliance requirements. +* :doc:`Export channel data ` - Migrate data between systems and back data up for operational continuity. +* :doc:`Legal Hold ` - Preserve relevant Mattermost information when litigation is anticipated. +* :doc:`JSON audit log schema ` - Learn how to configure Mattermost audit logging using a JSON object. \ No newline at end of file diff --git a/source/administration-guide/comply/custom-terms-of-service.rst b/source/administration-guide/compliance-security-auditing/custom-terms-of-service.rst similarity index 100% rename from source/administration-guide/comply/custom-terms-of-service.rst rename to source/administration-guide/compliance-security-auditing/custom-terms-of-service.rst diff --git a/source/administration-guide/comply/data-retention-policy.rst b/source/administration-guide/compliance-security-auditing/data-retention-policy.rst similarity index 94% rename from source/administration-guide/comply/data-retention-policy.rst rename to source/administration-guide/compliance-security-auditing/data-retention-policy.rst index 768a2552f84..7bbf1a0bc25 100644 --- a/source/administration-guide/comply/data-retention-policy.rst +++ b/source/administration-guide/compliance-security-auditing/data-retention-policy.rst @@ -22,7 +22,7 @@ To set a global data retention policy: 2. Select **Edit** from the menu located to the right of the **Global retention policy** table. 3. Specify a global retention policy for channel messages and direct messages by selecting a **Channel & direct message retention** option from the dropdown, then set how long to keep those messages in hours, days, or years. When a time is set, messages and file attachments older than the duration you set will be deleted. The minimum retention period is one hour. 4. Select a **File retention** option from the dropdown. Set the number of hours, days, or years to keep files. When a time is set, uploaded files which are older than the duration you set will be deleted from your file storage system (either from your local disk or your Amazon S3 service as specified in **System Console > Environment > File Storage**). The minimum retention period is one hour. The global file policy deletes all files regardless of whether they're in a direct message, private, or public channel. -5. From Mattermost v10.10, you can optionally preserve pinned posts when data retention policies delete messages by enabling :ref:`Preserve pinned posts `. Once enabled, pinned posts won't be deleted even if they exceed the configured retention period. +5. From Mattermost v10.10, you can optionally preserve pinned posts when data retention policies delete messages by enabling :ref:`Preserve pinned posts `. Once enabled, pinned posts won't be deleted even if they exceed the configured retention period. 6. Under the **Policy log** section, select **Edit** to specify the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. Select **Save**. Messages and files older than the duration you set will be deleted at the specified server time, as applicable. @@ -48,7 +48,7 @@ You can also run the deletion job manually at any time by selecting **Run Deleti .. note:: - If using data retention with :doc:`ElasticSearch `, ensure the :ref:`ElasticSearch aggregate search indexes ` setting is set to a value that is greater than your data retention policy in days. + If using data retention with :doc:`ElasticSearch `, ensure the :ref:`ElasticSearch aggregate search indexes ` setting is set to a value that is greater than your data retention policy in days. Frequently Asked Questions (FAQs) --------------------------------- diff --git a/source/administration-guide/comply/electronic-discovery.rst b/source/administration-guide/compliance-security-auditing/electronic-discovery.rst similarity index 95% rename from source/administration-guide/comply/electronic-discovery.rst rename to source/administration-guide/compliance-security-auditing/electronic-discovery.rst index 3b47254c38c..f99a516fe6a 100644 --- a/source/administration-guide/comply/electronic-discovery.rst +++ b/source/administration-guide/compliance-security-auditing/electronic-discovery.rst @@ -10,9 +10,9 @@ Electronic discovery (also known as eDiscovery) refers to a process where electr This page describes how to extract data from Mattermost for eDiscovery. There are three primary methods that can be used to accomplish the goal of extracting user post data from Mattermost: -- :doc:`Mattermost Compliance Exports ` -- :ref:`Mattermost RESTful API ` -- :ref:`Mattermost database using standard SQL queries ` +- :doc:`Mattermost Compliance Exports ` +- :ref:`Mattermost RESTful API ` +- :ref:`Mattermost database using standard SQL queries ` Each of the options is discussed in detail below. @@ -26,7 +26,7 @@ Mattermost Enterprise has compliance report export capabilities. Mattermost can export compliance related data, including the content of messages and who might have seen those messages, in three formats: Actiance XML, Global Relay EML, and generic CSV. Reports can be configured to run on a delay basis and stored in a shared location. -For more information about the exports feature and how to set up reporting, see :doc:`our documentation `. +For more information about the exports feature and how to set up reporting, see :doc:`our documentation `. Mattermost RESTful API ---------------------- diff --git a/source/administration-guide/comply/embedded-json-audit-log-schema.rst b/source/administration-guide/compliance-security-auditing/embedded-json-audit-log-schema.rst similarity index 99% rename from source/administration-guide/comply/embedded-json-audit-log-schema.rst rename to source/administration-guide/compliance-security-auditing/embedded-json-audit-log-schema.rst index 94c4dfa104d..adbf20cb107 100644 --- a/source/administration-guide/comply/embedded-json-audit-log-schema.rst +++ b/source/administration-guide/compliance-security-auditing/embedded-json-audit-log-schema.rst @@ -923,14 +923,14 @@ JSON data model | | | `GELF `__. | | | | | | | | - Plain log format uses `RFC3339 `__ by default. | -| | | See the :ref:`plain log format configuration ` | +| | | See the :ref:`plain log format configuration ` | | | | documentation for supported options. | | | | - JSON log format uses `RFC3339 `__ by default. | -| | | See the :ref:`JSON log format configuration ` | +| | | See the :ref:`JSON log format configuration ` | | | | documentation for supported options. | | | | | | | | - GELF log format uses `unixtime `__. | -| | | See the :ref:`GELF log format configuration ` | +| | | See the :ref:`GELF log format configuration ` | | | | documentation for supported options. | +------------+------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | event_name | string | Unique name and identifier of the event type taking place. See the `audit event types <#audit-event-types>`__ section | diff --git a/source/administration-guide/comply/export-mattermost-channel-data.rst b/source/administration-guide/compliance-security-auditing/export-mattermost-channel-data.rst similarity index 100% rename from source/administration-guide/comply/export-mattermost-channel-data.rst rename to source/administration-guide/compliance-security-auditing/export-mattermost-channel-data.rst diff --git a/source/administration-guide/comply/legal-hold.rst b/source/administration-guide/compliance-security-auditing/legal-hold.rst similarity index 94% rename from source/administration-guide/comply/legal-hold.rst rename to source/administration-guide/compliance-security-auditing/legal-hold.rst index 49dc531299d..ee3e99f2032 100644 --- a/source/administration-guide/comply/legal-hold.rst +++ b/source/administration-guide/compliance-security-auditing/legal-hold.rst @@ -15,7 +15,7 @@ Primary use cases include: Mattermost is used as a secure collaboration hub by technical and operational teams, with critical documents and data shared on a daily basis. Thus, Legal Hold is a key requirement for Enterprises and public sector organizations who have deployed Mattermost for their teams, to meet compliance & auditory requirements while minimizing risk. -Mattermost Legal Hold can be combined with :doc:`eDiscovery ` integration and :doc:`data retention policies ` to customize the data retained and deleted to comply with compliance requirements. +Mattermost Legal Hold can be combined with :doc:`eDiscovery ` integration and :doc:`data retention policies ` to customize the data retained and deleted to comply with compliance requirements. Legal Hold demo (Sneak Peek) ---------------------------- @@ -50,7 +50,7 @@ Install the plugin ^^^^^^^^^^^^^^^^^^ 1. Log in to your Mattermost :doc:`workspace ` as a system administrator. -2. Download the latest version of the `plugin binary release `_, compatible with Mattermost v8.0.1 and later. If you are using an earlier version of Mattermost, :doc:`follow our documentation ` to upgrade to Mattermost v8.0.1 or later. +2. Download the latest version of the `plugin binary release `_, compatible with Mattermost v8.0.1 and later. If you are using an earlier version of Mattermost, :doc:`follow our documentation ` to upgrade to Mattermost v8.0.1 or later. 3. Go to **System Console > Plugins > Plugin Management > Upload Plugin**, and upload the plugin binary you downloaded in the previous step. 4. In the **Installed Plugins** section, scroll to **Legal Hold Plugin**, and select **Enable**. @@ -59,12 +59,12 @@ Configure the plugin When the Legal Hold integration is enabled, you can configure when it runs using the format ``HH:MM ±HHMM`` and ``+0000`` for UTC. -You can configure a custom Amazon S3 bucket for Legal Holds by specifying Amazon S3 configuration settings. If no S3 configuration is specified, the Mattermost server file store used. Learn more about file storage configuration options in our :ref:`product documentation `. +You can configure a custom Amazon S3 bucket for Legal Holds by specifying Amazon S3 configuration settings. If no S3 configuration is specified, the Mattermost server file store used. Learn more about file storage configuration options in our :ref:`product documentation `. (Optional) Configure a data retention policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -You can optionally configure a :doc:`data retention policy ` to control how long data and file attachments are retained in the Mattermost database. +You can optionally configure a :doc:`data retention policy ` to control how long data and file attachments are retained in the Mattermost database. Step 4: Create a Legal Hold ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -173,7 +173,7 @@ Legal Hold is an initial step to ensure relevant electronically stored informati How do I enable e-discovery for Mattermost? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Learn more about extracting data for e-discovery in our :doc:`product documentation `. +Learn more about extracting data for e-discovery in our :doc:`product documentation `. How do I manage storage costs and version retention in S3? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/manage/logging.rst b/source/administration-guide/compliance-security-auditing/logging.rst similarity index 97% rename from source/administration-guide/manage/logging.rst rename to source/administration-guide/compliance-security-auditing/logging.rst index 334fe45c82f..a87008993b3 100644 --- a/source/administration-guide/manage/logging.rst +++ b/source/administration-guide/compliance-security-auditing/logging.rst @@ -27,12 +27,12 @@ System admins can customize the following logging options based on your business Console logs ------------ -Console logs feature verbose debug level log messages for general and notification activities that are written to the console using the standard output stream (stdout). You can customize console logs for general and notification activities. See the :ref:`Logging configuration settings ` for details. +Console logs feature verbose debug level log messages for general and notification activities that are written to the console using the standard output stream (stdout). You can customize console logs for general and notification activities. See the :ref:`Logging configuration settings ` for details. File logs --------- -File logs feature info level log messages for general and notification activities, including errors and information around startup, and initialization and webhook debug messages. The file is stored in ``./logs/mattermost.log``, rotated at 100 MB, and archived to a separate file in the same directory. You can customize file logs for general and notification activities. See the :ref:`Logging configuration settings ` for details. +File logs feature info level log messages for general and notification activities, including errors and information around startup, and initialization and webhook debug messages. The file is stored in ``./logs/mattermost.log``, rotated at 100 MB, and archived to a separate file in the same directory. You can customize file logs for general and notification activities. See the :ref:`Logging configuration settings ` for details. .. tip:: @@ -112,13 +112,13 @@ Audit logging .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -By default, Mattermost doesn’t write audit logs locally to a file on the server, and the ability to enable audit logging in Mattermost is currently in :ref:`Beta `. +By default, Mattermost doesn’t write audit logs locally to a file on the server, and the ability to enable audit logging in Mattermost is currently in :ref:`Beta `. You can enable and customize advanced audit logging in Mattermost to record activities and events performed within Mattermost, such as user access to the Mattermost REST API or mmctl. Audit logs are recorded asynchronously to reduce latency to the caller, and are stored separately from general logging. During short spans of inability to write to targets, the audit records buffer in memory with a configurable maximum record cap. Based on typical audit record volumes, it could take many minutes to fill the buffer. After that, the records are dropped, and the record drop event is logged. .. note:: - From Mattermost v7.2, audit logging is a breaking change from previous releases in cases where customers looking to parse previous audit logs with the new format. The format and content of an audit log record has changed to become standardized for all events using a :doc:`standard JSON schema `. Existing tools which ingest or parse audit log records may need to be modified. + From Mattermost v7.2, audit logging is a breaking change from previous releases in cases where customers looking to parse previous audit logs with the new format. The format and content of an audit log record has changed to become standardized for all events using a :doc:`standard JSON schema `. Existing tools which ingest or parse audit log records may need to be modified. From Mattermost v9.3, you can enable and customize advanced logging for AD/LDAP events separately from other logging. @@ -126,7 +126,7 @@ You can enable and customize advanced audit logging in Mattermost to record acti Go to **System Console > Compliance > Audit Logging** to customize audit logging. You can use the sample JSON below as a starting point. - You can customize console logs for :ref:`general ` and :ref:`notification ` activities. + You can customize console logs for :ref:`general ` and :ref:`notification ` activities. Additionally, you can also output audit log records to any combination of `console <#console-target-configuration-options>`__, `local file <#file-target-configuration-options>`__, `syslog <#syslog-target-configuration-options>`__, and `TCP socket <#tcp-target-configuration-options>`__ targets, each featuring additional customization. See `Advanced Logging <#advanced-logging>`__ below for details. @@ -160,7 +160,7 @@ System admins can output log and audit records general, audit, and notification .. tip:: - - From Mattermost v9.11, system admins can configure advanced logging JSON options using the ``mmctl config set`` command. See the :ref:`mmctl config set ` documentation for an example slash command. + - From Mattermost v9.11, system admins can configure advanced logging JSON options using the ``mmctl config set`` command. See the :ref:`mmctl config set ` documentation for an example slash command. - From Mattermost v9.3, system admins can configure advanced logging options in the System Console using multi-line JSON by going to **Environment > Logging**. - Alternatively, admins can configure advanced logging within the ``AdvancedLoggingJSON`` section of the ``config.json`` file using multi-line JSON or escaped JSON as a string. - Mattermost Team Edition customers can output audit log records to the console or a file. @@ -519,12 +519,12 @@ Yes. When updating the audit log configuration via REST API, mmctl, or System Co How do I omit incoming webhook details from the logs? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -See :ref:`enable-webhook-debugging ` +See :ref:`enable-webhook-debugging ` How do I adjust the maximum log field size? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -See :ref:`maximum-field-size ` +See :ref:`maximum-field-size ` How can I configure Advanced logging via environment variables? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/compliance-with-mattermost.rst b/source/administration-guide/compliance-with-mattermost.rst deleted file mode 100644 index 203091199cd..00000000000 --- a/source/administration-guide/compliance-with-mattermost.rst +++ /dev/null @@ -1,25 +0,0 @@ -Compliance with Mattermost -========================== - -Mattermost is purpose-built to help enterprises keep sensitive data safe and compliant in the strictest, most complex environments. Mattermost Enterprise Edition includes features designed to make compliance with all relevant regulations and internal policies easy to achieve and maintain. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Compliance export - Compliance monitoring - Electronic discovery - Data retention - Export channel data - Legal Hold - JSON audit log schema - -* :doc:`Compliance exports ` - Export compliance reports to third-party systems to archive history. -* :doc:`Compliance monitoring ` - Enable oversight and prevent unauthorized queries with compliance exports. -* :doc:`Electronic discovery ` - Extract data from Mattermost for eDiscovery. -* :doc:`Data retention ` - Control how long data is stored in Mattermost with global and custom retention policies to meet data retention compliance requirements. -* :doc:`Export channel data ` - Migrate data between systems and back data up for operational continuity. -* :doc:`Legal Hold ` - Preserve relevant Mattermost information when litigation is anticipated. -* :doc:`JSON audit log schema ` - Learn how to configure Mattermost audit logging using a JSON object. \ No newline at end of file diff --git a/source/administration-guide/configure/configuration-in-your-database.rst b/source/administration-guide/configuration-reference/configuration-in-your-database.rst similarity index 91% rename from source/administration-guide/configure/configuration-in-your-database.rst rename to source/administration-guide/configuration-reference/configuration-in-your-database.rst index be305540d1b..4275b289ca5 100644 --- a/source/administration-guide/configure/configuration-in-your-database.rst +++ b/source/administration-guide/configuration-reference/configuration-in-your-database.rst @@ -4,7 +4,7 @@ Store configuration in your database .. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: -You can use your database as the single source of truth for the active configuration of your Mattermost installation. This changes the Mattermost binary from reading the default ``config.json`` file to reading the configuration settings stored within a configuration table in the database. Mattermost has been running our `community server `__ on this option since the feature was released, and recommends its use for those on :doc:`High Availability deployments `. +You can use your database as the single source of truth for the active configuration of your Mattermost installation. This changes the Mattermost binary from reading the default ``config.json`` file to reading the configuration settings stored within a configuration table in the database. Mattermost has been running our `community server `__ on this option since the feature was released, and recommends its use for those on :doc:`High Availability deployments `. Benefits to using this option: @@ -16,7 +16,7 @@ Benefits to using this option: The Mattermost configuration database and Mattermost application database are 2 different entities. It's possible to store Mattermost configuration in one database and Mattermost data in another database. - To do so, you must update the :ref:`Datasource ` configuration setting to a new data source name, which can be done while the application is running. Explicitly setting the ``MM_SQLSETTINGS_DATASOURCE`` environment variable to override what has been defined in the configuration, whether it's in a database, or in a file, allows the correct data source name to be passed to the Mattermost application. + To do so, you must update the :ref:`Datasource ` configuration setting to a new data source name, which can be done while the application is running. Explicitly setting the ``MM_SQLSETTINGS_DATASOURCE`` environment variable to override what has been defined in the configuration, whether it's in a database, or in a file, allows the correct data source name to be passed to the Mattermost application. How to migrate configuration to the database -------------------------------------------- @@ -56,7 +56,7 @@ Run this command to verify the permissions on your Mattermost directory: Enable local mode ~~~~~~~~~~~~~~~~~ -Edit the ``config.json`` to enable local mode by setting ``EnableLocalMode`` to ``true``. See the :ref:`local mode ` documentation for details on activating and using local mode. +Edit the ``config.json`` to enable local mode by setting ``EnableLocalMode`` to ``true``. See the :ref:`local mode ` documentation for details on activating and using local mode. Restart Mattermost ~~~~~~~~~~~~~~~~~~ @@ -70,7 +70,7 @@ Run the following command to restart the Mattermost server and apply the configu Migrate configuration from ``config.json`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can use the :ref:`mmctl config migrate ` command to migrate the configuration by running the following command: +You can use the :ref:`mmctl config migrate ` command to migrate the configuration by running the following command: .. code-block:: sh @@ -79,7 +79,7 @@ You can use the :ref:`mmctl config migrate ` documentation for details. + - When migrating configuration, Mattermost incorporates configuration from any existing ``MM_*`` environment variables set in the current shell. See :doc:`Environment Variables ` documentation for details. - As with the environment file, you'll have to escape any single quotes in the database connection string. - Any existing SAML certificates will be migrated into the database as well so they are available for all servers in the cluster. When the certificates expire, you can upload new certificates using the System Console or mmctl, which triggers a database update. Replacing the certificate files manually requires a reload of the Mattermost server to re-pull the certificates. Configuration files are stored in the ``configurationfiles`` table in the database. diff --git a/source/administration-guide/configuration-reference/configuration-reference-index.rst b/source/administration-guide/configuration-reference/configuration-reference-index.rst new file mode 100644 index 00000000000..c2e221202d1 --- /dev/null +++ b/source/administration-guide/configuration-reference/configuration-reference-index.rst @@ -0,0 +1,42 @@ +Configuration Settings (Reference) +======================================== + +Reference documentation for all Mattermost configuration settings. Use these pages when you need precise details for System Console options, config.json, environment variables, and related behavior. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + configuration-settings + environment-variables + server-configuration + integrations-configuration-settings + plugins-configuration-settings + reporting-configuration-settings + experimental-configuration-settings + deprecated-configuration-settings + rate-limiting-configuration-settings + push-notification-server-configuration-settings + configuration-in-your-database + + +Apply precise configuration changes with confidence, using fully documented and traceable settings. + +- `Reference and update System Console settings `_ +- `Modify config.json parameters `_ +- `Configure environment variables `_ +- `Apply advanced options across all areas `_ + +- :doc:`Server configuration ` +- :doc:`Configuration settings ` +- :doc:`Configuration in your database ` +- :doc:`Deprecated configuration settings ` +- :doc:`Environment variables ` +- :doc:`Experimental configuration settings ` +- :doc:`Push notification server configuration settings ` +- :doc:`Rate limiting configuration settings ` +- :doc:`Reporting configuration settings ` + + +- :doc:`Integrations configuration settings ` +- :doc:`Plugins configuration settings ` \ No newline at end of file diff --git a/source/administration-guide/configure/configuration-settings.rst b/source/administration-guide/configuration-reference/configuration-settings.rst similarity index 50% rename from source/administration-guide/configure/configuration-settings.rst rename to source/administration-guide/configuration-reference/configuration-settings.rst index f2068509d43..40d31de21c2 100644 --- a/source/administration-guide/configure/configuration-settings.rst +++ b/source/administration-guide/configuration-reference/configuration-settings.rst @@ -8,7 +8,7 @@ System admins for both self-hosted and Cloud Mattermost deployments can manage M .. note:: - - In self-hosted Mattermost deployments, configuration settings are maintained in the ``config.json`` configuration file, located in the ``mattermost/config`` directory, or :doc:`stored in the database `. System admins managing self-hosted deployments can also modify the ``config.json`` file directly using a text editor. + - In self-hosted Mattermost deployments, configuration settings are maintained in the ``config.json`` configuration file, located in the ``mattermost/config`` directory, or :doc:`stored in the database `. System admins managing self-hosted deployments can also modify the ``config.json`` file directly using a text editor. - Mattermost requires write permissions to the ``config.json`` file; otherwise, configuration changes made within the System Console will have no effect. .. toctree:: @@ -16,37 +16,28 @@ System admins for both self-hosted and Cloud Mattermost deployments can manage M :hidden: :titlesonly: - Self-hosted workspace edition and license settings - Cloud workspace subscription, billing, and account settings - Reporting configuration settings - User management configuration settings - System attributes - Environment configuration settings - Site configuration settings - Authentication configuration settings - Plugins configuration settings - Integrations configuration settings - Compliance configuration settings - Experimental configuration settings - Deprecated configuration settings - Bleve search + Reporting configuration settings + Plugins configuration settings + Integrations configuration settings + Experimental configuration settings + Deprecated configuration settings Mattermost configuration settings are organized into the following categories within the System Console: -- :doc:`Self-hosted workspace edition and license settings ` -- :doc:`Cloud workspace subscription, billing, and account settings` -- :doc:`Reporting configuration settings ` -- :doc:`User management configuration settings ` -- :doc:`System attributes ` -- :doc:`Environment configuration settings ` -- :doc:`Site configuration settings ` -- :doc:`Authentication configuration settings ` -- :doc:`Plugins configuration settings ` -- :doc:`Integrations configuration settings ` -- :doc:`Compliance configuration settings ` -- :doc:`Experimental configuration settings ` -- :doc:`Deprecated configuration settings ` -- :doc:`Bleve search ` +- :doc:`Self-hosted workspace edition and license settings ` +- :doc:`Cloud workspace subscription, billing, and account settings` +- :doc:`Reporting configuration settings ` +- :doc:`User management configuration settings ` +- :doc:`System attributes ` +- :doc:`Environment configuration settings ` +- :doc:`Site configuration settings ` +- :doc:`Authentication configuration settings ` +- :doc:`Plugins configuration settings ` +- :doc:`Integrations configuration settings ` +- :doc:`Compliance configuration settings ` +- :doc:`Experimental configuration settings ` +- :doc:`Deprecated configuration settings ` +- :doc:`Bleve search ` Configuration in database -------------------------- @@ -54,7 +45,7 @@ Configuration in database .. include:: ../../_static/badges/selfhosted-only.rst :start-after: :nosearch: -Self-hosted system configuration can be stored in the database. This changes the Mattermost binary from reading the default ``config.json`` file to reading the configuration settings stored within a configuration table in the database. See the :doc:`Mattermost database configuration ` documentation for migration details. +Self-hosted system configuration can be stored in the database. This changes the Mattermost binary from reading the default ``config.json`` file to reading the configuration settings stored within a configuration table in the database. See the :doc:`Mattermost database configuration ` documentation for migration details. Environment variables --------------------- @@ -62,7 +53,7 @@ Environment variables .. include:: ../../_static/badges/selfhosted-only.rst :start-after: :nosearch: -You can use :doc:`environment variables ` to manage Mattermost configuration. Environment variables override settings in ``config.json``. If a change to a setting in ``config.json`` requires a restart to take effect, then changes to the corresponding environment variable also require a server restart. +You can use :doc:`environment variables ` to manage Mattermost configuration. Environment variables override settings in ``config.json``. If a change to a setting in ``config.json`` requires a restart to take effect, then changes to the corresponding environment variable also require a server restart. Configuration reload -------------------- @@ -70,10 +61,10 @@ Configuration reload .. include:: ../../_static/badges/selfhosted-only.rst :start-after: :nosearch: -The “config watcher”, the mechanism that automatically reloads the ``config.json`` file, has been deprecated in favor of the :ref:`mmctl config reload ` command that you must run to apply configuration changes you've made. This improves configuration performance and robustness. +The “config watcher”, the mechanism that automatically reloads the ``config.json`` file, has been deprecated in favor of the :ref:`mmctl config reload ` command that you must run to apply configuration changes you've made. This improves configuration performance and robustness. Deprecated configuration settings --------------------------------- -See the :doc:`deprecated configuration settings documentation ` for details on all deprecated Mattermost configuration settings that are no longer supported. +See the :doc:`deprecated configuration settings documentation ` for details on all deprecated Mattermost configuration settings that are no longer supported. diff --git a/source/administration-guide/configure/deprecated-configuration-settings.rst b/source/administration-guide/configuration-reference/deprecated-configuration-settings.rst similarity index 96% rename from source/administration-guide/configure/deprecated-configuration-settings.rst rename to source/administration-guide/configuration-reference/deprecated-configuration-settings.rst index e5feb63a4f0..d694db2c392 100644 --- a/source/administration-guide/configure/deprecated-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/deprecated-configuration-settings.rst @@ -188,7 +188,7 @@ MessageRetentionDays Set how long Mattermost keeps messages across all teams and channels. This setting doesn't apply to custom retention policies. The minimum time is 1 hour. -From Mattermost v9.5, this setting has been replaced by :ref:`MessageRetentionHours ` which provides more granular control over message retention periods. +From Mattermost v9.5, this setting has been replaced by :ref:`MessageRetentionHours ` which provides more granular control over message retention periods. +-------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"MessageRetentionDays": 365`` with numerical input. | @@ -201,7 +201,7 @@ FileRetentionDays Set how long Mattermost keeps files across all teams and channels. This setting doesn't apply to custom retention policies. The minimum time is 1 hour. -From Mattermost v9.5, this setting has been replaced by :ref:`FileRetentionHours ` which provides more granular control over file retention periods. +From Mattermost v9.5, this setting has been replaced by :ref:`FileRetentionHours ` which provides more granular control over file retention periods. +-------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"FileRetentionDays": 365`` with numerical input. | @@ -474,7 +474,7 @@ Patch React DOM used by plugins This setting enables the patching of the React DOM library when loading web app plugins so that the plugin uses the version matching the web app. This should only be needed temporarily after upgrading to Mattermost v7.7 for plugins that have not been updated yet. Changes to this setting require a server restart before taking effect. -See the :doc:`Important Upgrade Notes ` for more information. +See the :doc:`Important Upgrade Notes ` for more information. **True**: Web app plugins that package their own version of React DOM are patched to instead use the version of React DOM provided by the web app. @@ -493,7 +493,7 @@ Permission policy settings .. note:: - From Mattermost v5.0, these settings are found in the :doc:`Advanced Permissions ` page instead of configuration settings. + From Mattermost v5.0, these settings are found in the :doc:`Advanced Permissions ` page instead of configuration settings. Enable sending team invites from ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -502,7 +502,7 @@ Enable sending team invites from .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Set policy on who can invite others to a team using the **Send Email Invite**, **Get Team Invite Link**, and **Add Members to Team** options on the product menu. If **Get Team Invite Link** is used to share a link, you can expire the invite code from **Team Settings > Invite Code** after the desired users have joined the team. Options include: @@ -569,7 +569,7 @@ Enable public channel deletion for From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. -Restrict the permission level required to delete Public channels. Deleted channels can be recovered from the database using a :doc:`command line tool `. +Restrict the permission level required to delete Public channels. Deleted channels can be recovered from the database using a :doc:`command line tool `. **All channel members**: Allow all channel members to delete public channels. @@ -590,7 +590,7 @@ Enable private channel creation for .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Restrict the permission level required to create private channels. @@ -611,7 +611,7 @@ Enable private channel renaming for .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Restrict the permission level required to rename and set the header or purpose for Private channels. @@ -634,7 +634,7 @@ Enable managing of private channel members for .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Set policy on who can add and remove members from Private channels. @@ -659,7 +659,7 @@ Enable private channel deletion for From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. -Restrict the permission level required to delete Private channels. Deleted channels can be recovered from the database using a :doc:`command line tool `. +Restrict the permission level required to delete Private channels. Deleted channels can be recovered from the database using a :doc:`command line tool `. **All channel members**: Allow all channel members to delete private channels. @@ -680,7 +680,7 @@ Allow which users to delete messages .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Restrict the permission level required to delete messages. Team admins, channel admins, and system admins can delete messages only in channels where they are members. Messages can be deleted any time. @@ -701,7 +701,7 @@ Allow users to edit their messages .. note:: - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the :doc:`Advanced Permissions documentation ` for more details. Set the time limit that users have to edit their messages after posting. @@ -823,7 +823,7 @@ Shared channels settings Enable remote cluster service (Experimental) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Deprecated in November 16th, 2024 release in favor of :ref:`Connected Workspaces ` configuration settings +Deprecated in November 16th, 2024 release in favor of :ref:`Connected Workspaces ` configuration settings This setting isn't available in the System Console and can only be set in ``config.json``. @@ -840,7 +840,7 @@ Enable this setting to add, remove, and view remote clusters for shared channels Enable shared channels (Experimental) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Deprecated in November 16th, 2024 release in favor of :ref:`Connected Workspaces ` configuration settings +Deprecated in November 16th, 2024 release in favor of :ref:`Connected Workspaces ` configuration settings This setting isn't available in the System Console and can only be set in ``config.json``. @@ -864,7 +864,7 @@ User satisfaction surveys plugin settings .. important:: - This plugin is deprecated from Mattermost v10.11, and is no longer included as a pre-packaged plugin for new Mattermost deployments. For new installations, we strongly recommend using the :doc:`Mattermost User Survey integration ` instead. + This plugin is deprecated from Mattermost v10.11, and is no longer included as a pre-packaged plugin for new Mattermost deployments. For new installations, we strongly recommend using the :doc:`Mattermost User Survey integration ` instead. This plugin enables Mattermost to send user satisfaction surveys to gather feedback and improve product quality directly from your Mattermost users. Please refer to the `Mattermost Privacy Policy `__ for more information on the collection and use of information received through Mattermost services. @@ -933,7 +933,7 @@ Enable AD/LDAP group sync **False**: Disables AD/LDAP Group Sync and removes **User Management > Groups** from the System Console. -For more information on AD/LDAP Group Sync, please see the :doc:`AD/LDAP Group Sync documentation `. +For more information on AD/LDAP Group Sync, please see the :doc:`AD/LDAP Group Sync documentation `. +-----------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ExperimentalLdapGroupSync": false`` with options ``true`` and ``false``. | diff --git a/source/administration-guide/configure/environment-variables.rst b/source/administration-guide/configuration-reference/environment-variables.rst similarity index 97% rename from source/administration-guide/configure/environment-variables.rst rename to source/administration-guide/configuration-reference/environment-variables.rst index ff4ca9364b0..f773f84dccf 100644 --- a/source/administration-guide/configure/environment-variables.rst +++ b/source/administration-guide/configuration-reference/environment-variables.rst @@ -21,7 +21,7 @@ The name of the environment variable for any setting can be derived from the nam .. warning:: - - Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see the :doc:`configuration in a database ` documentation. + - Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see the :doc:`configuration in a database ` documentation. - Database connection strings for the database read and search replicas need to be formatted using `URL encoding `__. Incorrectly formatted strings may cause some characters to terminate the string early, resulting in issues when the connection string is parsed. Override Mattermost license file diff --git a/source/administration-guide/configure/experimental-configuration-settings.rst b/source/administration-guide/configuration-reference/experimental-configuration-settings.rst similarity index 96% rename from source/administration-guide/configure/experimental-configuration-settings.rst rename to source/administration-guide/configuration-reference/experimental-configuration-settings.rst index 28c9678be33..f05375fb45b 100644 --- a/source/administration-guide/configure/experimental-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/experimental-configuration-settings.rst @@ -4,7 +4,7 @@ Experimental configuration settings .. include:: ../../_static/badges/allplans-cloud-selfhosted.rst :start-after: :nosearch: -Review and manage the following :ref:`experimental ` configuration options in the System Console by selecting the **Product** |product-list| menu, selecting **System Console**, and then selecting **Experimental > Features**: +Review and manage the following :ref:`experimental ` configuration options in the System Console by selecting the **Product** |product-list| menu, selecting **System Console**, and then selecting **Experimental > Features**: - `Experimental System Console configuration settings <#experimental-system-console-configuration-settings>`__ - `Experimental Bleve configuration settings <#experimental-bleve-configuration-settings>`__ @@ -316,7 +316,7 @@ Enable hardened mode Changes made when hardened mode is enabled: - Failed login returns a generic error message instead of a specific message for username and password. -- If :doc:`multi-factor authentication (MFA) ` is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. +- If :doc:`multi-factor authentication (MFA) ` is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. - Password reset does not inform the user that they can not reset their SSO account through Mattermost and instead claims to have sent the password reset email. - Mattermost sanitizes all 500 errors before returned to the client. Use the supplied ``request_id`` to match user facing errors with the server logs. - Standard users authenticated via username and password can't use post props reserved for integrations, such as ``override_username`` or ``override_icon_url``. @@ -675,7 +675,7 @@ Access the following configuration settings in the System Console by going to ** Enable Bleve indexing ~~~~~~~~~~~~~~~~~~~~~ -**True**: The indexing of new posts occurs automatically. Search queries will not use bleve search until :ref:`Enable Bleve for search queries ` is enabled. +**True**: The indexing of new posts occurs automatically. Search queries will not use bleve search until :ref:`Enable Bleve for search queries ` is enabled. **False**: The indexing of new posts does not occur automatically. @@ -697,7 +697,7 @@ Directory path to use for storing bleve indexes. .. tip:: - The bleve index directory path isn't required to exist within the ``mattermost`` directory. When it exists outside of the ``mattermost`` directory, no additional steps are needed to preserve or reindex these files as part of a Mattermost upgrade. See our :doc:`Upgrading Mattermost Server ` documentation for details. + The bleve index directory path isn't required to exist within the ``mattermost`` directory. When it exists outside of the ``mattermost`` directory, no additional steps are needed to preserve or reindex these files as part of a Mattermost upgrade. See our :doc:`Upgrading Mattermost Server ` documentation for details. +-----------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | @@ -762,7 +762,7 @@ Enable the following settings to output audit events in the System Console by go .. note:: - The ability to enable and configure audit logging is currently in :ref:`Beta `. + The ability to enable and configure audit logging is currently in :ref:`Beta `. .. config:setting:: advanced-logging :displayname: Advanced Logging (Audit Logging > Cloud) @@ -777,7 +777,7 @@ Advanced logging .. include:: ../../_static/badges/ent-cloud-only.rst :start-after: :nosearch: -Output log and audit records to any combination of console, local file, syslog, and TCP socket targets for a Mattermost Cloud deployment. See the :ref:`advanced logging ` documentation for details about logging options. +Output log and audit records to any combination of console, local file, syslog, and TCP socket targets for a Mattermost Cloud deployment. See the :ref:`advanced logging ` documentation for details about logging options. .. config:setting:: enable-audit-logging :displayname: Enable audit logging (Audit Logging > Self-Hosted) @@ -944,7 +944,7 @@ Advanced logging .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -Output log and audit records to any combination of console, local file, syslog, and TCP socket targets for a Mattermost self-hosted deployment. See the :ref:`advanced logging ` documentation for details about logging options. +Output log and audit records to any combination of console, local file, syslog, and TCP socket targets for a Mattermost self-hosted deployment. See the :ref:`advanced logging ` documentation for details about logging options. Experimental configuration settings for self-hosted deployments only -------------------------------------------------------------------- @@ -999,7 +999,7 @@ File Location This setting isn't available in the System Console and can only be set in ``config.json``. -Set the file location of the compliance exports. By default, they are written to the ``exports`` subdirectory of the configured :ref:`Local Storage directory `. +Set the file location of the compliance exports. By default, they are written to the ``exports`` subdirectory of the configured :ref:`Local Storage directory `. +-------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | @@ -1045,7 +1045,7 @@ This setting isn't available in the System Console and can only be set in ``conf .. note:: - The ability to restrict the system admin from viewing and modifying a subset of server configuration settings is currently in :ref:`Beta `. + The ability to restrict the system admin from viewing and modifying a subset of server configuration settings is currently in :ref:`Beta `. .. config:setting:: enable-client-side-certification @@ -1063,7 +1063,7 @@ Enable client-side certification .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -**True**: Enables client-side certification for your Mattermost server. See :doc:`the documentation ` to learn more. +**True**: Enables client-side certification for your Mattermost server. See :doc:`the documentation ` to learn more. **False**: Client-side certification is disabled. @@ -1555,7 +1555,7 @@ Group unread channels This setting isn't available in the System Console and can only be set in ``config.json``. -This setting applies to the new sidebar only. You must disable the :ref:`Enable Legacy Sidebar ` configuration setting to see and enable this functionality in the System Console. +This setting applies to the new sidebar only. You must disable the :ref:`Enable Legacy Sidebar ` configuration setting to see and enable this functionality in the System Console. **Default Off**: Disables the unread channels sidebar section for all users by default. Users can enable it in **Settings > Sidebar > Group unread channels separately**. @@ -1580,7 +1580,7 @@ Enable channel category sorting .. include:: ../../_static/badges/allplans-cloud.rst :start-after: :nosearch: -From Mattermost v10.10, when this :ref:`experimental ` feature is enabled, users can assign channels to new or existing channel categories when creating or renaming channels. This configuration setting applies only to cloud-based deployments. +From Mattermost v10.10, when this :ref:`experimental ` feature is enabled, users can assign channels to new or existing channel categories when creating or renaming channels. This configuration setting applies only to cloud-based deployments. **True**: Users can assign channels to new or existing channel categories when creating or renaming channels. @@ -1631,7 +1631,7 @@ The following values are currently supported: - ``unsafe-eval``: Adds the ``unsafe-eval`` CSP directive to the root webapp, allowing increased debugging in developer environments. - ``unsafe-inline``: Adds the ``unsafe-inline`` CSP directive to the root webapp, allowing increased debugging in developer environments. -This configuration setting is disabled by default and requires :ref:`developer mode ` to be enabled. +This configuration setting is disabled by default and requires :ref:`developer mode ` to be enabled. +----------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"DeveloperFlags": ""`` with string input. | @@ -1680,7 +1680,7 @@ This setting isn't available in the System Console and can only be set in ``conf .. important:: - This experimental configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our :ref:`Enable Document Search by Content ` documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. + This experimental configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our :ref:`Enable Document Search by Content ` documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. **True**: Supported document types are searchable by their filename. @@ -1736,7 +1736,7 @@ This setting isn't available in the System Console and can only be set in ``conf +------------------------------------------------------------------------------------------------+ .. note:: - This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. + This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. .. config:setting:: websocket-port :displayname: Websocket port (Experimental) @@ -1757,7 +1757,7 @@ This setting isn't available in the System Console and can only be set in ``conf +----------------------------------------------------------------------------------------+ .. note:: - This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. + This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. .. config:setting:: enable-local-mode-for-mmctl @@ -1858,7 +1858,7 @@ This setting isn't available in the System Console and can only be set in ``conf Set whether or not this Mattermost server will handle tasks created by the Scheduler. When running Mattermost on a single machine, this setting should always be enabled. -When running Mattermost in :doc:`High Availablity mode `, one or more servers should have this setting enabled. We recommend that your High Availability cluster-based deployment has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. +When running Mattermost in :doc:`High Availablity mode `, one or more servers should have this setting enabled. We recommend that your High Availability cluster-based deployment has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. +------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false``. | @@ -1878,7 +1878,7 @@ This setting isn't available in the System Console and can only be set in ``conf Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. When running Mattermost on a single machine, this setting should always be enabled. -When running Mattermost in :doc:`High Availablity mode `, this setting should always be enabled. In a High Availability cluster-based deployment, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See :doc:`High Availability documentation ` for more details. +When running Mattermost in :doc:`High Availablity mode `, this setting should always be enabled. In a High Availability cluster-based deployment, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See :doc:`High Availability documentation ` for more details. .. warning:: diff --git a/source/administration-guide/configure/integrations-configuration-settings.rst b/source/administration-guide/configuration-reference/integrations-configuration-settings.rst similarity index 97% rename from source/administration-guide/configure/integrations-configuration-settings.rst rename to source/administration-guide/configuration-reference/integrations-configuration-settings.rst index 77680c0b740..e1ef37d967a 100644 --- a/source/administration-guide/configure/integrations-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/integrations-configuration-settings.rst @@ -177,7 +177,7 @@ Enable integrations to override usernames :configjson: .ServiceSettings.EnablePostIconOverride :environment: MM_SERVICESETTINGS_ENABLEPOSTICONOVERRIDE - - **true**: Webhooks, slash commands, and other integrations, such as `Zapier `_, will be allowed to change the profile picture they post with. + - **true**: Webhooks, slash commands, and other integrations, such as Zapier, will be allowed to change the profile picture they post with. - **false**: **(Default)** Webhooks, slash commands, and OAuth 2.0 apps can only post with the profile picture of the account they were set up with. Enable integrations to override profile picture icons @@ -294,7 +294,8 @@ Enable GIF picker +------------------------------------------------------------------------------------------------------------+ .. important:: - :ref:`Link previews ` must be enabled in order to display GIF link previews. Mattermost deployments restricted to access behind a firewall must open port 443 (for all request types) for this feature to work. + + :ref:`Link previews ` must be enabled in order to display GIF link previews. Mattermost deployments restricted to access behind a firewall must open port 443 (for all request types) for this feature to work. ---- @@ -325,7 +326,7 @@ Enable HTTP cross-origin requests from specific domains. .. note:: - Ensure you've entered your :ref:`Site URL ` before enabling this setting to prevent losing access to the System Console after saving. If you lose access to the System Console after changing this setting, you can set your Site URL through the ``config.json`` file. + Ensure you've entered your :ref:`Site URL ` before enabling this setting to prevent losing access to the System Console after saving. If you lose access to the System Console after changing this setting, you can set your Site URL through the ``config.json`` file. +--------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"AllowCorsFrom": ""`` with string input. | diff --git a/source/administration-guide/configure/plugins-configuration-settings.rst b/source/administration-guide/configuration-reference/plugins-configuration-settings.rst similarity index 98% rename from source/administration-guide/configure/plugins-configuration-settings.rst rename to source/administration-guide/configuration-reference/plugins-configuration-settings.rst index 2e8691f2724..43fa922338f 100644 --- a/source/administration-guide/configure/plugins-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/plugins-configuration-settings.rst @@ -137,7 +137,7 @@ Upload Plugin .. note:: - When plugin uploads are enabled, the error ``Received invlaid response from the server`` when uploading a plugin file typically indicates that the - :ref:`MaxFileSize ` configuration setting isn't large enough to support the plugin file upload. Additional proxy setting updateds + :ref:`MaxFileSize ` configuration setting isn't large enough to support the plugin file upload. Additional proxy setting updateds may also be required. - The ability to upload plugin files is disabled when the `Require plugin signature <#require-plugin-signature>`__ configuration setting is enabled. @@ -433,7 +433,7 @@ ICE host override - Depending on the network infrastructure (e.g. instance behind a NAT device) it may be necessary to set this field to the client facing external IP for clients to connect. When empty or unset, the RTC service will attempt to find the instance's public IP through STUN. - A hostname (e.g. domain name) can be specified in this setting, but an IP address will be passed to clients. This means that a DNS resolution happens on the Mattermost instance which could result in a different IP address from the one the clients would see, causing connectivity to fail. When in doubt, we recommend using an IP address directly or confirming that the resolution on the host side reflects the one on the client. -.. |ice_host_override_link| replace:: :ref:`ICE Host Override ` +.. |ice_host_override_link| replace:: :ref:`ICE Host Override ` .. config:setting:: ice-host-overrideportoverride :displayname: ICE host port override (Plugins - Calls) @@ -515,7 +515,7 @@ Max call participants .. note:: - The environment variable ``MM_CALLS_MAX_PARTICIPANTS`` is deprecated in favor of ``MM_CALLS_MAX_CALL_PARTICIPANTS``. - - This setting is optional, but the recommended maximum number of participants is **50**. Call participant limits greatly depends on instance resources. See the :doc:`Calls self-hosted deployment ` documentation for details. + - This setting is optional, but the recommended maximum number of participants is **50**. Call participant limits greatly depends on instance resources. See the :doc:`Calls self-hosted deployment ` documentation for details. .. config:setting:: ice-servers-configurations @@ -545,7 +545,7 @@ ICE servers configurations - The configurations above, containing STUN and TURN servers, are sent to the clients and used to generate local candidates. - If hosting calls through the plugin (i.e. not using the |rtcd_service|) any configured STUN server may also be used to find the instance's public IP when none is provided through the |ice_host_override_link| option. -.. |rtcd_service| replace:: :ref:`rtcd service ` +.. |rtcd_service| replace:: :ref:`rtcd service ` **Example** @@ -780,7 +780,7 @@ Call recording quality +-----------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. note:: - The quality setting will affect the performance of the job service and the file size of recordings. Refer to the :ref:`deployment section ` for more information. + The quality setting will affect the performance of the job service and the file size of recordings. Refer to the :ref:`deployment section ` for more information. .. config:setting:: enable-pluginscalltranscriptions :displayname: Enable call transcriptions (Plugins - Calls) @@ -805,9 +805,9 @@ Enable call transcriptions +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+ .. note:: - - The ability to enable call transcriptions in Mattermost calls is currently in :ref:`Beta `. + - The ability to enable call transcriptions in Mattermost calls is currently in :ref:`Beta `. - This server-side configuration setting is available from plugin version 0.22. - - Call transcriptions require :ref:`call recordings ` to be enabled. + - Call transcriptions require :ref:`call recordings ` to be enabled. .. config:setting:: transcriber-model-size :displayname: Call transcriber model size (Plugins - Calls) @@ -830,7 +830,7 @@ Transcriber model size +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------+ .. note:: - This setting is available starting in plugin version 0.22. The model size setting will affect the performance of the job service. Refer to the :ref:`configure call recordings, transcriptions, and live captions ` documentation for more information. + This setting is available starting in plugin version 0.22. The model size setting will affect the performance of the job service. Refer to the :ref:`configure call recordings, transcriptions, and live captions ` documentation for more information. .. config:setting:: call-transcriber-threads :displayname: Call transcriber threads (Plugins - Calls) @@ -853,7 +853,7 @@ Call transcriber threads +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. note:: - The call transcriber threads setting will affect the performance of the job service. Refer to the :ref:`configure call recordings, transcriptions, and live captions ` documentation for more information. This setting is available starting in plugin version 0.26.2. + The call transcriber threads setting will affect the performance of the job service. Refer to the :ref:`configure call recordings, transcriptions, and live captions ` documentation for more information. This setting is available starting in plugin version 0.26.2. .. config:setting:: enable-pluginslivecaptions :displayname: (Experimental) Enable live captions (Plugins - Calls) @@ -881,9 +881,9 @@ Enable live captions +---------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------+ .. note:: - - The ability to enable live call captions in Mattermost calls is currently in :ref:`Beta `. + - The ability to enable live call captions in Mattermost calls is currently in :ref:`Beta `. - This server-side configuration setting is available starting in plugin version 0.26.2. - - Live captions require :ref:`call recordings ` and :ref:`call transcriptions ` to be enabled. + - Live captions require :ref:`call recordings ` and :ref:`call transcriptions ` to be enabled. .. config:setting:: live-captions-model-size :displayname: Live captions: Model size (Plugins - Calls) @@ -1019,7 +1019,7 @@ Enable call ringing .. note:: - The ability to enable call ringing in Mattermost calls is in :ref:`Beta `. + The ability to enable call ringing in Mattermost calls is in :ref:`Beta `. .. config:setting:: enable-pluginsav1 :displayname: Enable AV1 codec for screen sharing (Plugins - Calls) @@ -1401,7 +1401,7 @@ Enable vision +------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+ .. note:: - This feature is in :ref:`Beta `. When enabled, the LLM can interact with prompts that include image-related input, such as image analysis, visual-related assistance, and visual outputs, where supported. + This feature is in :ref:`Beta `. When enabled, the LLM can interact with prompts that include image-related input, such as image analysis, visual-related assistance, and visual outputs, where supported. .. config:setting:: agent-enable-tools :displayname: Enable Tools (Plugins - Agents) @@ -1540,7 +1540,7 @@ Enable embedding search +-----------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------+ .. note:: - Embedding search requires an Enterprise license and is available as an :ref:`experimental ` feature. You must also enable the ``pgvector`` extension in your PostgreSQL database. Performance may vary with large datasets. + Embedding search requires an Enterprise license and is available as an :ref:`experimental ` feature. You must also enable the ``pgvector`` extension in your PostgreSQL database. Performance may vary with large datasets. .. config:setting:: agent-embedding-provider :displayname: Embedding Provider (Plugins - Agents - Embedding Search) @@ -1785,7 +1785,7 @@ Legal hold .. include:: ../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -See the :doc:`Legal holds ` product documentation for details. +See the :doc:`Legal holds ` product documentation for details. ---- @@ -2039,7 +2039,7 @@ Performance metrics .. include:: ../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -See the :doc:`Monitor performance metrics ` product documentation for available :ref:`Mattermost configuration options `. +See the :doc:`Monitor performance metrics ` product documentation for available :ref:`Mattermost configuration options `. ---- diff --git a/source/administration-guide/configure/push-notification-server-configuration-settings.rst b/source/administration-guide/configuration-reference/push-notification-server-configuration-settings.rst similarity index 95% rename from source/administration-guide/configure/push-notification-server-configuration-settings.rst rename to source/administration-guide/configuration-reference/push-notification-server-configuration-settings.rst index bfd75005706..d0c83a7c1c8 100644 --- a/source/administration-guide/configure/push-notification-server-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/push-notification-server-configuration-settings.rst @@ -91,7 +91,7 @@ To avoid this risk, Mattermost can be configured to replace mobile notification .. note:: Because of the extra steps to retrieve the notifications messages under Mattermost’s private mobility capability with ID-only push notifications, end users may experience a slight delay before the mobile notification is fully displayed compared to sending clear text through Apple and Google’s platform. -See our :ref:`configuration settings ` documentation to learn more about the ID-only push notifications configuration setting. See our :ref:`Mobile Apps FAQ documentation ` for details on using ID-only push notifications for data privacy. +See our :ref:`configuration settings ` documentation to learn more about the ID-only push notifications configuration setting. See our :ref:`Mobile Apps FAQ documentation ` for details on using ID-only push notifications for data privacy. .. config:setting:: push-notification-server-location :displayname: Push notification server location (Push Notifications) @@ -132,7 +132,7 @@ Maximum notifications per channel .. note:: - - We recommend increasing this value a little at a time, monitoring system health by tracking :doc:`performance monitoring metrics `, and only increasing this value if large channels have restricted permissions controlling who can post to the channel, such as a :ref:`read-only channel `. + - We recommend increasing this value a little at a time, monitoring system health by tracking :doc:`performance monitoring metrics `, and only increasing this value if large channels have restricted permissions controlling who can post to the channel, such as a :ref:`read-only channel `. - Reducing this configuration setting value to **10** in larger deployments may improve server performance in the following areas: - **Reduced Load on Notification System**: Each notification generates a certain amount of computational and network load. By limiting the number of notifications per channel, the system processes fewer notifications, thereby reducing the load on servers. diff --git a/source/administration-guide/configure/rate-limiting-configuration-settings.rst b/source/administration-guide/configuration-reference/rate-limiting-configuration-settings.rst similarity index 100% rename from source/administration-guide/configure/rate-limiting-configuration-settings.rst rename to source/administration-guide/configuration-reference/rate-limiting-configuration-settings.rst diff --git a/source/administration-guide/configure/reporting-configuration-settings.rst b/source/administration-guide/configuration-reference/reporting-configuration-settings.rst similarity index 92% rename from source/administration-guide/configure/reporting-configuration-settings.rst rename to source/administration-guide/configuration-reference/reporting-configuration-settings.rst index 431bdceaef0..06007d4c5aa 100644 --- a/source/administration-guide/configure/reporting-configuration-settings.rst +++ b/source/administration-guide/configuration-reference/reporting-configuration-settings.rst @@ -25,7 +25,7 @@ Site statistics .. note:: - - Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspaces ` users aren't counted towards the total number of activated users. + - Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspaces ` users aren't counted towards the total number of activated users. - For billing purposes, activated guest accounts do consume a licensed seat, which is returned when the guest account is deactivated. This means that guest accounts count as a paid user in your Mattermost :doc:`workspace ` ---- @@ -41,7 +41,7 @@ Team statistics .. note:: - Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspaces ` users aren't counted towards the total number of active users. + Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspaces ` users aren't counted towards the total number of active users. ---- @@ -60,7 +60,7 @@ Server logs .. tip:: - From Mattermost v10.9, you can toggle between JSON and plain text server logs in the System Console when console log output is configured as :ref:`JSON ` by specifying the log format as **JSON** or **Plain text**. This option is located in the top right corner of the page **Server logs** page. + From Mattermost v10.9, you can toggle between JSON and plain text server logs in the System Console when console log output is configured as :ref:`JSON ` by specifying the log format as **JSON** or **Plain text**. This option is located in the top right corner of the page **Server logs** page. ---- diff --git a/source/administration-guide/configuration-reference/server-configuration.rst b/source/administration-guide/configuration-reference/server-configuration.rst new file mode 100644 index 00000000000..93694d19cf3 --- /dev/null +++ b/source/administration-guide/configuration-reference/server-configuration.rst @@ -0,0 +1,41 @@ +Server configuration +===================== + +This Server Configuration Guide is organized into sections to provide you with the tools and knowledge necessary to configure your Mattermost server for improved efficiency, scalability, and functionality. + +Whether you’re setting up email notifications, optimizing search capabilities, enabling high availability, or configuring telemetry, this guide covers all aspects of server setup and management. Use the navigation below to access detailed instructions for each topic. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Store configuration in your database + Server configuration options + Set up attribute-based access controls + Set up Mattermost Agents + Install Mattermost Boards + Manage user attributes + Environment variables + Customize the server + SMTP email setup + Email templates + Chinese, Japanese, and Korean search + SSL client certificate setup + Connected workspaces + Telemetry + +* :doc:`Store configuration in your database ` - Learn how to store configuration information in your Mattermost database rather than as a JSON file. +* :doc:`Server configuration options ` - Learn about server configuration options for Mattermost. +* :doc:`Set up attribute-based access controls ` - Learn how to set up attribute-based access controls for your Mattermost instance for Zero Trust Security. +* :doc:`Set up Mattermost Agents` - Learn how to enable AI-powered Agents for your Mattermost instance. +* :doc:`Install Mattermost Boards ` - Learn how to install and configure the Boards plugin for your Mattermost instance. +* :doc:`Manage custom user attributes ` - Learn how to manage custom user attributes in user profiles in Mattermost. +* :doc:`Environment variables ` - Learn how to use environment variables for Mattermost configuration. +* :doc:`Customize the server ` - Learn about customizing branding for Mattermost server. +* :doc:`SMTP email setup ` - Learn how to set up SMTP email for Mattermost. +* :doc:`Email templates ` - Learn about customizing email templates for Mattermost. +* :doc:`Chinese, Japanese, and Korean search ` - Learn about enabling Chinese, Japanese, and Korean search for Mattermost. +* :doc:`SSL client certificate setup ` - Learn how to set up SSL client certificates for Mattermost. +* :doc:`Connected workspaces ` - Learn how to connect Mattermost workspaces. +* :doc:`Telemetry ` - Learn about Mattermost telemetry and data collection. \ No newline at end of file diff --git a/source/administration-guide/upgrade/admin-onboarding-tasks.rst b/source/administration-guide/getting-started/admin-onboarding-tasks.rst similarity index 65% rename from source/administration-guide/upgrade/admin-onboarding-tasks.rst rename to source/administration-guide/getting-started/admin-onboarding-tasks.rst index 3126234f32a..ac837e285a8 100644 --- a/source/administration-guide/upgrade/admin-onboarding-tasks.rst +++ b/source/administration-guide/getting-started/admin-onboarding-tasks.rst @@ -17,21 +17,21 @@ Getting started tasks - SMTP - Push Notification server -These settings can also be set in the ``config.json`` file. Please see our :doc:`configuration settings documentation ` for a full listing of all configuration settings. +These settings can also be set in the ``config.json`` file. Please see our :doc:`configuration settings documentation ` for a full listing of all configuration settings. 2. Adjust settings under **System Console > Site Configuration** to brand and customize how users will interact with the site. Be sure to update the Support Email and Help Link in Mattermost under **System Console > Site Configuration > Customization** to provide your users a resource for password resets or questions on their Mattermost account. - The Support email is used on email notifications and during tutorial for users to ask support questions. - The Help Link is on the Mattermost login page, sign-up pages, and Main Menu and can be used to to link to your help desk ticketing system. -These settings can also be set in the ``config.json`` file. Please see our :doc:`configuration settings documentation ` for a full listing of all configuration settings. +These settings can also be set in the ``config.json`` file. Please see our :doc:`configuration settings documentation ` for a full listing of all configuration settings. 3. Begin to onboard users by enabling account creation or by connecting an authentication service to assist with user provisioning. -- Users can be pre-provisioned with migration and bulk loading data processes based on prior collaboration systems. Please see our :ref:`migration guide ` and :doc:`bulk loading documentation ` for additional details. -- :doc:`AD/LDAP authentication ` and :doc:`SAML authentication ` are available for some subscription plans, providing identity management, single sign-on, and automatic account provisioning. + - Users can be pre-provisioned with migration and bulk loading data processes based on prior collaboration systems. Please see our :doc:`migration guide ` and :doc:`bulk loading documentation ` for additional details. +- :doc:`AD/LDAP authentication ` and :doc:`SAML authentication ` are available for some subscription plans, providing identity management, single sign-on, and automatic account provisioning. -If your organization requires more structure and project management artifacts for the implementation of Mattermost, please see our :doc:`Enterprise roll out checklist `. +If your organization requires more structure and project management artifacts for the implementation of Mattermost, please see our :doc:`Enterprise roll out checklist `. Important administration notes ------------------------------ @@ -39,25 +39,25 @@ Important administration notes **DO NOT manipulate the Mattermost database** - In particular, DO NOT manually delete data from the database directly. Mattermost is designed as a continuous archive and cannot be supported after manual manipulation. -- If you need to permanently delete a team or user, use the :ref:`mmctl user delete ` command or the :ref:`mmctl user deletall ` command. +- If you need to permanently delete a team or user, use the :ref:`mmctl user delete ` command or the :ref:`mmctl user deletall ` command. Common tasks ------------ **Creating System admin account from the command line** -- If the System admin leaves the organization or is otherwise unavailable, you can use the :ref:`mmctl roles ` commands to assign the *system_admin* role to an existing user. +- If the System admin leaves the organization or is otherwise unavailable, you can use the :ref:`mmctl roles ` commands to assign the *system_admin* role to an existing user. - The user needs to log out and log back in before the *system_admin* role is applied. **Migrating to AD/LDAP or SAML from email-based authentication** -- If you have a Mattermost Enterprise or Professional plan, you can migrate from email authentication to Active Directory/LDAP or to SAML Single Sign-on. To set up Active Directory/LDAP, see :doc:`Active Directory/LDAP Setup `. To set up SAML Single Sign-on, see :doc:`SAML Single-Sign-On `. +- If you have a Mattermost Enterprise or Professional plan, you can migrate from email authentication to Active Directory/LDAP or to SAML Single Sign-on. To set up Active Directory/LDAP, see :doc:`Active Directory/LDAP Setup `. To set up SAML Single Sign-on, see :doc:`SAML Single-Sign-On `. - After the new authentication method is enabled, existing users cannot use the new method until they go to **Settings > Security > Sign-in method** and select **Switch to using AD/LDAP** or **Switch to using SAML Single Sign-on**. After they have switched, they can no longer use their email and password to log in. **Deactivating a user** - System admins can go to **System Console > Users** for a list of all users on the server. The list can be searched and filtered to make finding the user easier. Click the user's role and in the menu that opens, click **Deactivate**. -- To preserve audit history, users are typically never deleted from the system. If permanently deleting a user is necessary (e.g. for the purposes of `GDPR `__), an :doc:`mmctl command ` can be used to do so. +- To preserve audit history, users are typically never deleted from the system. If permanently deleting a user is necessary (e.g. for the purposes of `GDPR `__), an :doc:`mmctl command ` can be used to do so. - Note that AD/LDAP user accounts cannot be deactivated from Mattermost; they must be deactivated from your Active Directory. **Checking for a valid license in Enterprise Edition without logging in** @@ -79,7 +79,7 @@ When you upgrade your Mattermost server frequently, your users can access new fe Mattermost releases regular updates to `Mattermost Team Edition `_ and `Mattermost Enterprise Edition `_. See the :doc:`release life cycle ` documentation for component life cycle details details. -Upgrading your Mattermost server only takes a few minutes. See the :doc:`Upgrade Guide ` for step-by-step instructions. +Upgrading your Mattermost server only takes a few minutes. See the :doc:`Upgrade Guide ` for step-by-step instructions. **2. Install plugins** @@ -105,44 +105,44 @@ To enable integrations such as webhooks, slash commands, OAuth2.0, and bots, to **3. Enable automatically extended sessions** -Keep your desktop and mobile users logged in and `extend user sessions automatically `__ by setting **System Console > Sessions > Extend session length with activity** to **true**. See the :ref:`Extend session length with activity ` configuration settings documentation for details. +Keep your desktop and mobile users logged in and `extend user sessions automatically `__ by setting **System Console > Sessions > Extend session length with activity** to **true**. See the :ref:`Extend session length with activity ` configuration settings documentation for details. **4. Enable full content push notifications** -Enable push notifications on mobile devices to deliver messages in real time by setting **System Console > Push Notification Server > Enable Push Notifications** to **Use TPNS**. See the :ref:`Push notification server ` configuration settings documentation for details. +Enable push notifications on mobile devices to deliver messages in real time by setting **System Console > Push Notification Server > Enable Push Notifications** to **Use TPNS**. See the :ref:`Push notification server ` configuration settings documentation for details. -Enable full content push notifications, including the sender’s name, the channel name, and the message text, by setting **System Console > Notifications > Push Notification Contents** to **Full message contents**. See the :ref:`Push notification contents ` configuration settings documentation for details. +Enable full content push notifications, including the sender’s name, the channel name, and the message text, by setting **System Console > Notifications > Push Notification Contents** to **Full message contents**. See the :ref:`Push notification contents ` configuration settings documentation for details. .. note:: - Mattermost subscription plans allow you to enable HPNS that includes production-level uptime SLAs. - - Mattermost Enterprise customers can :ref:`enable ID-Only push notifications ` so push notification content is not passed through Apple Push Notification Service (APNS) or Google Firebase Cloud Messaging (FCM) before reaching the device. The ID-only push notification setting `offers a high level of privacy `__ while allowing team members to benefit from mobile push notifications. + - Mattermost Enterprise customers can :ref:`enable ID-Only push notifications ` so push notification content is not passed through Apple Push Notification Service (APNS) or Google Firebase Cloud Messaging (FCM) before reaching the device. The ID-only push notification setting `offers a high level of privacy `__ while allowing team members to benefit from mobile push notifications. **5. Enable custom emoji** -:doc:`Emojis ` enable users to express concepts such as emotions and physical gestures in messages. Enable the emoji picker by setting **System Console > Emoji > Enable Emoji Picker** to **true**. See the :ref:`Enable emoji picker ` configuration settings documentation for details. +:doc:`Emojis ` enable users to express concepts such as emotions and physical gestures in messages. Enable the emoji picker by setting **System Console > Emoji > Enable Emoji Picker** to **true**. See the :ref:`Enable emoji picker ` configuration settings documentation for details. -Empower users to create and share their own custom emojis by setting **System Console > Emoji > Enable Custom Emoji** to **true**. See the :ref:`Enable custom emoji ` configuration settings documentation for details. +Empower users to create and share their own custom emojis by setting **System Console > Emoji > Enable Custom Emoji** to **true**. See the :ref:`Enable custom emoji ` configuration settings documentation for details. **6. Enable GIF picker** -GIFs are animated images that can make messaging more fun and engaging. Enable users to access the Mattermost GIF picker from the message draft area by setting **System Console > GIF (Beta) > Enable GIF Picker** to **true**. See the :ref:`Enable GIF picker ` configuration settings documentation for details. +GIFs are animated images that can make messaging more fun and engaging. Enable users to access the Mattermost GIF picker from the message draft area by setting **System Console > GIF (Beta) > Enable GIF Picker** to **true**. See the :ref:`Enable GIF picker ` configuration settings documentation for details. **7. Enable link previews** -Link previews provide a visual glimpse of relevant content for links shared in messages. Enable link previews by setting **System Console > Posts > Enable Link Previews** to **true**. See the :ref:`Enable link previews ` configuration settings documentation for details. +Link previews provide a visual glimpse of relevant content for links shared in messages. Enable link previews by setting **System Console > Posts > Enable Link Previews** to **true**. See the :ref:`Enable link previews ` configuration settings documentation for details. **8. Enable batched email notifications** Email notifications can be batched together so users don’t get overwhelmed with too many emails. -Enable email notifications first by setting **System Console > Notifications > Enable Email Notifications** to **true**. See the :ref:`Enable email notifications ` configuration settings documentation for details. Note that email notifications require an :ref:`SMTP email server ` to be configured. +Enable email notifications first by setting **System Console > Notifications > Enable Email Notifications** to **true**. See the :ref:`Enable email notifications ` configuration settings documentation for details. Note that email notifications require an :ref:`SMTP email server ` to be configured. -Then, enable batched email notifications by setting **System Console > Notifications > Enable Email Batching** to **true**. See the :ref:`Enable email batching ` configuration settings documentation for details. Note that email batching is not available if you are running your deployment in :doc:`High Availability `. +Then, enable batched email notifications by setting **System Console > Notifications > Enable Email Batching** to **true**. See the :ref:`Enable email batching ` configuration settings documentation for details. Note that email batching is not available if you are running your deployment in :doc:`High Availability `. **9. Enable Elasticsearch** -Mattermost Enterprise customers can enable :doc:`enterprise search ` for optimized search performance at enterprise-scale. Both Elasticsearch and AWS OpenSearch solve many known issues with full text database search, such as dots, dashes, and email addresses returning unexpected results. +Mattermost Enterprise customers can enable :doc:`enterprise search ` for optimized search performance at enterprise-scale. Both Elasticsearch and AWS OpenSearch solve many known issues with full text database search, such as dots, dashes, and email addresses returning unexpected results. -Enable Elasticsearch by setting **System Console > Elasticsearch > Enable Indexing** to **true**. See the :ref:`Elasticsearch ` configuration settings documentation for details. Enabling Elasticsearch requires :ref:`setting up an Elasticsearch server `. +Enable Elasticsearch by setting **System Console > Elasticsearch > Enable Indexing** to **true**. See the :ref:`Elasticsearch ` configuration settings documentation for details. Enabling Elasticsearch requires :ref:`setting up an Elasticsearch server `. diff --git a/source/administration-guide/configure/authentication-configuration-settings.rst b/source/administration-guide/getting-started/authentication-configuration-settings.rst similarity index 97% rename from source/administration-guide/configure/authentication-configuration-settings.rst rename to source/administration-guide/getting-started/authentication-configuration-settings.rst index fb17bfa0582..e446c86b73b 100644 --- a/source/administration-guide/configure/authentication-configuration-settings.rst +++ b/source/administration-guide/getting-started/authentication-configuration-settings.rst @@ -63,7 +63,7 @@ Enable account creation .. note:: - LDAP and SAML users can always create a Mattermost account by logging in using LDAP or SAML user credentials, regardless of whether this configuration setting is enabled. - - From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. + - From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. - See the encryption options documentation for details on what :ref:`encryption methods ` Mattermost supports for SAML. .. config:setting:: restrict-account-creation-to-specified-email-domains @@ -73,7 +73,7 @@ Enable account creation :environment: MM_TEAMSETTINGS_RESTRICTCREATIONTODOMAINS This setting limits the email address domains that can be used to create a new account or team. - You **must** set `Require Email Verification `__ to ``true`` for the restriction to function. + You **must** set `Require Email Verification `__ to ``true`` for the restriction to function. This setting only affects email login. String input of a comma-separated list of domains, i.e. ``corp.mattermost.com, mattermost.com`` @@ -83,7 +83,7 @@ Restrict account creation to specified email domains +--------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+ | This setting limits the email address domains that can be used to create a new account or team. | - System Config path: **Authentication > Signup** | -| You **must** set :ref:`Require Email Verification ` | - ``config.json`` setting: ``TeamSettings`` > ``RestrictCreationToDomains`` | +| You **must** set :ref:`Require Email Verification ` | - ``config.json`` setting: ``TeamSettings`` > ``RestrictCreationToDomains`` | | to ``true`` for the restriction to function. This setting only affects email login. | - Environment variable: ``MM_TEAMSETTINGS_RESTRICTCREATIONTODOMAINS`` | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -209,7 +209,7 @@ Enable sign-in with email .. note:: - To provide users with only a single email sign in option on the login page, ensure that the `enable sign-in with username <#enable-sign-in-with-username>`__ configuration setting is set to **false**. - - From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. + - From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. .. config:setting:: enable-sign-in-with-username @@ -342,7 +342,7 @@ Enable forgot password link .. note:: You can customize the **Forgot Password** link URL by going to **Site Configuration > Customization > Forgot Password Custom Link**. - See the :ref:`configuration ` documentation for details. + See the :ref:`configuration ` documentation for details. ---- @@ -362,7 +362,7 @@ We recommend deploying Mattermost within your own private network, and using VPN :configjson: .ServiceSettings.EnableMultifactorAuthentication :environment: MM_SERVICESETTINGS_ENABLEMULTIFACTORAUTHENTICATION - - **true**: Users who sign-in with AD/LDAP or an email address have the option to add `multi-factor authentication `__ to their accounts. + - **true**: Users who sign-in with AD/LDAP or an email address have the option to add `multi-factor authentication `__ to their accounts. - **false**: **(Default)** Disables multi-factor authentication. Enable multi-factor authentication @@ -370,7 +370,7 @@ Enable multi-factor authentication +------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------+ | - **true**: Users who sign-in with AD/LDAP or an email address have the option to add | - System Config path: **Authentication > MFA** | -| :doc:`multi-factor authentication ` to their accounts. | - ``config.json`` setting: ``ServiceSettings`` > ``EnableMultifactorAuthentication`` > ``false`` | +| :doc:`multi-factor authentication ` to their accounts. | - ``config.json`` setting: ``ServiceSettings`` > ``EnableMultifactorAuthentication`` > ``false`` | | - **false**: **(Default)** Disables multi-factor authentication. | - Environment variable: ``MM_SERVICESETTINGS_ENABLEMULTIFACTORAUTHENTICATION`` | +------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------+ @@ -380,7 +380,7 @@ Enable multi-factor authentication :configjson: .ServiceSettings.EnforceMultifactorAuthentication :environment: MM_SERVICESETTINGS_ENFORCEMULTIFACTORAUTHENTICATION - - **true**: Requires `multi-factor authentication (MFA) `__ for users who sign-in with AD/LDAP or an email address. + - **true**: Requires `multi-factor authentication (MFA) `__ for users who sign-in with AD/LDAP or an email address. New users must configure MFA. Logged in users are redirected to the MFA setup page until configuration is complete. - **false**: MFA is optional. @@ -392,7 +392,7 @@ Enforce multi-factor authentication +-------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+ | - **true**: Requires `multi-factor authentication (MFA) | - System Config path: **Authentication > MFA** | -| `__ | - ``config.json`` setting: ``ServiceSettings`` > ``EnforceMultifactorAuthentication`` > ``false`` | +| `__ | - ``config.json`` setting: ``ServiceSettings`` > ``EnforceMultifactorAuthentication`` > ``false`` | | for users who sign-in with AD/LDAP or an email address. | - Environment variable: ``MM_SERVICESETTINGS_ENFORCEMULTIFACTORAUTHENTICATION`` | | New users must set up MFA. Logged in users are redirected to the MFA | | | setup page until configuration is complete. | | @@ -741,7 +741,7 @@ Group filter +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------+ .. note:: - This filter is only used when AD/LDAP Group Sync is enabled. See :doc:`AD/LDAP Group Sync ` for more information. + This filter is only used when AD/LDAP Group Sync is enabled. See :doc:`AD/LDAP Group Sync ` for more information. .. config:setting:: enable-admin-filter :displayname: Enable admin filter (AD/LDAP > User Filters) @@ -824,7 +824,7 @@ ID attribute +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------+ .. note:: - If a user's ID Attribute changes, a new Mattermost account is created that is not associated with the previous account. If you need to change this field after users have signed-in, use the :ref:`mmctl ldap idmigrate ` command. + If a user's ID Attribute changes, a new Mattermost account is created that is not associated with the previous account. If you need to change this field after users have signed-in, use the :ref:`mmctl ldap idmigrate ` command. .. config:setting:: login-id-attribute :displayname: Login ID attribute (AD/LDAP > Account Synchronization) @@ -1011,7 +1011,7 @@ Group display name attribute +--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+ .. note:: - This attribute is only used when AD/LDAP Group Sync is enabled and it is **required**. See the :doc:`AD/LDAP Group Sync documentation ` for more information. + This attribute is only used when AD/LDAP Group Sync is enabled and it is **required**. See the :doc:`AD/LDAP Group Sync documentation ` for more information. .. config:setting:: group-id-attribute :displayname: Group ID attribute (AD/LDAP > Group Synchronization) @@ -1035,7 +1035,7 @@ Group ID attribute +--------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------+ .. note:: - This attribute is only used when AD/LDAP Group Sync is enabled and it is **required**. See the :doc:`AD/LDAP Group Sync documentation ` for more information. + This attribute is only used when AD/LDAP Group Sync is enabled and it is **required**. See the :doc:`AD/LDAP Group Sync documentation ` for more information. Synchronization performance ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1155,7 +1155,7 @@ Re-add removed members on sync .. note:: - The :ref:`mmctl ldap sync ` command takes precedence over this server configuration setting. If you have this setting disabled, and run the mmctl command with the ``--include-removed-members`` flag, removed members will be re-added during LDAP synchronization. + The :ref:`mmctl ldap sync ` command takes precedence over this server configuration setting. If you have this setting disabled, and run the mmctl command with the ``--include-removed-members`` flag, removed members will be re-added during LDAP synchronization. .. _saml-enterprise: @@ -1181,7 +1181,7 @@ See the encryption options documentation for details on what :ref:`encryption me :configjson: .SamlSettings.Enable :environment: MM_SAMLSETTINGS_ENABLE - - **true**: Enables sign-in with SAML. See `SAML Single Sign-On `__ to learn more. + - **true**: Enables sign-in with SAML. See `SAML Single Sign-On `__ to learn more. - **false**: **(Default)** Disables sign-in with SAML. Enable login with SAML @@ -1191,7 +1191,7 @@ Enable login with SAML :start-after: :nosearch: +---------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------+ -| - **true**: Enables sign-in with SAML. See :doc:`SAML Single Sign-On ` to learn more. | - System Config path: **Authentication > SAML 2.0** | +| - **true**: Enables sign-in with SAML. See :doc:`SAML Single Sign-On ` to learn more. | - System Config path: **Authentication > SAML 2.0** | | - **false**: **(Default)** Disables sign-in with SAML. | - ``config.json`` setting: ``SamlSettings`` > ``Enable`` > ``false`` | | | - Environment variable: ``MM_SAMLSETTINGS_ENABLE`` | +---------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------+ @@ -1219,7 +1219,7 @@ Enable synchronizing SAML accounts with AD/LDAP | - **false**: **(Default)** Disables syncing of SAML-authenticated Mattermost users with AD/LDAP. | | +--------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------+ -See :doc:`AD/LDAP Setup ` to learn more. +See :doc:`AD/LDAP Setup ` to learn more. .. config:setting:: ignore-guest-users-when-synchronizing-with-adldap :displayname: Ignore guest users when synchronizing with AD/LDAP (SAML) @@ -1245,7 +1245,7 @@ Ignore guest users when synchronizing with AD/LDAP | Guest Users that are no longer active on the AD/LDAP server. | | +-----------------------------------------------------------------------------------------+------------------------------------------------------------------------------------+ -For more information, see :doc:`AD/LDAP Setup ` for details. +For more information, see :doc:`AD/LDAP Setup ` for details. .. config:setting:: override-saml-bind-data-with-adldap-information :displayname: Override SAML bind data with AD/LDAP information (SAML) @@ -1273,7 +1273,7 @@ Override SAML bind data with AD/LDAP information .. note:: - This setting should be **false** unless LDAP sync is enabled. Changing this setting from **true** to **false** will disable the override. - SAML IDs must match LDAP IDs when the override is enabled. - - For more information, see :doc:`AD/LDAP Setup ` for details. + - For more information, see :doc:`AD/LDAP Setup ` for details. .. config:setting:: identity-provider-metadata-url :displayname: Identity provider metadata URL (SAML) @@ -1975,7 +1975,7 @@ Enable OAuth 2.0 authentication with Google | - **true**: Allows team and account creation using Google OAuth authentication. Input the **Client ID** and **Client Secret** credentials to configure. | - System Config path: **Authentication > OAuth 2.0** | | - **false**: **(Default)** Disables Google OAuth authentication. | - ``config.json`` setting: ``GoogleSettings`` > ``Enable`` > ``false``| | | - Environment variable: ``MM_GOOGLESETTINGS_ENABLE`` | -| See :doc:`Google Single Sign-On ` implementation instructions. | | +| See :doc:`Google Single Sign-On ` implementation instructions. | | +---------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------+ .. config:setting:: oauth-googleclientid @@ -1991,7 +1991,7 @@ Google OAuth 2.0 Client ID +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------+ | This setting stores the OAuth Client ID from Google. Generate the ID by going to the **Credentials** section of the Google Cloud Platform APIs & Services menu and selecting **Create Credentials > OAuth client ID**. | - System Config path: **Authentication > OAuth 2.0** | | | - ``config.json`` setting: ``GoogleSettings`` > ``Id``| -| See :doc:`Google Single Sign-On ` for instructions that can be used to implement Google OAuth or OpenID authentication. | - Environment variable: ``MM_GOOGLESETTINGS_ID`` | +| See :doc:`Google Single Sign-On ` for instructions that can be used to implement Google OAuth or OpenID authentication. | - Environment variable: ``MM_GOOGLESETTINGS_ID`` | | | | | String input. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------+ @@ -2088,7 +2088,7 @@ Enable OAuth 2.0 Authentication with Entra ID +-------------------------------------------------------------------------------------+--------------------------------------------------------------------------+ .. note:: - See the :doc:`Entra ID Single Sign-On ` documentation for details. + See the :doc:`Entra ID Single Sign-On ` documentation for details. .. config:setting:: oauth-entra-id-appid :displayname: Application ID (OAuth - Entra ID) @@ -2107,7 +2107,7 @@ Entra ID OAuth 2.0 Application ID +-------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ .. note:: - See the :doc:`Entra ID Single Sign-On ` documentation for details. + See the :doc:`Entra ID Single Sign-On ` documentation for details. .. config:setting:: oauth-entra-id-appsecret :displayname: Application secret password (OAuth - Entra ID) @@ -2126,7 +2126,7 @@ Entra ID OAuth 2.0 Application secret password +--------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------+ .. note:: - See the :doc:`Entra ID Single Sign-On ` documentation for details. + See the :doc:`Entra ID Single Sign-On ` documentation for details. .. config:setting:: oauth-entra-id-directoryid :displayname: Directory ID (OAuth - Entra ID) @@ -2145,7 +2145,7 @@ Entra ID OAuth 2.0 Directory (tenant) ID +-----------------------------------------------------------------------------------------------+--------------------------------------------------------------------+ .. note:: - See the :doc:`Entra ID Single Sign-On ` documentation for details. + See the :doc:`Entra ID Single Sign-On ` documentation for details. .. config:setting:: oauth-entra-id-userapiendpoint :displayname: User API endpoint (OAuth - Entra ID) @@ -2253,7 +2253,7 @@ Enable OpenID Connect authentication with GitLab +------------------------------------------------------------------------------------------+------------------------------------------------------------------------+ .. note:: - See the :doc:`GitLab Single Sign-On ` documentation for details. + See the :doc:`GitLab Single Sign-On ` documentation for details. .. config:setting:: oidc-gitlabsiteurl :displayname: GitLab site URL (OpenID Connect - GitLab) @@ -2273,7 +2273,7 @@ GitLab OpenID site URL +-----------------------------------------------------------------------------------------+-----------------------------------------------------------+ .. note:: - See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. + See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. .. config:setting:: oidc-gitlabdiscoveryendpoint :displayname: Discovery endpoint (OpenID Connect - GitLab) @@ -2293,7 +2293,7 @@ GitLab OpenID Discovery endpoint +-------------------------------------------------------------------------------------+----------------------------------------------------------------------+ .. note:: - See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. + See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. .. config:setting:: oidc-gitlabclientid :displayname: Client ID (OpenID Connect - GitLab) @@ -2313,7 +2313,7 @@ GitLab OpenID Client ID +-----------------------------------------------------------------+--------------------------------------------------------------------------+ .. note:: - See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. + See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. .. config:setting:: oidc-gitlabclientsecret :displayname: Client secret (OpenID Connect - GitLab) @@ -2333,7 +2333,7 @@ GitLab OpenID Client secret +-------------------------------------------------------------------------+------------------------------------------------------------------+ .. note:: - See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. + See **Step 2** of the :doc:`GitLab Single Sign-On ` documentation for details. Google OpenID settings ^^^^^^^^^^^^^^^^^^^^^^ @@ -2358,7 +2358,7 @@ Enable OpenID Connect authentication with Google | - **true**: Allows team and account creation using Google OpenID authentication. | - System Config path: **Authentication > OpenID Connect** | | - **false**: **(Default)** Disables Google OpenID authentication. | - ``config.json`` setting: ``GoogleSettings`` > ``Enable`` > ``false`` | | | - Environment variable: ``MM_GOOGLESETTINGS_ENABLE`` | -| See :doc:`Google Single Sign-On ` implementation instructions. | | +| See :doc:`Google Single Sign-On ` implementation instructions. | | +------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+ .. config:setting:: oidc-googlediscoveryendpoint @@ -2374,7 +2374,7 @@ Google OpenID Discovery endpoint +---------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------+ | This setting is prepopulated with the Discovery Endpoint for Google OpenID Connect. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``GoogleSettings`` > ``DiscoveryEndpoint`` | -| See :ref:`Configure Mattermost for Google Apps SSO `. | - Environment variable: ``MM_GOOGLESETTINGS_DISCOVERYENDPOINT`` | +| See :ref:`Configure Mattermost for Google Apps SSO `. | - Environment variable: ``MM_GOOGLESETTINGS_DISCOVERYENDPOINT`` | | | | | String input. Default is ``https://accounts.google.com/.well-known/openid-configuration`` | | +---------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------+ @@ -2392,7 +2392,7 @@ Google OpenID Client ID +------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ | This setting stores the Client ID generated by Google. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``GoogleSettings`` > ``Id`` | -| See :doc:`Google Single Sign-On ` implementation instructions. | - Environment variable: ``MM_GOOGLESETTINGS_ID`` | +| See :doc:`Google Single Sign-On ` implementation instructions. | - Environment variable: ``MM_GOOGLESETTINGS_ID`` | | | | | String input. | | +------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ @@ -2410,7 +2410,7 @@ Google OpenID Client secret +-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ | This setting stores the Client Secret generated by Google. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``GoogleSettings`` > ``Secret``| -| See :doc:`Google Single Sign-On ` implementation instructions. | - Environment variable: ``MM_GOOGLESETTINGS_SECRET`` | +| See :doc:`Google Single Sign-On ` implementation instructions. | - Environment variable: ``MM_GOOGLESETTINGS_SECRET`` | | | | | String input. | | +-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ @@ -2440,7 +2440,7 @@ Enable OpenID Connect authentication with Entra ID | - **true**: Allows team and account creation using Entra ID OpenID Connect authentication. | - System Config path: **Authentication > OpenID Connect** | | - **false**: **(Default)** Disables Entra ID OpenID Connect authentication. | - ``config.json`` setting: ``Office365Settings`` > ``Enable`` > ``false`` | | | - Environment variable: ``MM_OFFICE365SETTINGS_ENABLE`` | -| See :doc:`Entra ID Single Sign-On ` implementation instructions. | | +| See :doc:`Entra ID Single Sign-On ` implementation instructions. | | +----------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------+ .. config:setting:: oidc-o365directoryid @@ -2456,7 +2456,7 @@ Entra ID OpenID Directory (tenant) ID +----------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------+ | This setting holds the Directory (tenant) ID set for Mattermost through the Microsoft Azure Portal. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``Office365Settings`` > ``DirectoryId`` | -| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_DIRECTORYID`` | +| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_DIRECTORYID`` | | | | | String input. | | +----------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------+ @@ -2474,7 +2474,7 @@ Entra ID OpenID Discovery endpoint +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+ | This setting is prepopulated with the Discovery Endpoint for Entra ID OpenID Connect. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``Office365Settings`` > ``DiscoveryEndpoint`` | -| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_DISCOVERYENDPOINT`` | +| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_DISCOVERYENDPOINT`` | | | | | String input. Default is ``https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration`` | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------+ @@ -2492,7 +2492,7 @@ Entra ID Client ID +----------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ | This setting stores the **Application (client) ID** generated through the Microsoft Azure Portal. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``Office365Settings`` > ``Id`` | -| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_ID`` | +| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_ID`` | | | | | String input. | | +----------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ @@ -2510,7 +2510,7 @@ Entra ID Client secret +----------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------+ | This setting stores the **Client Secret** generated through the Microsoft Azure Portal. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``Office365Settings`` > ``Secret`` | -| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_SECRET`` | +| See :doc:`Entra ID Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OFFICE365SETTINGS_SECRET`` | | | | | String input. | | +----------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------+ @@ -2540,7 +2540,7 @@ Enable OpenID Connect authentication with other service providers | - **true**: Allows team and account creation using other OpenID Connect service providers. | - System Config path: **Authentication > OpenID Connect** | | - **false**: **(Default)** Disables OpenID Connect authentication with other service providers. | - ``config.json`` setting: ``OpenIdSettings`` > ``Enable`` > ``false`` | | | - Environment variable: ``MM_OPENIDSETTINGS_ENABLE`` | -| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | | +| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | | +---------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------+ .. config:setting:: oidc-buttonname @@ -2590,7 +2590,7 @@ OpenID Connect (other) Discovery endpoint | The URL should be in the format of ``https://myopenid.provider.com/{my_organization}/ | - ``config.json`` setting: ``OpenIdSettings`` > ``DiscoveryEndpoint`` | | .well-known/openid-configuration``. | - Environment variable: ``MM_OPENIDSETTINGS_DISCOVERYENDPOINT`` | | | | -| See :doc:`OpenID Connect Single Sign-On ` | | +| See :doc:`OpenID Connect Single Sign-On ` | | | implementation instructions. | | | | | | String input. | | @@ -2614,7 +2614,7 @@ OpenID Connect (other) Client ID +---------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ | This setting stores the Client ID from the OpenID provider. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``OpenIdSettings`` > ``Id`` | -| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OPENIDSETTINGS_ID`` | +| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OPENIDSETTINGS_ID`` | | | | | String input. | | +---------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ @@ -2632,7 +2632,7 @@ OpenID Connect (other) Client secret +---------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ | This setting stores the Client Secret from the OpenID provider. | - System Config path: **Authentication > OpenID Connect** | | | - ``config.json`` setting: ``OpenIdSettings`` > ``Secret``| -| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OPENIDSETTINGS_SECRET`` | +| See :doc:`OpenID Connect Single Sign-On ` implementation instructions. | - Environment variable: ``MM_OPENIDSETTINGS_SECRET`` | | | | | String input. | | +---------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+ diff --git a/source/administration-guide/onboard/bulk-loading-data.rst b/source/administration-guide/getting-started/bulk-loading-data.rst similarity index 97% rename from source/administration-guide/onboard/bulk-loading-data.rst rename to source/administration-guide/getting-started/bulk-loading-data.rst index 3d27928648c..dc9424b58d6 100644 --- a/source/administration-guide/onboard/bulk-loading-data.rst +++ b/source/administration-guide/getting-started/bulk-loading-data.rst @@ -55,14 +55,14 @@ You cannot use the bulk loading command to remove any objects or their fields fr Bulk load data --------------- -Before running the bulk loading command, you must first create a `JSONL `__ file that contains the data that you want to import in your Mattermost directory. The file can have any name, but in this example it's called ``data.jsonl``. The format of the file is described in the :ref:`data-format ` section. +Before running the bulk loading command, you must first create a `JSONL `__ file that contains the data that you want to import in your Mattermost directory. The file can have any name, but in this example it's called ``data.jsonl``. The format of the file is described in the :ref:`data-format ` section. Next, zip it by running the ``zip -r data.zip data.jsonl`` command. Using mmctl local mode ~~~~~~~~~~~~~~~~~~~~~~ -From Mattermost v9.5, the mmctl bulk import process command in :ref:`local mode ` supports processing an import file without uploading it to the server. +From Mattermost v9.5, the mmctl bulk import process command in :ref:`local mode ` supports processing an import file without uploading it to the server. Run ``mmctl import process --bypass-upload .zip --local`` to start your import and enable the Mattermost server to read from the file directly. @@ -71,9 +71,9 @@ Not using mmctl local mode If you're not running mmctl commands in local mode: -1. Upload the ZIP file to the database by running the :ref:`mmctl import upload ` command. For example: ``mmctl import upload data.zip``. After uploading, two IDs are returned: the first line contains the upload session ID, and the second line contains the filename. -2. Confirm that the file is uploaded and ready for use by running the :ref:`mmctl import list available ` command. -3. Import your uploaded file by running the :ref:`mmctl import process ` command using the upload session ID (not the filename). For example: ``mmctl import process _data.zip`` where ```` is the upload session ID returned from the upload command. +1. Upload the ZIP file to the database by running the :ref:`mmctl import upload ` command. For example: ``mmctl import upload data.zip``. After uploading, two IDs are returned: the first line contains the upload session ID, and the second line contains the filename. +2. Confirm that the file is uploaded and ready for use by running the :ref:`mmctl import list available ` command. +3. Import your uploaded file by running the :ref:`mmctl import process ` command using the upload session ID (not the filename). For example: ``mmctl import process _data.zip`` where ```` is the upload session ID returned from the upload command. Data format ----------- @@ -1600,7 +1600,7 @@ Common issues Run the bulk import command as the *mattermost* user. Running it as *root* or any other user will cause issues with file permissions on imported attachments. -Ensure that :ref:`file attachments are enabled `, that you have enough free space in your :ref:`file storage system ` to support the incoming attachments, and that your :ref:`maximum file size ` is appropriate. +Ensure that :ref:`file attachments are enabled `, that you have enough free space in your :ref:`file storage system ` to support the incoming attachments, and that your :ref:`maximum file size ` is appropriate. Make sure you have enough free space for logs on the Mattermost server as well as free space on the database server for both the database itself and transaction logs. diff --git a/source/administration-guide/configure/environment-configuration-settings.rst b/source/administration-guide/getting-started/environment-configuration-settings.rst similarity index 97% rename from source/administration-guide/configure/environment-configuration-settings.rst rename to source/administration-guide/getting-started/environment-configuration-settings.rst index eb9aa9b670e..0a4e565db3f 100644 --- a/source/administration-guide/configure/environment-configuration-settings.rst +++ b/source/administration-guide/getting-started/environment-configuration-settings.rst @@ -404,7 +404,7 @@ Purge all caches .. note:: - Purging the caches may adversely impact performance. :doc:`high availability cluster-based deployments ` will attempt to purge all the servers in the cluster. + Purging the caches may adversely impact performance. :doc:`high availability cluster-based deployments ` will attempt to purge all the servers in the cluster. .. config:setting:: websocket-url :displayname: Websocket URL (Web Server) @@ -629,7 +629,7 @@ Cluster log timeout | (2 seconds). | | +--------------------------------------------------------+------------------------------------------------------------------------------------------------+ -See the :doc:`performance monitoring ` documentation for details. +See the :doc:`performance monitoring ` documentation for details. .. config:setting:: maximum-payload-size :displayname: Maximum payload size (File Storage) @@ -794,7 +794,7 @@ AWS High Availablity RDS cluster deployments For an AWS High Availability RDS cluster deployment, point this configuration setting to the write/read endpoint at the **cluster** level to benefit from the AWS failover handling. AWS takes care of promoting different database nodes to be the writer node. -Mattermost doesn't need to manage this. See the :ref:`high availablility database configuration ` documentation for details. +Mattermost doesn't need to manage this. See the :ref:`high availablility database configuration ` documentation for details. .. config:setting:: maximum-open-connections :displayname: Maximum open connections (Database) @@ -944,21 +944,21 @@ Recycle database connections Disable database search ~~~~~~~~~~~~~~~~~~~~~~~ -+------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ -| When `enterprise-scale search `, | - System Config path: **Environment > Database** | -| database search can be disabled from performing searches. | - ``config.json`` setting: ``SqlSettings`` > ``DisableDatabaseSearch`` > ``false`` | -| | - Environment variable: ``MM_SQLSETTINGS_DISABLEDATABASESEARCH`` | -| - **true**: Disables the use of the database to perform | | -| searches. If another search engine isn't configured, | | -| setting this value to ``true`` will result in empty search | | -| results. | | -| - **false**: **(Default)** Database search isn't disabled. | | -+------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ +| When `enterprise-scale search `, | - System Config path: **Environment > Database** | +| database search can be disabled from performing searches. | - ``config.json`` setting: ``SqlSettings`` > ``DisableDatabaseSearch`` > ``false`` | +| | - Environment variable: ``MM_SQLSETTINGS_DISABLEDATABASESEARCH`` | +| - **true**: Disables the use of the database to perform | | +| searches. If another search engine isn't configured, | | +| setting this value to ``true`` will result in empty search | | +| results. | | +| - **false**: **(Default)** Database search isn't disabled. | | ++-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ Search behavior in Mattermost depends on which search engines are enabled: -- When :doc:`Elasticsearch ` or :doc:`AWS OpenSearch ` is enabled, Mattermost will try to use it first. -- If Elasticsearch fails or is disabled, Mattermost will attempt to use :doc:`Bleve `, if enabled. If this occurs, you will see the warning ``Encountered error on SearchPostsInTeamForUser``. +- When :doc:`Elasticsearch ` or :doc:`AWS OpenSearch ` is enabled, Mattermost will try to use it first. +- If Elasticsearch fails or is disabled, Mattermost will attempt to use :doc:`Bleve `, if enabled. If this occurs, you will see the warning ``Encountered error on SearchPostsInTeamForUser``. - If these fail or are disabled, Mattermost tries to search the database directly, if this is enabled. - If all of the above methods fail or are disabled, the search results will be empty. @@ -1018,7 +1018,7 @@ Read replicas AWS High Availability RDS cluster deployments ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -For an AWS High Availability RDS cluster deployment, point this configuration setting directly to the underlying read-only node endpoint within the RDS cluster to circumvent the failover/load balancing that AWS/RDS takes care of (except for the write traffic). Mattermost has its own method of balancing the read-only connections and can also balance those queries to the data source/write+read connection should those nodes fail. See the :ref:`high availablility database configuration ` documentation for details. +For an AWS High Availability RDS cluster deployment, point this configuration setting directly to the underlying read-only node endpoint within the RDS cluster to circumvent the failover/load balancing that AWS/RDS takes care of (except for the write traffic). Mattermost has its own method of balancing the read-only connections and can also balance those queries to the data source/write+read connection should those nodes fail. See the :ref:`high availablility database configuration ` documentation for details. .. config:setting:: search-replicas :displayname: Search replicas (Database) @@ -1049,7 +1049,7 @@ Search replicas AWS High Availability RDS cluster deployments ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -For an AWS High Availability RDS cluster deployment, point this configuration setting directly to the underlying read-only node endpoint within the RDS cluster to circumvent the failover/load balancing that AWS/RDS takes care of (except for the write traffic). Mattermost has its own method of balancing the read-only connections and can also balance those queries to the data source/write+read connection should those nodes fail. See the :ref:`high availablility database configuration ` documentation for details. +For an AWS High Availability RDS cluster deployment, point this configuration setting directly to the underlying read-only node endpoint within the RDS cluster to circumvent the failover/load balancing that AWS/RDS takes care of (except for the write traffic). Mattermost has its own method of balancing the read-only connections and can also balance those queries to the data source/write+read connection should those nodes fail. See the :ref:`high availablility database configuration ` documentation for details. .. config:setting:: replica-lag-settings :displayname: Replica lag settings (Database) @@ -1092,7 +1092,7 @@ Replica lag settings .. note:: - The ``QueryAbsoluteLag`` and ``QueryTimeLag`` queries must return a single row. - - To properly monitor this, you must set up :doc:`performance monitoring ` for Mattermost. + - To properly monitor this, you must set up :doc:`performance monitoring ` for Mattermost. 1. Configure the replica lag metric based on your database type. See the following tabs for details on configuring this for each database type. @@ -1261,7 +1261,7 @@ Enable Elasticsearch indexing Backend type ~~~~~~~~~~~~~ -Both :doc:`Elasticsearch ` and :doc:`AWS OpenSearch ` provide enterprise-scale deployments with optimized search performance and prevents performance degradation and timeouts. Learn more about :doc:`enterprise search ` in our product documentation. +Both :doc:`Elasticsearch ` and :doc:`AWS OpenSearch ` provide enterprise-scale deployments with optimized search performance and prevents performance degradation and timeouts. Learn more about :doc:`enterprise search ` in our product documentation. +----------------------------------------------------+--------------------------------------------------------------------------------------------+ | The type of search backend. | - System Config path: **Environment > Elasticsearch** | @@ -1270,7 +1270,7 @@ Both :doc:`Elasticsearch ` and | - ``opensearch`` - Required for AWS OpenSearch. | | +----------------------------------------------------+--------------------------------------------------------------------------------------------+ -Learn more about :ref:`enterprise search version support `. +Learn more about :ref:`enterprise search version support `. .. config:setting:: server-connection-address :displayname: Server connection address (Elasticsearch) @@ -1689,7 +1689,7 @@ Aggregate search indexes .. note:: - If you’re using :doc:`data retention ` and :doc:`enterprise search `, configure this with a value greater than your data retention policy. + If you’re using :doc:`data retention ` and :doc:`enterprise search `, configure this with a value greater than your data retention policy. .. config:setting:: post-aggregator-start-time :displayname: Post aggregator start time (Elasticsearch) @@ -1979,7 +1979,7 @@ Maximum file size .. note:: - Verify server memory can support your setting choice. Large file sizes increase the risk of server crashes and failed uploads due to network disruptions. - - When :ref:`uploading plugin files `, a ``Received invalid response from the server`` error typically indicates that ``MaxFileSize`` isn't large enough to support the plugin file upload, and/or that proxy settings may not be sufficient. + - When :ref:`uploading plugin files `, a ``Received invalid response from the server`` error typically indicates that ``MaxFileSize`` isn't large enough to support the plugin file upload, and/or that proxy settings may not be sufficient. - If you use a proxy or load balancer in front of Mattermost, the following proxy settings must be adjusted accordingly: - For NGINX, use ``client_max_body_size``. @@ -2011,7 +2011,7 @@ Enable document search by content .. note:: - Document content search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an extraction command is executed using the :ref:`mmctl `. If this command is not run, users can search older files based on file name only. + Document content search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an extraction command is executed using the :ref:`mmctl `. If this command is not run, users can search older files based on file name only. You can optionally install the following `dependencies `__ to extend content searching support in Mattermost to include file formats beyond PDF, DOCX, and ODT, such as DOC, RTF, XML, and HTML: @@ -2647,7 +2647,7 @@ Enable security alerts | - **false**: Security alerts are disabled. | | +-----------------------------------------------------------------+------------------------------------------------------------------------------------------+ -See the :ref:`Telemetry ` documentation to learn more. +See the :ref:`Telemetry ` documentation to learn more. .. config:setting:: smtp-server-timeout :displayname: SMTP server timeout (SMTP) @@ -2675,7 +2675,7 @@ Push notification server .. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: -.. include:: push-notification-server-configuration-settings.rst +.. include:: ../configuration-reference/push-notification-server-configuration-settings.rst :start-after: :nosearch: ---- @@ -2686,7 +2686,7 @@ High availability .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -You can configure Mattermost as a :doc:`high availability cluster-based deployment ` by going to **System Console > Environment > High Availability**, or by editing the ``config.json`` file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect. +You can configure Mattermost as a :doc:`high availability cluster-based deployment ` by going to **System Console > Environment > High Availability**, or by editing the ``config.json`` file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect. In a Mattermost high availability cluster-based deployment, the System Console is set to read-only, and settings can only be changed by editing the ``config.json`` file directly. However, to test a high availability cluster-based environment, you can disable ``ClusterSettings.ReadOnlyConfig`` in the ``config.json`` file by setting it to ``false``. This allows changes applied using the System Console to be saved back to the configuration file. @@ -2752,7 +2752,7 @@ Override hostname | the operating system or uses the IP address. | | +-----------------------------------------------------------------+---------------------------------------------------------------------------------+ -See the :doc:`high availability cluster-based deployment ` documentation for details. +See the :doc:`high availability cluster-based deployment ` documentation for details. .. config:setting:: use-ip-address :displayname: Use IP address (High Availability) @@ -2928,7 +2928,7 @@ Rate limiting .. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: -.. include:: rate-limiting-configuration-settings.rst +.. include:: ../configuration-reference/rate-limiting-configuration-settings.rst :start-after: :nosearch: ---- @@ -3208,7 +3208,7 @@ Output logs to multiple targets .. note:: - - See the :doc:`Mattermost logging ` documentation for details. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. + - See the :doc:`Mattermost logging ` documentation for details. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. - Logs are recorded asynchronously to reduce latency to the caller. - Advanced logging supports hot-reloading of logger configuration. @@ -3251,7 +3251,7 @@ Enable diagnostics and error reporting .. note:: - See the :ref:`telemetry ` docummentation for details on the information Mattermost collects. + See the :ref:`telemetry ` docummentation for details on the information Mattermost collects. .. config:setting:: enable-verbose-diagnostics :displayname: Enable general verbose diagnostics (General Logging) @@ -3708,7 +3708,7 @@ Output audit logs to multiple targets .. note:: - - See the :doc:`Mattermost logging ` documentation for details on advanced logging configuration. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. + - See the :doc:`Mattermost logging ` documentation for details on advanced logging configuration. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. - Audit logs are recorded asynchronously to reduce latency to the caller. - Advanced audit logging supports hot-reloading of logger configuration. @@ -3893,7 +3893,7 @@ Session idle timeout - This setting has no effect when `extend session length with activity <#extend-session-length-with-activity>`__ is set to **true**. - This setting applies to the webapp and the desktop app. For mobile apps, use an :doc:`EMM provider ` to lock the app when not in use. | - - In :doc:`high availability mode `, enable IP hash load balancing for reliable timeout measurement. + - In :doc:`high availability mode `, enable IP hash load balancing for reliable timeout measurement. ---- @@ -3905,7 +3905,7 @@ Performance monitoring Configure performance monitoring by going to **System Console > Environment > Performance Monitoring**, or by editing the ``config.json`` file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect. -See the :doc:`performance monitoring ` documentation to learn more about setting up performance monitoring. +See the :doc:`performance monitoring ` documentation to learn more about setting up performance monitoring. .. config:setting:: enable-performance-monitoring :displayname: Enable performance monitoring (Performance Monitoring) @@ -3929,7 +3929,7 @@ Enable performance monitoring | performance monitoring is disabled. | | +-----------------------------------------------+---------------------------------------------------------------------------+ -See the :doc:`performance monitoring ` documentation to learn more. +See the :doc:`performance monitoring ` documentation to learn more. .. config:setting:: enable-client-performance-monitoring :displayname: Enable client performance monitoring (Performance Monitoring) @@ -4576,39 +4576,39 @@ Enable webhub channel iteration Enable dedicated export filestore target ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+--------------------------------------------------------------------------------------+-------------------------------------------------------------------------+ -| Enables the ability to specify an alternate filestore | - System Config path: **N/A** | -| target for Mattermost | - ``config.json`` setting: ``FileSettings`` > ``DedicatedExportStore`` | -| :doc:`bulk exports ` and | - Environment variable: ``MM_FILESETTINGS_DEDICATEDEXPORTSTORE`` | -| :doc:`compliance exports `. | | -| | | -| - **True**: A new ``ExportFileBackend()`` is generated | | -| under ``FileSettings`` using new configuration values | | -| for the following configuration settings: | | -| | | -| - ``ExportDriverName`` | | -| - ``ExportDirectory`` | | -| - ``ExportAmazonS3AccessKeyId`` | | -| - ``ExportAmazonS3SecretAccessKey`` | | -| - ``ExportAmazonS3Bucket`` | | -| - ``ExportAmazonS3PathPrefix`` | | -| - ``ExportAmazonS3Region`` | | -| - ``ExportAmazonS3Endpoint`` | | -| - ``ExportAmazonS3SSL`` | | -| - ``ExportAmazonS3SignV2`` | | -| - ``ExportAmazonS3SSE`` | | -| - ``ExportAmazonS3Trace`` | | -| - ``ExportAmazonS3RequestTimeoutMilliseconds`` | | -| - ``ExportAmazonS3PresignExpiresSeconds`` | | -| | | -| - **False**: (**Default**) Standard | | -| :ref:`file storage | | -| ` | | -| is used. Standard file storage will also be used when the configuration setting | | -| or value is omitted. | | -+--------------------------------------------------------------------------------------+-------------------------------------------------------------------------+ ++------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------+ +| Enables the ability to specify an alternate filestore | - System Config path: **N/A** | +| target for Mattermost | - ``config.json`` setting: ``FileSettings`` > ``DedicatedExportStore`` | +| :doc:`bulk exports ` and | - Environment variable: ``MM_FILESETTINGS_DEDICATEDEXPORTSTORE`` | +| :doc:`compliance exports `. | | +| | | +| - **True**: A new ``ExportFileBackend()`` is generated | | +| under ``FileSettings`` using new configuration values | | +| for the following configuration settings: | | +| | | +| - ``ExportDriverName`` | | +| - ``ExportDirectory`` | | +| - ``ExportAmazonS3AccessKeyId`` | | +| - ``ExportAmazonS3SecretAccessKey`` | | +| - ``ExportAmazonS3Bucket`` | | +| - ``ExportAmazonS3PathPrefix`` | | +| - ``ExportAmazonS3Region`` | | +| - ``ExportAmazonS3Endpoint`` | | +| - ``ExportAmazonS3SSL`` | | +| - ``ExportAmazonS3SignV2`` | | +| - ``ExportAmazonS3SSE`` | | +| - ``ExportAmazonS3Trace`` | | +| - ``ExportAmazonS3RequestTimeoutMilliseconds`` | | +| - ``ExportAmazonS3PresignExpiresSeconds`` | | +| | | +| - **False**: (**Default**) Standard | | +| :ref:`file storage | | +| ` | | +| is used. Standard file storage will also be used when the configuration setting | | +| or value is omitted. | | ++------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------+ .. note:: - - When an alternate filestore target is configured, Mattermost Cloud admins can generate an S3 presigned URL for exports using the ``/exportlink [job-id|zip file|latest]`` slash command. See the :ref:`Mattermost data migration ` documentation for details. Alternatively, Cloud and self-hosted admins can use the :ref:`mmctl export generate-presigned-url ` command to generate a presigned URL directly from mmctl. + - When an alternate filestore target is configured, Mattermost Cloud admins can generate an S3 presigned URL for exports using the ``/exportlink [job-id|zip file|latest]`` slash command. See the :ref:`Mattermost data migration ` documentation for details. Alternatively, Cloud and self-hosted admins can use the :ref:`mmctl export generate-presigned-url ` command to generate a presigned URL directly from mmctl. - Generating an S3 presigned URL requires the feature flag ``EnableExportDirectDownload`` to be set to ``true``, the storage must be compatible with generating an S3 link, and this experimental configuration setting must be set to ``true``. Presigned URLs for exports aren't supported for systems with shared storage. diff --git a/source/administration-guide/getting-started/getting-started-index.rst b/source/administration-guide/getting-started/getting-started-index.rst new file mode 100644 index 00000000000..2ed5e4dd30e --- /dev/null +++ b/source/administration-guide/getting-started/getting-started-index.rst @@ -0,0 +1,23 @@ +Getting Started +=============== + +This section orients administrators to the first steps after your Mattermost server is live. It covers migrations, initial rollout planning, and early tasks that ensure a successful start. + +Use these guides to move from evaluation to rollout, migrate from other tools, and connect your organization and workspaces. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + migrating-to-mattermost + migrate-from-slack + migrating-from-hipchat-to-mattermost + /administration-guide/getting-started/roll-out-checklist + /administration-guide/getting-started/admin-onboarding-tasks + +Migrate users and data, connect workspaces, and establish initial governance and readiness. + +- :doc:`Migrate to Mattermost ` +- :doc:`Import data in bulk ` +- :doc:`Follow the rollout checklist ` +- :doc:`Complete administrator onboarding tasks ` \ No newline at end of file diff --git a/source/administration-guide/onboard/migrate-from-slack.rst b/source/administration-guide/getting-started/migrate-from-slack.rst similarity index 97% rename from source/administration-guide/onboard/migrate-from-slack.rst rename to source/administration-guide/getting-started/migrate-from-slack.rst index 61a17784970..bdb70713d1f 100644 --- a/source/administration-guide/onboard/migrate-from-slack.rst +++ b/source/administration-guide/getting-started/migrate-from-slack.rst @@ -19,7 +19,7 @@ Migrating from Slack to Mattermost involves the following steps: 1. Prepare your Mattermost server --------------------------------- -During the import process, we advise to create a new team for importing the Slack workspace data. If merging multiple Slack workspaces into a single team is the desired end-result, we recommend completing the import to separate teams, validating the results, then using :ref:`mmctl ` to move channels between teams. +During the import process, we advise to create a new team for importing the Slack workspace data. If merging multiple Slack workspaces into a single team is the desired end-result, we recommend completing the import to separate teams, validating the results, then using :ref:`mmctl ` to move channels between teams. Also, system administrator roles will be overwritten if the usernames match and the user isn't an admin on the Slack workspace. @@ -121,7 +121,7 @@ You can upload the export through Mattermost's API from the server or from anoth The migration is idempotent, meaning that you can run multiple imports that contain the same posts, and there won't be duplicated created posts in Mattermost. Each post is imported with the correct user/author and ``created_at`` value from your Slack instance. Threads are kept intact with the import. -Ensure you have the Mattermost command line tool ``mmctl`` installed. This allows you to perform different tasks that communicate to Mattermost's API. You'll also want to :ref:`configure authentication ` for the tool. +Ensure you have the Mattermost command line tool ``mmctl`` installed. This allows you to perform different tasks that communicate to Mattermost's API. You'll also want to :ref:`configure authentication ` for the tool. To prepare our files to be uploaded to the server, we need to put both the ``.jsonl`` file and ``data`` folder together into a zip file. @@ -199,6 +199,6 @@ Account activation * For imports performed by non-administrators: Users must first verify their email addresses, then use the **Password Reset** feature. * Once logged in, Mattermost users will have access to previous Slack messages in the public channels imported from Slack. -* Instructions on how to migrate user authenticatation to LDAP or SAML can be found :ref:`here `. +* Instructions on how to migrate user authenticatation to LDAP or SAML can be found :ref:`here `. `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/onboard/migrating-from-hipchat-to-mattermost.rst b/source/administration-guide/getting-started/migrating-from-hipchat-to-mattermost.rst similarity index 88% rename from source/administration-guide/onboard/migrating-from-hipchat-to-mattermost.rst rename to source/administration-guide/getting-started/migrating-from-hipchat-to-mattermost.rst index 692e38e6f46..5fdeb598eb9 100644 --- a/source/administration-guide/onboard/migrating-from-hipchat-to-mattermost.rst +++ b/source/administration-guide/getting-started/migrating-from-hipchat-to-mattermost.rst @@ -1,6 +1,6 @@ :orphan: -.. Users trying to access this page are now redirected to /administration-guide/onboard/migrating-to-mattermost.html#migrating-from-slack instead +.. Users trying to access this page are now redirected to /administration-guide/getting-started/migrating-to-mattermost.html#migrating-from-slack instead Migrate from HipChat to Mattermost ================================== @@ -39,7 +39,7 @@ If you’re able to upgrade HipChat Server or HipChat Data Center to the latest Step 3: Import your data into Mattermost ---------------------------------------- -1. Follow the :doc:`Mattermost Bulk Load Tool ` guide to import your data into Mattermost. Files exported from HipChat will need to be converted to the format required by Mattermost. Talk to a `Mattermost Expert `_ if you require assistance in the conversion. +1. Follow the :doc:`Mattermost Bulk Load Tool ` guide to import your data into Mattermost. Files exported from HipChat will need to be converted to the format required by Mattermost. Talk to a `Mattermost Expert `_ if you require assistance in the conversion. 2. You are also encouraged to use the HipChat import tool created by Herzum: https://github.com/herzum/HC2MM. @@ -68,5 +68,5 @@ Onboard users using SSO in Mattermost Alternatively, you can choose to set up SSO (Single Sign-on) with Mattermost if you are using an Enterprise version. -#. Configure :doc:`Active Directory/LDAP ` or :doc:`SAML Single Sign-on ` from the **System Console**. +#. Configure :doc:`Active Directory/LDAP ` or :doc:`SAML Single Sign-on ` from the **System Console**. #. Adjust the messaging templates above to remove "password reset" references and indicate which SSO system credentials Mattermost has configured. diff --git a/source/administration-guide/onboard/migrating-to-mattermost.rst b/source/administration-guide/getting-started/migrating-to-mattermost.rst similarity index 86% rename from source/administration-guide/onboard/migrating-to-mattermost.rst rename to source/administration-guide/getting-started/migrating-to-mattermost.rst index a018923808a..3d9aed186cf 100644 --- a/source/administration-guide/onboard/migrating-to-mattermost.rst +++ b/source/administration-guide/getting-started/migrating-to-mattermost.rst @@ -6,17 +6,17 @@ Migration guide Thousands of organizations are moving to Mattermost for powerful, flexible, and easy-to-manage workplace collaboration. Mattermost deploys as a single Linux binary with PostgreSQL, and can scale from dozens to tens of thousands of users in a single channel. -This guide summarizes different approaches to migrating to Mattermost from other tools, including :doc:`Slack `, :doc:`HipChat `, `Jabber <#migrate-from-jabber>`_, `Pidgin <#migrate-from-pidgin>`_, `Bitnami <#migrate-from-bitnami>`_, and other `bespoke messaging solutions <#migrate-from-bespoke-messaging-solutions>`_, as well as `migrating Mattermost server <#migrate-mattermost-server>`_ to another server instance. +This guide summarizes different approaches to migrating to Mattermost from other tools, including :doc:`Slack `, :doc:`HipChat `, `Jabber <#migrate-from-jabber>`_, `Pidgin <#migrate-from-pidgin>`_, `Bitnami <#migrate-from-bitnami>`_, and other `bespoke messaging solutions <#migrate-from-bespoke-messaging-solutions>`_, as well as `migrating Mattermost server <#migrate-mattermost-server>`_ to another server instance. Migrate from Slack ------------------ -See the :doc:`Migrate from Slack ` documentation for details on migrating from Slack to Mattermost. +See the :doc:`Migrate from Slack ` documentation for details on migrating from Slack to Mattermost. Migrate from HipChat -------------------- -See the :doc:`Migrate from HipChat ` documentation for details on migrating from HipChat Server and HipChat Data Center to Mattermost. +See the :doc:`Migrate from HipChat ` documentation for details on migrating from HipChat Server and HipChat Data Center to Mattermost. Migrate from Jabber ------------------- @@ -48,7 +48,7 @@ Migrating from bespoke messengers to Mattermost can be challenging. Because of t If your data in the bespoke messenger is vital, consider: -1. :doc:`Mattermost bulk load tool `: Use the Mattermost bulk load tool to ETL from your bespoke system to Mattermost. +1. :doc:`Mattermost bulk load tool `: Use the Mattermost bulk load tool to ETL from your bespoke system to Mattermost. 2. `Mattermost ETL framework from BrightScout `__: Consider the Mattermost ETL framework from BrightScout to custom-configure an adapter to plug in to the Bulk Load tool mentioned above. 3. **Legacy Slack import:** If you only recently switched from Slack to a bespoke tool, consider going back to import the data and users from the old Slack instance directly into Mattermost, leveraging the extensive support for Slack-import provided. 4. **Export to Slack, then import to Mattermost:** `Export HipChat, Flowdock, Campfire, Chatwork, Hall, or CSV files to Slack `_ and then export to a Slack export file and import the file into Mattermost. @@ -69,7 +69,7 @@ Migrate Mattermost from one server to another The following instructions migrate Mattermost from one server to another by backing up and restoring the Mattermost database and ``config.json`` file. For these instructions SOURCE refers to the Mattermost server *from which* your system will be migrated and DESTINATION refers to the Mattermost server *to which* your system will be migrated. 1. Back up your SOURCE Mattermost server. See :doc:`Backup and Disaster Recovery documentation `. -2. Upgrade your SOURCE Mattermost server to the latest major build version. See :doc:`Upgrading Mattermost Server documentation `. +2. Upgrade your SOURCE Mattermost server to the latest major build version. See :doc:`Upgrading Mattermost Server documentation `. 3. Install the latest major build of Mattermost server as your DESTINATION. - Make sure your new instance is properly configured and tested. The database type (MySQL or PostgreSQL) and version of SOURCE and DESTINATION deployments need to match. @@ -85,6 +85,6 @@ The following instructions migrate Mattermost from one server to another by back 7. Start the DESTINATION deployment by running ``sudo start mattermost``. Then go to the **System Console**, make a minor change, and save it to upgrade your ``config.json`` schema to the latest version using default values for any new settings added. 8. Test that the system is working by going to the URL of an existing team. You may need to refresh your Mattermost browser page in order to get the latest updates from the upgrade. -Once your migration is complete and verified, you can optionally :ref:`upgrade the Team Edition of Mattermost to Enterprise Edition using the upgrade guide `. +Once your migration is complete and verified, you can optionally :ref:`upgrade the Team Edition of Mattermost to Enterprise Edition using the upgrade guide `. `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/onboard/migration-announcement-email.rst b/source/administration-guide/getting-started/migration-announcement-email.rst similarity index 100% rename from source/administration-guide/onboard/migration-announcement-email.rst rename to source/administration-guide/getting-started/migration-announcement-email.rst diff --git a/source/administration-guide/getting-started/migration.rst b/source/administration-guide/getting-started/migration.rst new file mode 100644 index 00000000000..be20862349b --- /dev/null +++ b/source/administration-guide/getting-started/migration.rst @@ -0,0 +1,25 @@ +Migration +========== + +This Mattermost Migration Guide is organized into sections based on migration scenarios and tools to help you transition smoothly to Mattermost or optimize your current setup. + +Whether you’re migrating from another platform, upgrading your database, or using bulk tools for data management, this guide provides the resources and instructions you need for a successful migration. Use the navigation below to explore detailed guidance tailored to your migration needs. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Migrate from MySQL to PostgreSQL + Server migration guide + Migrate from Slack + Bulk export tool + Bulk loading tool + Migration announcement email template + +* :doc:`Migrate from MySQL to PostgreSQL ` - Learn how to migrate from MySQL to PostgreSQL. +* :doc:`Server migration guide ` - Learn about about migrating to Mattermost. +* :doc:`Migrate from Slack ` - Learn how to migrate from Slack to Mattermost. +* :doc:`Bulk export tool ` - Learn about the bulk export tool for Mattermost. +* :doc:`Bulk loading tool ` - Learn about the bulk loading tool for Mattermost. +* :doc:`Migration announcement email template ` - Use this email template to notify your users that you've migrated to Mattermost. \ No newline at end of file diff --git a/source/administration-guide/upgrade/enterprise-roll-out-checklist.rst b/source/administration-guide/getting-started/roll-out-checklist.rst similarity index 73% rename from source/administration-guide/upgrade/enterprise-roll-out-checklist.rst rename to source/administration-guide/getting-started/roll-out-checklist.rst index 03140235695..94155149696 100644 --- a/source/administration-guide/upgrade/enterprise-roll-out-checklist.rst +++ b/source/administration-guide/getting-started/roll-out-checklist.rst @@ -1,16 +1,10 @@ -Enterprise roll out checklist -============================== +Roll Out Checklist +==================== -.. include:: ../../_static/badges/ent-selfhosted.rst - :start-after: :nosearch: - -This checklist is intended to serve as a guide to Enterprises who are rolling out Mattermost to thousands of users. +The following checklist provides a recommended approach to rolling out Mattermost in your organization. It is divided into three phases: Prepare for the roll out, Roll out Mattermost, and Review the roll out. Each phase contains a list of tasks to complete along with links to relevant documentation. -Checklist overview -------------------- - -Prepare for the roll out -~~~~~~~~~~~~~~~~~~~~~~~~ +Prepare +---------- - `1. Define the roll out project`_ - `2. Validate essential security and compliance requirements`_ @@ -19,7 +13,7 @@ Prepare for the roll out - `5. Test production performance and redundancy`_ Roll out Mattermost -~~~~~~~~~~~~~~~~~~~~ +------------------- - `1. Define your team and channel strategy`_ - `2. Enable key integrations`_ @@ -28,8 +22,8 @@ Roll out Mattermost - `5. Roll out to groups of users`_ - `6. Drive adoption`_ -Review the roll out -~~~~~~~~~~~~~~~~~~~ +Review +------- - `1. Review project charter success metrics`_ - `2. Review and analyze usage`_ @@ -93,12 +87,12 @@ Much of the preparation work is focused on ensuring the environment is deployed - Determine requirements for multi-factor authentication - - Resource: https://docs.mattermost.com/administration-guide/onboard/multi-factor-authentication.html + - Resource: https://docs.mattermost.com/administration-guide/identity-access/multi-factor-authentication.html - Configure and test SSO or Corporate Directory integration (SAML or AD/LDAP) - - Resource: https://docs.mattermost.com/administration-guide/onboard/sso-saml.html - - Resource: https://docs.mattermost.com/administration-guide/onboard/ad-ldap.html + - Resource: https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml.html + - Resource: https://docs.mattermost.com/administration-guide/identity-access/ad-ldap.html - Define your mobile usage policy @@ -106,8 +100,8 @@ Much of the preparation work is focused on ensuring the environment is deployed - Evaluate external network access requirements - - The `Mattermost Marketplace `_ is a service hosted by Mattermost that functions as a central place to store the current versions of available Mattermost integrations. See :ref:`Enable Remote Marketplace ` documentation for details about required external network access. - - Mattermost supports external GIF providers. See :ref:`GIF Commands ` configuration documentation for details about required external network access. + - The `Mattermost Marketplace `_ is a service hosted by Mattermost that functions as a central place to store the current versions of available Mattermost integrations. See :ref:`Enable Remote Marketplace ` documentation for details about required external network access. + - Mattermost supports external GIF providers. See :ref:`GIF Commands ` configuration documentation for details about required external network access. 3. Create development, staging, and production environments ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -116,8 +110,8 @@ Much of the preparation work is focused on ensuring the environment is deployed - Resource: https://docs.mattermost.com/deployment-guide/application-architecture.html - Resource: https://docs.mattermost.com/deployment-guide/deployment-guide-index.html - - Resource: https://docs.mattermost.com/administration-guide/scale/scaling-for-enterprise.html - - Resource: https://docs.mattermost.com/administration-guide/scale/high-availability-cluster-based-deployment.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/scaling-for-enterprise.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/high-availability-cluster-based-deployment.html - Create development and staging environments @@ -141,7 +135,7 @@ Much of the preparation work is focused on ensuring the environment is deployed - (Optional) Set up configuration management via the database instead of a config file for high available environments - - Resource: https://docs.mattermost.com/administration-guide/configure/configuration-in-your-database.html + - Resource: https://docs.mattermost.com/administration-guide/configuration-reference/configuration-in-your-database.html - Install and configure File Storage @@ -152,31 +146,31 @@ Much of the preparation work is focused on ensuring the environment is deployed - Note: If running Kubernetes and the Mattermost Operator, proxies will be created automatically. - Add SSL Cert - - Resource: https://docs.mattermost.com/administration-guide/onboard/ssl-client-certificate.html - - Resource: https://docs.mattermost.com/administration-guide/scale/high-availability-cluster-based-deployment.html#proxy-server-configuration + - Resource: https://docs.mattermost.com/administration-guide/identity-access/ssl-client-certificate.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/high-availability-cluster-based-deployment.html#proxy-server-configuration - (Optional) Set up certificate-based authentication (CBA) for user or device-based authentication with a digital certificate - - Resource: https://docs.mattermost.com/administration-guide/onboard/certificate-based-authentication.html + - Resource: https://docs.mattermost.com/administration-guide/identity-access/certificate-based-authentication.html - Configure SMTP for email notifications - - Resource: https://docs.mattermost.com/administration-guide/configure/smtp-email.html + - Resource: https://docs.mattermost.com/administration-guide/configuration-reference/smtp-email.html - Set up Elasticsearch (highly recommended if your organization anticipates over two million posts) - - Resource: https://docs.mattermost.com/administration-guide/scale/elasticsearch-setup.html + - Resource: https://docs.mattermost.com/administration-guide/platform-features/elasticsearch-setup.html - Document network configuration - - Example: https://docs.mattermost.com/administration-guide/scale/backing-storage-benchmarks.html + - Example: https://docs.mattermost.com/administration-guide/operations-scaling/backing-storage-benchmarks.html 4. Configure and customize your Mattermost site ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Login to Mattermost and access the System Console to connect your environment to Mattermost - - Resource: https://docs.mattermost.com/administration-guide/configure/configuration-settings.html#environment-variables + - Resource: https://docs.mattermost.com/administration-guide/configuration-reference/configuration-settings.html#environment-variables - Upload your valid Enterprise License under Edition and License - Ensure site URL is set appropriately for your production, dev and staging environments - Add your database configuration to **System Console > Environment > Database** @@ -189,7 +183,7 @@ Much of the preparation work is focused on ensuring the environment is deployed - Configure your site within the System Console - - Resource: https://docs.mattermost.com/administration-guide/configure/configuration-settings.html#site-configuration + - Resource: https://docs.mattermost.com/administration-guide/configuration-reference/configuration-settings.html#site-configuration - Set site access policies including permissions for roles and guest access @@ -202,7 +196,7 @@ Much of the preparation work is focused on ensuring the environment is deployed - Define and test disaster recovery policy and processes - Resource: https://docs.mattermost.com/deployment-guide/server/deploy-kubernetes.html - - Resource: https://docs.mattermost.com/administration-guide/scale/high-availability-cluster-based-deployment.html#upgrade-guide + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/high-availability-cluster-based-deployment.html#upgrade-guide - Performance test production environment @@ -212,11 +206,11 @@ Much of the preparation work is focused on ensuring the environment is deployed - Set up Prometheus and Grafana to monitor performance - - Resource: https://docs.mattermost.com/administration-guide/scale/deploy-prometheus-grafana-for-performance-monitoring.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/deploy-prometheus-grafana-for-performance-monitoring.html - Set up alerts in Grafana - - Resource: https://docs.mattermost.com/administration-guide/scale/deploy-prometheus-grafana-for-performance-monitoring.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/deploy-prometheus-grafana-for-performance-monitoring.html Roll out Mattermost ~~~~~~~~~~~~~~~~~~~ @@ -236,7 +230,7 @@ Now that you have an environment in place, we recommend working through the foll - (Optional) Migrate messages and channels from legacy systems - - Resource: https://docs.mattermost.com/administration-guide/onboard/migrating-to-mattermost.html + - Resource: https://docs.mattermost.com/administration-guide/getting-started/migrating-to-mattermost.html 2. Enable key integrations ^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -273,7 +267,7 @@ Now that you have an environment in place, we recommend working through the foll - Notify users in advance of roll out - - Sample email: https://docs.mattermost.com/administration-guide/upgrade/welcome-email-to-end-users.html + - Sample email: https://docs.mattermost.com/administration-guide/operations-scaling/welcome-email-to-end-users.html 4. Deploy client apps ^^^^^^^^^^^^^^^^^^^^^ @@ -301,13 +295,13 @@ Now that you have an environment in place, we recommend working through the foll - (Optional) Bulk Load users - - Resource: https://docs.mattermost.com/administration-guide/onboard/bulk-loading-data.html + - Resource: https://docs.mattermost.com/administration-guide/getting-started/bulk-loading-data.html - Onboard users to teams and channels - Recommendation: Use LDAP Group Sync to automate this process - - Resource: https://docs.mattermost.com/administration-guide/onboard/ad-ldap-groups-synchronization.html + - Resource: https://docs.mattermost.com/administration-guide/identity-access/ad-ldap-groups-synchronization.html - Implement your training plan to end users on how to use Mattermost @@ -332,8 +326,8 @@ Now that you have an environment in place, we recommend working through the foll - Understand management tools available to support users - - mmctl Command Line Tool Resource: https://docs.mattermost.com/administration-guide/manage/mmctl-command-line-tool.html - - Command Line Tools Resource: https://docs.mattermost.com/administration-guide/manage/command-line-tools.html + - mmctl Command Line Tool Resource: https://docs.mattermost.com/administration-guide/admin-tools/mmctl-command-line-tool.html + - Command Line Tools Resource: https://docs.mattermost.com/administration-guide/admin-tools/command-line-tools.html Review the roll out ~~~~~~~~~~~~~~~~~~~ @@ -358,7 +352,7 @@ We recommend that you review your rollout on a cadence that matches your iterati - Monitor site and team statistics - - Resource: https://docs.mattermost.com/administration-guide/manage/statistics.html + - Resource: https://docs.mattermost.com/administration-guide/admin-tools/statistics.html - Review: Total posts, total teams, total channels, total group chats, total direct chats, top channels, top teams - Analyze usage by lines of business and peak usage times @@ -386,7 +380,7 @@ We recommend that you review your rollout on a cadence that matches your iterati - Identify additional tests and scans - (Optional) Enable Compliance Reporting - - Resource: https://docs.mattermost.com/administration-guide/comply/compliance-export.html + - Resource: https://docs.mattermost.com/administration-guide/compliance-security-auditing/compliance-export.html 5. Perform maintenance tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -396,10 +390,67 @@ We recommend that you review your rollout on a cadence that matches your iterati - Perform the first upgrade - - Resource: https://docs.mattermost.com/administration-guide/upgrade/upgrading-mattermost-server.html + - Resource: https://docs.mattermost.com/administration-guide/operations-scaling/upgrading-mattermost-server.html - Determine upgrade schedule based on Mattermost release schedules and life cycle - Resource: https://docs.mattermost.com/product-overview/releases-lifecycle.html - Run System checks and either address or set address-by date + + +Send a welcome email to end users +---------------------------------- + +.. include:: ../../_static/badges/allplans-cloud-selfhosted.rst + :start-after: :nosearch: + +To make it easy for your end users to start using Mattermost right away, we created a sample email template that you can use. + +Remember to replace all the items below in bold with your information. + +Email template +--------------- + +From: **[company name]** IT Team + +To: End users + +Subject: New Collaboration Platform - Mattermost + + +Hi all, + +As some of you already know, we are moving to Mattermost as our collaboration platform. Mattermost is collaboration software you can use to talk, share files, and collaborate on projects or initiatives. Mattermost also integrates with many of the apps that you use every day, like **[add apps]**. + +We are moving to Mattermost because it will host all our collaboration in one place, is instantly searchable and available from all your devices. + +Some of the major benefits of using Mattermost are: + +- Direct 1:1 and group messaging + +- Channels for topic-based, group-based, or meeting-based chat + +- Streamlined collaboration on projects + +- Reduced email clutter + +- Searching across messages and channels + +- Sharing files + +To get started: + +1. Open a browser on your computer, go to **[Mattermost URL]** and log in with your **[LDAP/AD, SAML, Google, etc]** credentials. Remember to bookmark the URL so you can use it to log in next time. + +2. `Download `__ the Mattermost apps for desktop and mobile. See the :doc:`End User Guide ` for details on how to get up and running with Mattermost quickly. + +3. Start messaging! + + +Questions? +If you have any questions, feel free to post in the **[~Mattermost channel]** or email us at **[IT email]**. + +Happy collaborating! + +**[company name]** IT Team diff --git a/source/administration-guide/configure/site-configuration-settings.rst b/source/administration-guide/getting-started/site-configuration-settings.rst similarity index 95% rename from source/administration-guide/configure/site-configuration-settings.rst rename to source/administration-guide/getting-started/site-configuration-settings.rst index 1d34b2e7720..13bfb1dc8cc 100644 --- a/source/administration-guide/configure/site-configuration-settings.rst +++ b/source/administration-guide/getting-started/site-configuration-settings.rst @@ -252,7 +252,7 @@ Forgot Password custom link +-------------------------------------------------------------------------------+-------------------------------------------------------------------------------+ .. note:: - This configuration setting applies to all Mattermost clients, including web, desktop app, and mobile app. You can control whether the **Forgot Password** link is visible or hidden in clients by going to **Authentication > Password > Enable Forgot Password Link**. See the :ref:`configuration ` documentation for details. + This configuration setting applies to all Mattermost clients, including web, desktop app, and mobile app. You can control whether the **Forgot Password** link is visible or hidden in clients by going to **Authentication > Password > Enable Forgot Password Link**. See the :ref:`configuration ` documentation for details. .. config:setting:: report-a-problem-type :displayname: Report a Problem type (Customization) @@ -270,8 +270,8 @@ Report a Problem Specify how the **Report a Problem** option behaves in the Mattermost app via the **Help** menu: - **Default link**: Uses the default Mattermost URL to report a problem. For commercial customers, this is the `Mattermost Support Portal `_. Non-commercial customers are directed to `create a new issue on the Mattermost GitHub repository `_. -- **Email address**: Enables you to :ref:`enter an email address ` that users will be prompted to send a message to when they choose **Report a Problem** in Mattermost. -- **Custom link**: Enables you to :ref:`enter a URL ` that users will be directed to when they choose **Report a Problem** in Mattermost. +- **Email address**: Enables you to :ref:`enter an email address ` that users will be prompted to send a message to when they choose **Report a Problem** in Mattermost. +- **Custom link**: Enables you to :ref:`enter a URL ` that users will be directed to when they choose **Report a Problem** in Mattermost. - **Hide link**: Removes the **Report a Problem** option from Mattermost. .. config:setting:: report-a-problem-link @@ -713,8 +713,8 @@ Teammate name display | is displayed. ``config.json`` option: ``"nickname_full_name"``. | | | - **Show first and last name**: **(Default for Cloud deployments)** Displays user's full name. | | | If the user doesn't have a full name, their username is displayed. Recommended when using | | -| :doc:`SAML ` or | | -| :doc:`LDAP ` if first name and last name | | +| :doc:`SAML ` or | | +| :doc:`LDAP ` if first name and last name | | | attributes are configured. ``config.json`` option: ``"full_name"``. | | +-------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------+ @@ -924,7 +924,7 @@ Enable email notifications - Cloud admins can't modify this configuration setting. - If this setting is **false**, and the SMTP server is set up, account-related emails (such as authentication messages) will be sent regardless of this setting. - Email invitations and account deactivation emails aren't affected by this setting. - - If you don't plan on :doc:`configuring Mattermost for email `, disabling this configuration setting in larger deployments may improve server performance in the following areas, particularly in high-traffic environments where performance is a key concern: + - If you don't plan on :doc:`configuring Mattermost for email `, disabling this configuration setting in larger deployments may improve server performance in the following areas, particularly in high-traffic environments where performance is a key concern: - **Reduced Server Load**: Generating and sending emails requires processing power and resources. By disabling email notifications, you reduce the load on the server, which can be reallocated to other tasks. - **Decreased I/O Operations**: Sending emails involves input/output (I/O) operations, such as writing to logs and databases, and handling communication with the email server. Reducing these I/O operations can improve overall system efficiency. @@ -979,10 +979,10 @@ Enable email batching .. note:: - Cloud admins can't modify this configuration setting. - - The :ref:`Site Url ` and :ref:`SMTP Email Server ` must be configured to allow email batching. + - The :ref:`Site Url ` and :ref:`SMTP Email Server ` must be configured to allow email batching. - Regardless of how this setting is configured, users can :ref:`disable email-based notifications altogether `. - When email batching is enabled, users can :ref:`customize how often to receive batched notifications `. The default frequency is 15 minutes. - - Email batching in :ref:`High Availability Mode ` is planned, but not yet supported. + - Email batching in :ref:`High Availability Mode ` is planned, but not yet supported. .. config:setting:: email-notification-contents :displayname: Email notification contents (Notifications) @@ -1159,7 +1159,7 @@ Enable notification monitoring +-----------------------------------------------+----------------------------------------------------------------------------------------------------+ .. note:: - See the :ref:`performance monitoring ` documentation + See the :ref:`performance monitoring ` documentation to learn more about Mattermost Notification Health metrics. ---- @@ -1808,6 +1808,62 @@ Allow file downloads on mobile | | - Environment variable: ``MM_FILESETTINGS_ENABLEMOBILEDOWNLOAD`` | +----------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ +<<<<<<< HEAD:source/administration-guide/configuration-reference/site-configuration-settings.rst +.. config:setting:: mobile-enable-secure-file-preview + :displayname: Enable secure file preview on mobile (File sharing) + :systemconsole: Site Configuration > File sharing and downloads + :configjson: .FileSettings.MobileEnableSecureFilePreview + :environment: MM_FILESETTINGS_MOBILEENABLESECUREFILEPREVIEW + + - **true**: Prevents file downloads, previews, and sharing for most file types. Allows in-app previews for PDFs, videos, and images only. Files are stored temporarily in the app's cache and cannot be exported or shared. + - **false**: **(Default)** Secure file preview mode is disabled. + +Enable secure file preview on mobile +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. include:: ../../_static/badges/ent-adv-cloud-selfhosted.rst + :start-after: :nosearch: + +This setting improves an organization's mobile security posture by restricting file access while still allowing essential file viewing capabilities. + ++---------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+ +| - **true**: Prevents file downloads, previews, and sharing for most file types, | - System Config path: **Site Configuration > File sharing and downloads** | +| even when the | - ``config.json`` setting: ``FileSettings`` > ``MobileEnableSecureFilePreview`` > ``false`` | +| :ref:`Allow file downloads on mobile ` | - Environment variable: ``MM_FILESETTINGS_MOBILEENABLESECUREFILEPREVIEW`` | +| configuration setting is enabled. Allows in-app previews for PDFs, | | +| videos, and images only. Files are stored temporarily in the app's cache and cannot be exported or shared. | | +| - **false**: **(Default)** Secure file preview mode is disabled. | | ++---------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+ + +.. config:setting:: mobile-allow-pdf-link-navigation + :displayname: Allow PDF link navigation on mobile (File sharing) + :systemconsole: Site Configuration > File sharing and downloads + :configjson: .FileSettings.MobileAllowPdfLinkNavigation + :environment: MM_FILESETTINGS_MOBILEALLOWPDFLINKNAVIGATION + + - **true**: **(Default)** Enables tapping links inside PDFs when Secure File Preview Mode is active. Links will open in the device browser or supported app. + - **false**: Disables link navigation in PDFs when Secure File Preview Mode is active. + +Allow PDF link navigation on mobile +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. include:: ../../_static/badges/ent-adv-cloud-selfhosted.rst + :start-after: :nosearch: + ++---------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------+ +| - **true**: **(Default)** Enables tapping links inside PDFs | - System Config path: **Site Configuration > File sharing and downloads** | +| when Secure File Preview Mode is active. Links will open | - ``config.json`` setting: ``FileSettings`` > ``MobileAllowPdfLinkNavigation`` > ``true`` | +| in the device browser or supported app. | - Environment variable: ``MM_FILESETTINGS_MOBILEALLOWPDFLINKNAVIGATION`` | +| - **false**: Disables link navigation in PDFs | | +| when Secure File Preview Mode is active. | | ++---------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------+ + +.. note:: + + This setting has no effect when the :ref:`Secure file preview on mobile ` configuration setting is disabled. + +======= +>>>>>>> master:source/administration-guide/configure/site-configuration-settings.rst ---- Public Links @@ -1871,14 +1927,14 @@ Access the following configuration settings in the System Console by going to ** :configjson: .AnnouncementSettings.AdminNoticesEnabled :environment: MM_ANNOUNCEMENTSETTINGS_ADMINNOTICESENABLED - - **true**: **(Default)** System admins will receive `in-product notices `__ about server upgrades and administration features. + - **true**: **(Default)** System admins will receive `in-product notices `__ about server upgrades and administration features. - **false**: System admins will not receive specific notices. Admins will still receive notices for all users (see **Enable end user notices**). Enable admin notices ~~~~~~~~~~~~~~~~~~~~ +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+ -| - **true**: **(Default)** System admins will receive :doc:`in-product notices ` about server upgrades and administration features. | - System Config path: **Site Configuration > Notices** - | +| - **true**: **(Default)** System admins will receive :doc:`in-product notices ` about server upgrades and administration features. | - System Config path: **Site Configuration > Notices** - | | | - ``config.json`` setting: ``AnnouncementSettings`` > ``AdminNoticesEnabled`` > ``true`` | | - **false**: System admins will not receive specific notices. Admins will still receive notices for all users (see **Enable end user notices**) | - Environment variable: ``MM_ANNOUNCEMENTSETTINGS_ADMINNOTICESENABLED`` | +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+ @@ -1889,14 +1945,14 @@ Enable admin notices :configjson: .AnnouncementSettings.UserNoticesEnabled :environment: MM_ANNOUNCEMENTSETTINGS_USERNOTICESENABLED - - **true**: **(Default)** All users receive `in-product notices `__ about client upgrades and end user features. + - **true**: **(Default)** All users receive `in-product notices `__ about client upgrades and end user features. - **false**: Users will not receive in-product notices. Enable end user notices ~~~~~~~~~~~~~~~~~~~~~~~ +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+ -| - **true**: **(Default)** All users receive :doc:`in-product notices ` about client upgrades and end user features. | - System Config path: **Site Configuration > Notices** | +| - **true**: **(Default)** All users receive :doc:`in-product notices ` about client upgrades and end user features. | - System Config path: **Site Configuration > Notices** | | - **false**: Users will not receive in-product notices. | - ``config.json`` setting: ``AnnouncementSettings`` > ``UserNoticesEnabled`` > ``true`` | | | - Environment variable: ``MM_ANNOUNCEMENTSETTINGS_USERNOTICESENABLED`` | +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+ @@ -1909,7 +1965,7 @@ Connected workspaces The following settings aren't available in the System Console and can only be set in ``config.json``. -When connected workspaces are enabled, system admins can :doc:`create and manage connected workspaces ` in the System Console by going to **Site Configuration > Connected Workspaces**. +When connected workspaces are enabled, system admins can :doc:`create and manage connected workspaces ` in the System Console by going to **Site Configuration > Connected Workspaces**. .. config:setting:: enable-connected-workspaces :displayname: Enable connected workspaces @@ -1936,7 +1992,7 @@ This feature's two ``config.json`` settings include: - Neither setting is available in the System Console and can only be set in ``config.json`` under ``ConnectedWorkspacesSettings``. - System admins for Cloud deployments can submit a request to have these required configuration settings enabled for their Cloud deployment instance. - - Following an upgrade to Mattermost v10.2 or later, existing configuration values for shared channels, including ``EnableSharedChannels`` and ``EnableRemoteClusterService`` are automatically converted to connected workspace configuration settings in the ``config.json`` file. The :ref:`deprecated shared channels experimental settings ` remain in the ``config.json`` file to support backwards compatibility. + - Following an upgrade to Mattermost v10.2 or later, existing configuration values for shared channels, including ``EnableSharedChannels`` and ``EnableRemoteClusterService`` are automatically converted to connected workspace configuration settings in the ``config.json`` file. The :ref:`deprecated shared channels experimental settings ` remain in the ``config.json`` file to support backwards compatibility. .. config:setting:: disable-shared-channel-status-sync :displayname: Disable shared channel status sync (Connected Workspaces) diff --git a/source/administration-guide/configure/user-management-configuration-settings.rst b/source/administration-guide/getting-started/user-management-configuration-settings.rst similarity index 94% rename from source/administration-guide/configure/user-management-configuration-settings.rst rename to source/administration-guide/getting-started/user-management-configuration-settings.rst index 06929132488..cfedd389bd8 100644 --- a/source/administration-guide/configure/user-management-configuration-settings.rst +++ b/source/administration-guide/getting-started/user-management-configuration-settings.rst @@ -25,10 +25,10 @@ Provision users Getting people set up with a Mattermost account is typically something that system admins do when deploying and configuring the Mattermost deployment. A Mattermost admin can :doc:`provision Mattermost users ` using one or more of the following methods: -- :ref:`Enable account creation `. -- Use :ref:`mmctl user create ` or Mattermost `APIs `__ to create user accounts. -- :ref:`Migrate user accounts ` from other collaboration systems and :doc:`bulk load ` that user data into Mattermost. -- Connect an authentication service to assist with user provisioning, such as :doc:`AD/LDAP authentication ` or :doc:`SAML authentication `. +- :ref:`Enable account creation `. +- Use :ref:`mmctl user create ` or Mattermost `APIs `__ to create user accounts. +- :ref:`Migrate user accounts ` from other collaboration systems and :doc:`bulk load ` that user data into Mattermost. +- Connect an authentication service to assist with user provisioning, such as :doc:`AD/LDAP authentication ` or :doc:`SAML authentication `. Review user data ~~~~~~~~~~~~~~~~ @@ -133,7 +133,7 @@ If you deactivate a Mattermost user who has integrations tied to their user acco - **Slash commands** will continue to work after user deactivation. Consider deleting the existing slash command and creating a new slash command associated with a different user account to decouple sensitive token data from the deactivated user account. Alternatively, consider regenerating the token of the existing slash command. Check that the deactivated user doesn't have access to the slash command **Request URL** which is the callback URL to receive the HTTP POST or GET event request when the slash command is run. - **Outgoing webhooks** will continue to work after user deactivation. Consider regenerating the webhook token and check that the deactivated user no longer has access to the callback URLs, as having access would result in the deactivating user receiving the outgoing webhooks. - **Incoming webhooks** will continue to work after user deactivation. Because the `URL produced `_ includes ``xxx-generatedkey-xxx``, anyone who has the URL can post messages to the Mattermost instance. We recommend removing the incoming webhook and creating a new one associated with a different user account. -- **Bot accounts** won't continue to work after user deactivation when the :ref:`disable bot accounts when owner is deactivated ` is enabled. This configuration setting is enabled by default. +- **Bot accounts** won't continue to work after user deactivation when the :ref:`disable bot accounts when owner is deactivated ` is enabled. This configuration setting is enabled by default. - **OAuth apps** won't continue to work after user deactivation, and associated tokens are deleted. Manual action is needed to keep these integrations running. Delete users @@ -237,7 +237,7 @@ If a user, whose account details are synchronized with AD/LDAP, can't access the .. note:: - To adjust the maximum login attempts allowed for all users, go to **System Console > Authentication > AD/LDAP > Maximum Login Attempts**. Lowering this :ref:`configuration setting ` value below the maximum threshhold allowed on your AD/LDAP server will ensure that your users won’t get locked out of AD/LDAP due to failed login attempts in Mattermost. + To adjust the maximum login attempts allowed for all users, go to **System Console > Authentication > AD/LDAP > Maximum Login Attempts**. Lowering this :ref:`configuration setting ` value below the maximum threshhold allowed on your AD/LDAP server will ensure that your users won’t get locked out of AD/LDAP due to failed login attempts in Mattermost. Update user's email ~~~~~~~~~~~~~~~~~~~ @@ -246,7 +246,7 @@ Update the emails of users using the System Console. .. note:: - From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. + From Mattermost v10.9, email addresses enclosed in angle brackets (e.g., ````) will be rejected. To avoid issues, ensure all user emails comply with the plain address format (e.g., ``billy@example.com``). In addition, we strongly recommend taking proactive steps to audit and update Mattermost user data to align with this product change, as impacted users may face issues accessing Mattermost or managing their user profile. You can update these user emails manually using :ref:`mmctl user email `. 1. Go to **System Console > User Management > Users** to access all user accounts. @@ -306,7 +306,7 @@ Groups | to Mattermost groups. | - ``config.json setting``: N/A | | | - Environment variable: N/A | +---------------------------------------------------------------+-------------------------------------------------------------+ -| See the :doc:`AD/LDAP groups ` documentation for | +| See the :doc:`AD/LDAP groups ` documentation for | | details. | +---------------------------------------------------------------+-------------------------------------------------------------+ @@ -385,7 +385,7 @@ Remove members Sync group members ^^^^^^^^^^^^^^^^^^ -When enabled, adding and removing users from groups will add or remove them from this team. The only way of inviting members to this team is by adding the groups they belong to. See the :ref:`Synchronize teams and channels ` documentation for further details. +When enabled, adding and removing users from groups will add or remove them from this team. The only way of inviting members to this team is by adding the groups they belong to. See the :ref:`Synchronize teams and channels ` documentation for further details. 1. Go to **System Console > User Management > Teams** to access all available teams. 2. Select the team from the list to view its configuration page. @@ -424,7 +424,7 @@ Users can only join the team if their email matches one of the specified domains Synchronize team members ~~~~~~~~~~~~~~~~~~~~~~~~~ -Admins can choose between inviting members to a team manually or synchronizing members automatically from AD/LDAP groups. See the :ref:`using AD/LDAP synchronized groups ` documentation for details on managing team or private channel membership. +Admins can choose between inviting members to a team manually or synchronizing members automatically from AD/LDAP groups. See the :ref:`using AD/LDAP synchronized groups ` documentation for details on managing team or private channel membership. Archive the team ~~~~~~~~~~~~~~~~ @@ -555,7 +555,7 @@ Choose between inviting members manually or sychronizing members automatically f Sync Group Members ^^^^^^^^^^^^^^^^^^ -When enabled, adding and removing users from groups will add or remove them from this team. The only way of inviting members to this team is by adding the groups they belong to. See the :ref:`Synchronize teams and channels ` documentation for further details. +When enabled, adding and removing users from groups will add or remove them from this team. The only way of inviting members to this team is by adding the groups they belong to. See the :ref:`Synchronize teams and channels ` documentation for further details. 1. Go to **System Console > User Management > Channels** to access all available channels. 2. Select the channel from the list to view its configuration page. @@ -621,7 +621,7 @@ Archive a channel :alt: Archive a channel using the System Console. .. tip:: - Channels can be deleted with all content, including posts in the database, using the :ref:`mmctl channel delete ` tool. + Channels can be deleted with all content, including posts in the database, using the :ref:`mmctl channel delete ` tool. ---- diff --git a/source/administration-guide/manage/admin/attribute-based-access-control.rst b/source/administration-guide/identity-access/attributes/attribute-based-access-control.rst similarity index 96% rename from source/administration-guide/manage/admin/attribute-based-access-control.rst rename to source/administration-guide/identity-access/attributes/attribute-based-access-control.rst index f0d9e461062..5dc6c942867 100644 --- a/source/administration-guide/manage/admin/attribute-based-access-control.rst +++ b/source/administration-guide/identity-access/attributes/attribute-based-access-control.rst @@ -11,11 +11,11 @@ Enforcing strict access controls based on user attributes eliminates manual role Before you begin ------------------ -Attribute-based access controls require defined user attributes that are either synchronized from an external system (such as LDAP or SAML) or manually configured and enabled on your Mattermost server. You'll need to :doc:`configure user attributes ` in the System Console first befopre creating access policies. +Attribute-based access controls require defined user attributes that are either synchronized from an external system (such as LDAP or SAML) or manually configured and enabled on your Mattermost server. You'll need to :doc:`configure user attributes ` in the System Console first befopre creating access policies. Once user attributes are defined, go to **System Console > System Attributes > Attribute-Based Access** to enable attribute-based access controls for your Mattermost instance. This functionality requires a Mattermost Enterprise Advanced license. -From Mattermost v10.11, user-managed attributes are excluded from attribute-based access control (ABAC) rules by default for security reasons. This prevents access control policies from being circumvented by users editing their own profile attributes. To include user-managed attributes in ABAC rules, a system admin must explicitly enable the ``EnableUserManagedAttributes`` configuration setting. See the :ref:`user attribute ` documentation for details on enabling this feature. This configuration setting is available only in Enterprise Edition Advanced and is disabled by default. +From Mattermost v10.11, user-managed attributes are excluded from attribute-based access control (ABAC) rules by default for security reasons. This prevents access control policies from being circumvented by users editing their own profile attributes. To include user-managed attributes in ABAC rules, a system admin must explicitly enable the ``EnableUserManagedAttributes`` configuration setting. See the :ref:`user attribute ` documentation for details on enabling this feature. This configuration setting is available only in Enterprise Edition Advanced and is disabled by default. Once enabled, you have 2 ways to configure access policies in Mattermost: diff --git a/source/administration-guide/configure/system-attributes.rst b/source/administration-guide/identity-access/attributes/system-attributes.rst similarity index 83% rename from source/administration-guide/configure/system-attributes.rst rename to source/administration-guide/identity-access/attributes/system-attributes.rst index 90b94a050a9..a6cc8e07b2a 100644 --- a/source/administration-guide/configure/system-attributes.rst +++ b/source/administration-guide/identity-access/attributes/system-attributes.rst @@ -1,7 +1,7 @@ System Attributes ================= -.. include:: ../../_static/badges/ent-cloud-selfhosted.rst +.. include:: ../../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: System attributes configuration settings provide system admins with centralized control over key user account properties. @@ -10,6 +10,6 @@ Review and manage the following system attributes configuration options in the S You can define, manage, and enforce specific attributes, including: -- **Custom attributes for user profiles**: Display details such as job titles, departments, or other metadata, on user profiles that align with your organizational structures and workflows. Learn more about :doc:`managing custom user profile attributes `. -- **Granular access controls based on user attributes**: Ensure users have access to only the resources and functionality relevant to their roles, bolstering security and compliance across the organization. Learn more about :doc:`managing access based on user attributes `. -- **Control user-managed attributes in attribute-based access control (ABAC)**: From Mattermost v10.11 (Enterprise Edition Advanced), user-managed attributes are excluded from ABAC rules by default to prevent unauthorized access. System admins can enable them with a configuration setting. Learn more about enabling user-managed attributes in ABAC rules in the :ref:`User Attributes documentation `. +- **Custom attributes for user profiles**: Display details such as job titles, departments, or other metadata, on user profiles that align with your organizational structures and workflows. Learn more about :doc:`managing custom user profile attributes `. +- **Granular access controls based on user attributes**: Ensure users have access to only the resources and functionality relevant to their roles, bolstering security and compliance across the organization. Learn more about :doc:`managing access based on user attributes `. +- **Control user-managed attributes in attribute-based access control (ABAC)**: From Mattermost v10.11 (Enterprise Edition Advanced), user-managed attributes are excluded from ABAC rules by default to prevent unauthorized access. System admins can enable them with a configuration setting. Learn more about enabling user-managed attributes in ABAC rules in the :ref:`User Attributes documentation `. diff --git a/source/administration-guide/manage/admin/user-attributes.rst b/source/administration-guide/identity-access/attributes/user-attributes.rst similarity index 96% rename from source/administration-guide/manage/admin/user-attributes.rst rename to source/administration-guide/identity-access/attributes/user-attributes.rst index ad5e9b656f8..cf60ed0a1ca 100644 --- a/source/administration-guide/manage/admin/user-attributes.rst +++ b/source/administration-guide/identity-access/attributes/user-attributes.rst @@ -14,7 +14,7 @@ System attributes enable you to customize user profile attributes to match your Before you begin ~~~~~~~~~~~~~~~~~ -If you plan to synchronize system properties with your AD/LDAP or SAML identity provider, ensure AD/LDAP or SAML synchronization is already enabled and configured. See the :doc:`AD/LDAP groups ` product documentation or :ref:`SAML 2.0 ` configuration settings documentation for details. +If you plan to synchronize system properties with your AD/LDAP or SAML identity provider, ensure AD/LDAP or SAML synchronization is already enabled and configured. See the :doc:`AD/LDAP groups ` product documentation or :ref:`SAML 2.0 ` configuration settings documentation for details. .. tab:: Mattermost v10.11 or later diff --git a/source/administration-guide/onboard/ad-ldap-groups-synchronization.rst b/source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap-groups-synchronization.rst similarity index 92% rename from source/administration-guide/onboard/ad-ldap-groups-synchronization.rst rename to source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap-groups-synchronization.rst index 1779b64f5f0..e0d943149b7 100644 --- a/source/administration-guide/onboard/ad-ldap-groups-synchronization.rst +++ b/source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap-groups-synchronization.rst @@ -3,7 +3,7 @@ AD/LDAP groups ============== -.. include:: ../../_static/badges/ent-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: Overview @@ -14,7 +14,7 @@ The groups feature is useful for organizations that have many new users to onboa - Creating groups by synchronization with your AD/LDAP system groups. - Syncing groups to pre-defined roles in Mattermost. - AD/LDAP nested groups. -- Using synchronized groups to manage :ref:`membership of teams and Private channels `. +- Using synchronized groups to manage :ref:`membership of teams and Private channels `. For a technical overview of the feature by Martin Kraft, who led the development of the feature, please see `this blog post `__. @@ -33,7 +33,7 @@ If you have enabled synchronization with AD/LDAP, all groups matching the defaul The group filter is an optional configuration setting available in the **User Filters** section of the AD/LDAP wizard (**System Console > Authentication > AD/LDAP**) and allows you to specify the groups that should have access in Mattermost. The **Group** filter is independent of the **User** filter; however, it does leverage the Base DN attribute. You may need to adjust your Base DN to ensure group objects can be searched in your AD/LDAP tree. -The synchronization of groups happens with the synchronization of users, during which Mattermost queries AD/LDAP for updated account information. Please see the :doc:`Active Directory/LDAP Set up documentation `. for more information. The group feature has no effect on users' authentication to Mattermost. +The synchronization of groups happens with the synchronization of users, during which Mattermost queries AD/LDAP for updated account information. Please see the :doc:`Active Directory/LDAP Set up documentation `. for more information. The group feature has no effect on users' authentication to Mattermost. Enable AD/LDAP group synchronization ------------------------------------- @@ -48,8 +48,8 @@ To synchronize specific AD/LDAP groups to Mattermost, specify the ``Group ID Att Additionally, you can specify the **Group** filter used to retrieve groups. If the **Group** filter configuration is left blank, then all groups matching the default filter ``(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))`` are returned. Attribute values for **Group ID** and **Group Display Name** are case-sensitive. -.. image:: ../../images/Group_filter.png - :alt: Specify the group filter in the System Console by going to Authentication > AD/LDAP. +.. image:: /images/Group_filter.png + :alt: Group filter Group synchronization occurs after user synchronization and results for group synchronization are available on the synchonization status table (located at the bottom of the **AD/LDAP** configuration page). After the AD/LDAP groups have been synchronized, go to **System Console > User Management > Groups** to link and configure Mattermost groups. @@ -62,20 +62,20 @@ On subsequent synchronizations and once groups are linked: - Mattermost groups that are linked to AD/LDAP groups no longer included in your filter are deleted. - Users removed from an AD/LDAP group are removed from the linked Mattermost group, but their channel and team membership is only revoked when the channel or team is synchronized to an AD/LDAP group. -.. image:: ../../images/Group_Group_Member_Sync.png +.. image:: /images/Group_Group_Member_Sync.png Link AD/LDAP groups to Mattermost groups ----------------------------------------- Groups that have been returned from the default filter or your AD/LDAP group filter will be available in a list view on the Groups page. The link action will create Mattermost groups corresponding to the AD/LDAP group. AD/LDAP groups linked to a Mattermost group will display the **Linked** icon. AD/LDAP groups that have not been linked to a Mattermost group will display the **Not Linked** icon. An AD/LDAP group that is not linked does not create a Mattermost group. -.. image:: ../../images/Groups_listing.png +.. image:: /images/Groups_listing.png You can link groups individually by the inline **Linked** button and use the checkbox next to the group name to select multiple groups and choose **Link Selected Groups**. When selecting multiple groups with a mix of **Linked** and **Not Linked** states, the bulk action of the button will be **Link Selected Groups** until all selected are marked **Linked**. Using the bulk action speeds the process of creating Mattermost groups from your AD/LDAP Groups. If you see a **Link Failed** message, either select the message, or check the box alongside the group name to expose the inline link message and try again. -.. image:: ../../images/LinkFailed.png +.. image:: /images/LinkFailed.png Configure the linked group -------------------------- @@ -87,7 +87,7 @@ Add default teams or channels for the group To add the teams and channels that you want the group members to default in, select either **Add Team** or **Add Channel** from the **Add Team or Channel** button. You can assign roles to group members using the options provided in the **Assigned Roles** column. Roles are updated on the next scheduled AD/LDAP synchronization. -.. image:: ../../images/Group_Configuration.png +.. image:: /images/Group_Configuration.png Channels are nested below the team they belong to in the team and channel list. The following table describes the icons available on this page and what they indicate: @@ -113,7 +113,7 @@ Channels are nested below the team they belong to in the team and channel list. .. note:: - - When a team is added, the ``Town Square`` and ``Off-Topic`` channels will also be created automatically, as well as any default channels set in the :ref:`ExperimentalDefaultChannels config setting `. + - When a team is added, the ``Town Square`` and ``Off-Topic`` channels will also be created automatically, as well as any default channels set in the :ref:`ExperimentalDefaultChannels config setting `. - When a channel is added without setting the team explicitly, the team will be shown in the **Team and Channel Membership** listing, but it won't be added to the group specifically. Because of this dependency, when the channel is removed, the team will also be removed. Teams are listed in parentheses after the channel name in the channel selector. Synchronize teams and channels @@ -126,7 +126,7 @@ It may take a few seconds to load all team and channel memberships for a user de .. note:: Users aren't removed from the team or channel on subsequent synchronizations of the AD/LDAP groups. Users need to be manually removed from the team or channel per the existing functionality. They won't be automatically re-added if they were manually removed or removed themselves. To manage a team or Private channel membership with synchronized groups, please see the section below on **Disable and re-activate AD/LDAP users** for details. -.. image:: ../../images/Team_Channel_Membership_Sync.png +.. image:: /images/Team_Channel_Membership_Sync.png Remove configured teams and channels from a group -------------------------------------------------- @@ -138,7 +138,7 @@ View users belonging to the group Users who have logged in and accessed Mattermost will be visible in the members list on the group object. Members are read-only at this time and new members can be added through management in your AD/LDAP system. -.. image:: ../../images/Group_Members.png +.. image:: /images/Group_Members.png Users can be removed from the Mattermost group on subsequent synchronizations. However, they won't be removed from teams and channels unless the team or channel is group-synchronized. @@ -208,9 +208,9 @@ To manage membership of a private team with synchronized groups: Alternatively, you can use the mmctl tools to set the team to be managed by groups: -1. Ensure there is at least one group already associated to the team. You can view and add default teams to a group via **System Console > User Management > Groups > Group Configuration**. Please see more information on adding default teams and channels :ref:`here `. Additionally, you can use the mmctl to confirm if there is already a group associated to the team by running the :ref:`mmctl group team list ` command. +1. Ensure there is at least one group already associated to the team. You can view and add default teams to a group via **System Console > User Management > Groups > Group Configuration**. Please see more information on adding default teams and channels :ref:`here `. Additionally, you can use the mmctl to confirm if there is already a group associated to the team by running the :ref:`mmctl group team list ` command. 2. Ensure **Team Settings > General > Allow any user with an account on this server to join this team** is set to **No**. -3. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group team enable ` command. +3. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group team enable ` command. To manage membership of a private channel with synchronized groups: @@ -222,8 +222,8 @@ To manage membership of a private channel with synchronized groups: Members will be updated on the next scheduled AD/LDAP synchronization. Alternatively, you can use the mmctl to set a private channel to be managed by groups: -1. Ensure there is at least one group already associated to the channel. You can view and add default channels to a group via **System Console > User Management > Groups > Group Configuration**. Please see more information on adding default teams and channels :ref:`here `. Additionally, you can use the mmctl to view if there is already a group associated to the channel by running the :ref:`mmctl group channel list ` command. -2. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group channel enable ` command. +1. Ensure there is at least one group already associated to the channel. You can view and add default channels to a group via **System Console > User Management > Groups > Group Configuration**. Please see more information on adding default teams and channels :ref:`here `. Additionally, you can use the mmctl to view if there is already a group associated to the channel by running the :ref:`mmctl group channel list ` command. +2. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group channel enable ` command. Assign roles to group members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -297,9 +297,9 @@ If the user is removed from a synchronized group and later re-added to the group Disable group-synchronized management of teams and private channels ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To remove the management of members by synchronized groups in a team, disable **Sync Group Members** under **System Console > User Management > Teams > Team Management**. Alternatively, you can also run the :ref:`mmctl group team disable ` command. +To remove the management of members by synchronized groups in a team, disable **Sync Group Members** under **System Console > User Management > Teams > Team Management**. Alternatively, you can also run the :ref:`mmctl group team disable ` command. -To remove the management of members by synchronized groups in a channel, disable **Sync Group Members** under **System Console > User Management > Channels > Channel Management**. Alternatively, you can also run the :ref:`mmctl group channel disable ` command. +To remove the management of members by synchronized groups in a channel, disable **Sync Group Members** under **System Console > User Management > Channels > Channel Management**. Alternatively, you can also run the :ref:`mmctl group channel disable ` command. Frequently asked questions -------------------------- @@ -330,7 +330,7 @@ You can do this by setting the team or channel management to synced groups inste How do I use AD/LDAP group sync with SAML? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can use AD/LDAP group sync with SAML by enabling :ref:`SAML Synchronization with AD/LDAP `. You do not need to enable sign-in with LDAP for this feature to work. +You can use AD/LDAP group sync with SAML by enabling :ref:`SAML Synchronization with AD/LDAP `. You do not need to enable sign-in with LDAP for this feature to work. However, it's critical that the unique Mattermost ID identifier that you have chosen as your attribute in your directory service (AD/LDAP) is the same for both the SAML and AD/LDAP configurations. @@ -339,7 +339,7 @@ For instance, if ``ObjectGUID`` has been chosen as the Mattermost ID in your AD/ Why aren’t public channels supported with synchronized groups? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Public channels are available to all members to discover and join. Managing membership with synchronized groups removes the ability for Public channels to be accessible to users on the team. Private channels typically require more controlled membership management, which is why this feature applies to Private channels. Groups can be assigned to public teams and public channels as described in :ref:`this documentation `. +Public channels are available to all members to discover and join. Managing membership with synchronized groups removes the ability for Public channels to be accessible to users on the team. Private channels typically require more controlled membership management, which is why this feature applies to Private channels. Groups can be assigned to public teams and public channels as described in :ref:`this documentation `. Does a team with its membership managed by groups have any effect on public channel access? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/onboard/ad-ldap.rst b/source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap.rst similarity index 86% rename from source/administration-guide/onboard/ad-ldap.rst rename to source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap.rst index b6e7a7e53a8..9acb79db221 100644 --- a/source/administration-guide/onboard/ad-ldap.rst +++ b/source/administration-guide/identity-access/authentication-methods/active-directory/ad-ldap.rst @@ -1,13 +1,20 @@ AD/LDAP setup ============= -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: +.. toctree:: + :maxdepth: 1 + :titlesonly: + + /administration-guide/identity-access/authentication-methods/active-directory/ad-ldap-groups-synchronization + /administration-guide/identity-access/authentication-methods/active-directory/managing-team-channel-membership-using-ad-ldap-sync-groups + Overview -------- -Mattermost offers “Same Sign-On” with Microsoft AD/LDAP (formerly known as Active Directory/LDAP). Enable the same credentials used in on-prem AD/LDAP deployments to be reused in Mattermost, with optional :doc:`multi-factor authentication `. +Mattermost offers “Same Sign-On” with Microsoft AD/LDAP (formerly known as Active Directory/LDAP). Enable the same credentials used in on-prem AD/LDAP deployments to be reused in Mattermost, with optional :doc:`multi-factor authentication `. AD/LDAP is a service that stores authentication and authorization details of users on your organization's network. When you integrate your AD/LDAP system with Mattermost, users can log into Mattermost without having to create new credentials. User accounts are managed in AD/LDAP, and changes are synchronized with Mattermost. @@ -18,7 +25,8 @@ Benefits of integrating AD/LDAP with Mattermost include: - **Single sign-on.** Users can log in to Mattermost with their AD/LDAP credentials. - **Centralized identity management.** Mattermost accounts can display user information from AD/LDAP, such as first and last name, email, and username. - **Automatic account provisioning.** A Mattermost user account is automatically created the first time a user signs in with their AD/LDAP credentials. -- **Sync groups to predefined roles in Mattermost.** Assign team and channel roles to groups via AD/LDAP Group Sync. +- **Sync groups to predefined roles in Mattermost.** Create groups by synchronizing with AD/LDAP system groups and syncing those groups to pre-defined roles in Mattermost. +- **Manage team and channel membership** Manage the membership of private teams and private channels where users are added and removed based on their membership to the synchronized AD/LDAP group. - **Compliance alignment with administrator management.** Manage Administrator access to Mattermost in the System Console using AD/LDAP filters. Pre-installation notes @@ -55,7 +63,7 @@ There are two ways to set up AD/LDAP: 2. **Configure AD/LDAP by editing ``config.json``** - - Edit ``config.json`` to enable AD/LDAP based on the :ref:`AD/LDAP settings documentation `. When you log in to Mattermost the first user to log in with valid AD/LDAP credentials will be assigned the system admin role. + - Edit ``config.json`` to enable AD/LDAP based on the :ref:`AD/LDAP settings documentation `. When you log in to Mattermost the first user to log in with valid AD/LDAP credentials will be assigned the system admin role. Configure AD/LDAP login -------------------------- @@ -96,7 +104,7 @@ Configure AD/LDAP login .. note:: - If you've made a mistake and lock yourself out of the system somehow, you can set an existing account to system admin using the :ref:`mmctl roles ` command. + If you've made a mistake and lock yourself out of the system somehow, you can set an existing account to system admin using the :ref:`mmctl roles ` command. Configure AD/LDAP synchronization ---------------------------------- @@ -114,18 +122,18 @@ To configure AD/LDAP synchronization with AD/LDAP sign-in: 2. Navigate to the **Sync Performance** section and configure the **Synchronization Interval (minutes)** to specify how often Mattermost accounts synchronize attributes with AD/LDAP. The default setting is 60 minutes. The profile picture attribute is only synchronized when the user logs in. - If you want to synchronize immediately after disabling an account, use the **AD/LDAP Synchronize Now** button in the **Sync History** section of the wizard. - - To configure AD/LDAP synchronization with SAML sign-in, see the :doc:`SAML documentation `. + - To configure AD/LDAP synchronization with SAML sign-in, see the :doc:`SAML documentation `. .. note:: - Ensure at least one AD/LDAP user is in Mattermost or the sync won't complete. - Synchronization with AD/LDAP settings in the System Console can be used to determine the connectivity and availability of arbitrary hosts. System admins concerned about this can use custom admin roles to limit access to modifying these settings. See the :ref:`delegated granular administration ` documentation for details. -3. From Mattermost v10.9, you can configure Mattermost to automatically :ref:`re-add members of an LDAP group to group-synchronized teams or channels ` during LDAP synchronization, even if those members were previously removed. This option enables you to maintain uninterrupted collaboration and address specific organizational needs, ensuring users who were unintentionally removed due to changes in LDAP group membership, synchronization errors, or exceptions to the standard group sync rules can be seamlessly restored. +3. From Mattermost v10.9, you can configure Mattermost to automatically :ref:`re-add members of an LDAP group to group-synchronized teams or channels ` during LDAP synchronization, even if those members were previously removed. This option enables you to maintain uninterrupted collaboration and address specific organizational needs, ensuring users who were unintentionally removed due to changes in LDAP group membership, synchronization errors, or exceptions to the standard group sync rules can be seamlessly restored. .. note:: - The :ref:`mmctl ldap sync ` command takes precedence over this server configuration setting. If you have this setting disabled, and run the mmctl command with the ``--include-removed-members`` flag, removed members will be re-added during LDAP synchronization. + The :ref:`mmctl ldap sync ` command takes precedence over this server configuration setting. If you have this setting disabled, and run the mmctl command with the ``--include-removed-members`` flag, removed members will be re-added during LDAP synchronization. Configure AD/LDAP sign-in using filters ---------------------------------------- @@ -162,7 +170,7 @@ If this filter is removed/changed, active guests will not be promoted to a membe When a guest logs in for the first time they are presented with a default landing page until they are added to channels. -See the :doc:`Guest Accounts documentation ` for more information about this feature. +See the :doc:`Guest Accounts documentation ` for more information about this feature. Admin filter ~~~~~~~~~~~~ @@ -222,7 +230,7 @@ When I try to synchronize AD/LDAP, why does the status show as ``Pending`` and n Go to **System Console > Authentication > AD/LDAP** to open the AD/LDAP wizard, navigate to the **Connection Settings** section, and make sure that the **Enable Synchronization with AD/LDAP** setting is set to **true**. -If the issue persists, try selecting the **Test Filters** button to test that the User Filter is correctly formatted. Refer to this :ref:`document ` for guidance on setting a correct syntax format. +If the issue persists, try selecting the **Test Filters** button to test that the User Filter is correctly formatted. Refer to this :ref:`document ` for guidance on setting a correct syntax format. Make sure that you also have at least one AD/LDAP user in Mattermost or the synchronization will not complete. @@ -232,7 +240,7 @@ What's the difference between the Username Attribute, ID Attribute, and Login ID There are three AD/LDAP attributes that apear to be similar but serve a different purpose: 1. **Username Attribute:** Used within the Mattermost user interface to identify and mention users. For example, if **Username Attribute** is set to ``john.smith``, a user typing ``@john`` will see ``@john.smith`` in their autocomplete options and posting a message with ``@john.smith`` will send a notification to that user that they’ve been mentioned. -2. **ID Attribute:** Used as the unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change, such as ``ObjectGUID``. If a user's ID attribute changes, it will create a new Mattermost account unassociated with their old one. If you need to change this field after users have already logged in, use the :ref:`mattermost ldap idmigrate mmctl tool `. +2. **ID Attribute:** Used as the unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change, such as ``ObjectGUID``. If a user's ID attribute changes, it will create a new Mattermost account unassociated with their old one. If you need to change this field after users have already logged in, use the :ref:`mattermost ldap idmigrate mmctl tool `. 3. **Login ID Attribute:** The attribute in the AD/LDAP server used to log in to Mattermost. Normally this attribute is the same as the **Username Attribute** field above, or another field that users can easily remember. How do I deactivate users? @@ -243,7 +251,7 @@ If a user has logged into Mattermost through AD/LDAP or SAML, you can choose how There are three main ways to do this: 1. **User deletion:** If the user is completely removed from the AD/LDAP server, they will be deactivated in Mattermost on the next synchronization. -2. **User filter:** Set the :ref:`user filter ` to only select the subset of AD/LDAP users you want to have access to Mattermost. When someone is removed from the selected group, they will be deactivated in Mattermost on the next synchronization. +2. **User filter:** Set the :ref:`user filter ` to only select the subset of AD/LDAP users you want to have access to Mattermost. When someone is removed from the selected group, they will be deactivated in Mattermost on the next synchronization. 3. **Manually deactivate**: Go to **System Console > User Management > Users**, select a user's role, and select **Deactivate**. When you manually deactivate a user, they can reactivate themselves by logging back in. For AD/LDAP, to filter out deactivated users you must set the user filter to: @@ -275,7 +283,7 @@ I see the error ``User not registered on AD/LDAP server`` This means the query sent back to the AD/LDAP server returned no results. We recommend that you: -1. Check that the user credentials were entered properly - you should log in with the field set as the :ref:`*ID Attribute* `. +1. Check that the user credentials were entered properly - you should log in with the field set as the :ref:`*ID Attribute* `. 2. Check that the user account exists in the AD/LDAP server. 3. Check the AD/LDAP configuration settings are correct. @@ -288,7 +296,7 @@ If the user can no longer log in to Mattermost with their AD/LDAP credentials - The issue can be fixed by changing the value of the field used for the **ID Attribute** back to the old value. If you're currently using a field that sometimes changes for an **ID Attribute** (e.g. username, email that changes when someone gets married), we recommend you switch to using a non-changing field such as a GUID. -To do this, you can set the :ref:`Login ID Attribute ` to whatever you would like users to log in with (e.g. username or email). +To do this, you can set the :ref:`Login ID Attribute ` to whatever you would like users to log in with (e.g. username or email). .. note:: Currently the value is case sensitive. If the **ID Attribute** is set to the username and the username changes from ``John.Smith`` to ``john.smith``, the user will experience problems logging in. @@ -298,7 +306,7 @@ I see the log error ``LDAP Result Code 4 "Size Limit Exceeded"`` This indicates that your AD/LDAP server configuration has a maximum page size set and the query coming from Mattermost is returning a result set in excess of that limit. -To address this issue you can set the :ref:`max page size ` in your Mattermost configuration to match the limit on your AD/LDAP server. This will return a sequence of result sets that do not exceed the max page size, rather than returning all results in a single query. A max page size setting of 1500 is recommended. +To address this issue you can set the :ref:`max page size ` in your Mattermost configuration to match the limit on your AD/LDAP server. This will return a sequence of result sets that do not exceed the max page size, rather than returning all results in a single query. A max page size setting of 1500 is recommended. If the error is still occurring, it is likely that no AD/LDAP users have logged into Mattermost yet. Ensure that at least one AD/LDAP user has logged into Mattermost and re-run the synchronization. The error should disappear at that point. diff --git a/source/administration-guide/onboard/managing-team-channel-membership-using-ad-ldap-sync-groups.rst b/source/administration-guide/identity-access/authentication-methods/active-directory/managing-team-channel-membership-using-ad-ldap-sync-groups.rst similarity index 84% rename from source/administration-guide/onboard/managing-team-channel-membership-using-ad-ldap-sync-groups.rst rename to source/administration-guide/identity-access/authentication-methods/active-directory/managing-team-channel-membership-using-ad-ldap-sync-groups.rst index 2a3c753b4bc..ebe1bc0d0e9 100644 --- a/source/administration-guide/onboard/managing-team-channel-membership-using-ad-ldap-sync-groups.rst +++ b/source/administration-guide/identity-access/authentication-methods/active-directory/managing-team-channel-membership-using-ad-ldap-sync-groups.rst @@ -3,10 +3,10 @@ Using AD/LDAP synchronized groups to manage team or private channel membership ------------------------------------------------------------------------------ -.. include:: ../../_static/badges/ent-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -Mattermost groups created with :doc:`synchronized AD/LDAP groups ` can be used to manage the membership of private teams and private channels. When a team or private channel is managed by synchronized groups, users will be added and removed based on their membership to the synchronized AD/LDAP group. +Mattermost groups created with :doc:`synchronized AD/LDAP groups ` can be used to manage the membership of private teams and private channels. When a team or private channel is managed by synchronized groups, users will be added and removed based on their membership to the synchronized AD/LDAP group. For instance, you may have an AD/LDAP group that contains your development team that you want to synchronize to a developer team. By using this feature, new developers will get added to the team when they are added to the synchronized AD/LDAP group and they will be removed from the team when removed from the AD/LDAP group. @@ -39,9 +39,9 @@ To manage membership of a private team with synchronized groups: Alternatively you can use the mmctl tools to set the team to be managed by groups: -1. Ensure there's at least one group already associated to the team. You can view and add default teams to a group via **System Console > User Management > Groups > Group Configuration**. See the :ref:`mmctl group team list ` documentation for more information on adding default teams and channels and confirming whether if there is already a group associated to the team. +1. Ensure there's at least one group already associated to the team. You can view and add default teams to a group via **System Console > User Management > Groups > Group Configuration**. See the :ref:`mmctl group team list ` documentation for more information on adding default teams and channels and confirming whether if there is already a group associated to the team. 2. Ensure **Team Settings > General > Allow any user with an account on this server to join this team** is set to ``No``. -3. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group team enable ` command. +3. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group team enable ` command. To manage membership of a private channel with synchronized groups: @@ -54,8 +54,8 @@ To manage membership of a private channel with synchronized groups: Alternatively you can use the mmctl tool to set a private channel to be managed by groups: -1. Ensure there's at least one group already associated to the channel. You can view and add default channels to a group via **System Console > User Management > Groups > Group Configuration**. See our :ref:`AD/LDAP ` documentation for more information on adding default teams and channels. Additionally, you can use the mmctl to view if there is already a group associated to the channel by running the :ref:`mmctl group channel list ` command. -2. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group channel enable ` command. +1. Ensure there's at least one group already associated to the channel. You can view and add default channels to a group via **System Console > User Management > Groups > Group Configuration**. See our :ref:`AD/LDAP ` documentation for more information on adding default teams and channels. Additionally, you can use the mmctl to view if there is already a group associated to the channel by running the :ref:`mmctl group channel list ` command. +2. Convert the team to have its membership managed by synchronized groups by running the :ref:`mmctl group channel enable ` command. Add or remove groups from teams ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -90,16 +90,16 @@ If the user is removed from a synchronized group and later readded to the group, Disabling group synchronized management of teams and private channels ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -To remove the management of members by synchronized groups in a team, disable **Sync Group Members** under **System Console > User Management > Teams > Team Management**, or run the :ref:`mmctl group team disable ` command. +To remove the management of members by synchronized groups in a team, disable **Sync Group Members** under **System Console > User Management > Teams > Team Management**, or run the :ref:`mmctl group team disable ` command. -To remove the management of members by synchronized groups in a channel, disable **Sync Group Members** under **System Console > User Management > Channels > Channel Management**, or run the :ref:`mmctl group channel disable ` command. +To remove the management of members by synchronized groups in a channel, disable **Sync Group Members** under **System Console > User Management > Channels > Channel Management**, or run the :ref:`mmctl group channel disable ` command. Frequently asked questions ^^^^^^^^^^^^^^^^^^^^^^^^^^ **Why aren’t public channels supported with this feature?** -Public channels are available to all members to discover and join. Managing membership with synchronized groups removes the ability for public channels to be accessible to users on the team. Private channels typically require a more controlled membership management, which is why this feature applies to Private channels. Groups can be assigned to public teams and public channels as described in :ref:`this documentation `. +Public channels are available to all members to discover and join. Managing membership with synchronized groups removes the ability for public channels to be accessible to users on the team. Private channels typically require a more controlled membership management, which is why this feature applies to Private channels. Groups can be assigned to public teams and public channels as described in :ref:`this documentation `. **Does a team with its membership managed by groups have any effect on Public channel access?** diff --git a/source/administration-guide/identity-access/authentication-methods/saml-based-sso/saml-based-sso-index.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/saml-based-sso-index.rst new file mode 100644 index 00000000000..65e74f39234 --- /dev/null +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/saml-based-sso-index.rst @@ -0,0 +1,23 @@ +SAML-based SSO +============== + +Use :doc:`SAML 2.0 ` to authenticate users with your identity provider. Follow provider-specific guides and supporting references to plan, implement, and troubleshoot SAML SSO for :doc:`Microsoft ADFS for Windows Server 2012 `, :doc:`Microsoft ADFS using Microsoft Windows Server 2016 `, :doc:`OneLogin `, :doc:`Okta `, and :doc:`Keycloak `. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + sso-saml + sso-saml-before-you-begin + sso-saml-adfs + sso-saml-adfs-msws2016 + sso-saml-okta + sso-saml-onelogin + sso-saml-keycloak + sso-saml-ldapsync + sso-saml-technical + sso-saml-faq + +You can :doc:`configure SAML synchronization with AD/LDAP ` to keep user attributes up to date, manage account deactivation, and override SAML data to ensure user attributes are consistent across systems. + +See :doc:`SAML SSO technical guidance ` for additional information, including troubleshooting tips, frequently asked questions, and examples for both requests and responses. \ No newline at end of file diff --git a/source/administration-guide/onboard/sso-saml-adfs-msws2016.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs-msws2016.rst similarity index 84% rename from source/administration-guide/onboard/sso-saml-adfs-msws2016.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs-msws2016.rst index 66a0ec4717a..2c8b123e174 100644 --- a/source/administration-guide/onboard/sso-saml-adfs-msws2016.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs-msws2016.rst @@ -21,37 +21,37 @@ Add a relying party trust 1. Open the ADFS management snap-in, then select **AD FS > Relying Party Trusts > Add Relying Party Trust** from the right sidebar. You can also right-click **Relying Party Trusts**, then select **Add Relying Party Trust** from the context menu. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_000.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_000.png 2. On the **Welcome** screen of the configuration wizard, select **Claims aware**, then select **Start**. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_001.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_001.png 3. On the **Select Data Source** screen, select **Enter data about the relying party manually**. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_002.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_002.png 4. On the **Specify Display Name** screen, enter a **Display Name** (e.g., ``Mattermost``). You can add optional notes. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_003.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_003.png 5. On the **Configure Certificate** screen, leave the certificate settings at their default values. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_004.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_004.png If you would like to set up encryption for your SAML connection, select **Browse**, then upload your Service Provider Public Certificate. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_005.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_005.png -6. On the **Configure URL** screen, select **Enable Support for the SAML 2.0 WebSSO protocol**, then enter the **SAML 2.0 SSO service URL** in the following format:``https:///login/sso/saml`` where ```` should typically match the :ref:`Mattermost Site URL `. +6. On the **Configure URL** screen, select **Enable Support for the SAML 2.0 WebSSO protocol**, then enter the **SAML 2.0 SSO service URL** in the following format:``https:///login/sso/saml`` where ```` should typically match the :ref:`Mattermost Site URL `. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_006.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_006.png -7. On the **Configure Identifiers** screen, enter the **Relying party trust identifier**. This identifies the claims being requested. The **SAML 2.0 SSO service URL** format should be ``https:///login/sso/saml`` where ```` matches your :ref:`Mattermost Site URL `. Then choose **Next**. +7. On the **Configure Identifiers** screen, enter the **Relying party trust identifier**. This identifies the claims being requested. The **SAML 2.0 SSO service URL** format should be ``https:///login/sso/saml`` where ```` matches your :ref:`Mattermost Site URL `. Then choose **Next**. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_007.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_007.png - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_008.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_008.png This string must match the **Service Provider Identifier** string. For more information about the Relying party trust identifier and how prefix matching is applied see `this documentation `_. @@ -59,26 +59,26 @@ Add your **SAML 2.0 SSO service URL** using this same process. 8. On the **Choose Access Control Policy** screen, select the access control policy suitable for your environment. This guide assumes the default values **Permit everyone** and an unchecked box. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_009.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_009.png 9. On the **Ready to Add Trust** screen, review your settings. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_010.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_010.png 10. On the **Finish** screen, select **Configure claims issuance policy for this application**, then select **Close**. - .. image:: ../../images/SSO-SAML-ADFS_add-new-relying-party-trust_011.png + .. image:: /images/SSO-SAML-ADFS_add-new-relying-party-trust_011.png Create claim rules ------------------ 1. In the **Issuance Transform Rules** tab of the **Claim Rules** editor, select **Add Rule…**. - .. image:: ../../images/SSO-SAML-ADFS_create-claim-rules_001.png + .. image:: /images/SSO-SAML-ADFS_create-claim-rules_001.png 2. On the **Choose Rule Type** screen, select **Send LDAP Attributes as Claims** from the drop-down menu, then select **Next**. - .. image:: ../../images/SSO-SAML-ADFS_create-claim-rules_002.png + .. image:: /images/SSO-SAML-ADFS_create-claim-rules_002.png 3. On the **Configure Claim Rule** screen, enter a **Claim Rule Name** of your choice, select **Active Directory** as the **Attribute Store**, then add the following mapping: @@ -94,13 +94,13 @@ Select **Finish** to add the rule. The entries in the **Outgoing Claim Type** column can be modified. The entries may contain dashes but no spaces. They are used to map the corresponding fields in Mattermost. - .. image:: ../../images/SSO-SAML-ADFS_create-claim-rules_003.png + .. image:: /images/SSO-SAML-ADFS_create-claim-rules_003.png 4. Select **Add Rule** to create another new rule. 5. On the **Choose Rule Type** screen, select **Transform an Incoming Claim** from the drop-down menu, then select **Next**. - .. image:: ../../images/SSO-SAML-ADFS_create-claim-rules_004.png + .. image:: /images/SSO-SAML-ADFS_create-claim-rules_004.png 6. On the **Configure Claim Rule** screen, enter a **Claim Rule Name** of your choice, then: @@ -129,29 +129,29 @@ Next, export the identity provider certificate, which will be later uploaded to 1. Open the ADFS management snap-in, select **AD FS > Service > Certificates**, then double-click on the certificate under **Token-signing**. You can also right-click the field, then select **View Certificate** in the context menu. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_001.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_001.png 2. On the **Certificate** screen, open the **Details** tab, select **Copy to File**, then select **OK**. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_003.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_003.png 3. On the **Certificate Export Wizard** screen, select **Next**. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_004.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_004.png 4. Select **Base-64 encoded X.509 (.CER)**, then select **Next** again. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_005.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_005.png 5. On the **Certificate Export Wizard** screen, select **Browse** to specify the location where you want the Identity Provider Certificate to be exported, then specify the file name. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_006.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_006.png 6. Select **Save**. On the **Certificate Export Wizard** screen, verify the file path is correct, then select **Next**. 7. In the **Completing the Certificate Export Wizard**, select **Finish**, then select **OK** to confirm the export was successful. - .. image:: ../../images/SSO-SAML-ADFS_export-id-provider-cert_007.png + .. image:: /images/SSO-SAML-ADFS_export-id-provider-cert_007.png Configure SAML Sign-On for Mattermost -------------------------------------- @@ -172,14 +172,14 @@ If you don't plan to use a metadata URL, you can manually enter the following fi - For **Identity Provider Issuer URL** use the ``Relying party trust identifier`` from ADFS. - For **Identity Provider Public Certificate** use the``X.509 Public Certificate``. - .. image:: ../../images/SSO-SAML-ADFS_configure-saml_001.png + .. image:: /images/SSO-SAML-ADFS_configure-saml_001.png 2. Configure Mattermost to verify the signature. - Set **Verify Signature** to ``true``. - For **Service Provider Login URL** use the ``SAML 2.0 SSO service URL`` you specified in ADFS. - .. image:: ../../images/SSO-SAML-ADFS_configure-saml_002.png + .. image:: /images/SSO-SAML-ADFS_configure-saml_002.png 3. Enable encryption. @@ -188,13 +188,13 @@ If you don't plan to use a metadata URL, you can manually enter the following fi - For **Service Provider Public Certificate** use the Service Provider Public Certificate you generated at the start of this process. - Set **Sign Request** to suit your environment. - .. image:: ../../images/SSO-SAML-ADFS_configure-saml_003.png + .. image:: /images/SSO-SAML-ADFS_configure-saml_003.png 4. Set attributes for the SAML Assertions, which will be used to update user information in Mattermost. Attributes for email and username are required and should match the values you entered in ADFS earlier. See :ref:`documentation on SAML configuration settings ` for more detail. For Mattermost servers running 3.3 and earlier, the first name and last name attributes are also required fields. - .. image:: ../../images/SSO-SAML-ADFS_configure-saml_004.png + .. image:: /images/SSO-SAML-ADFS_configure-saml_004.png 5. Select **Save**. diff --git a/source/administration-guide/onboard/sso-saml-adfs.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs.rst similarity index 84% rename from source/administration-guide/onboard/sso-saml-adfs.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs.rst index 1621f953c99..252bc4b6491 100644 --- a/source/administration-guide/onboard/sso-saml-adfs.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs.rst @@ -19,66 +19,66 @@ Add a relying party trust 1. In the ADFS management sidebar, go to **AD FS > Trust Relationships > Relying Party Trusts**, then select **Add Relying Party Trust**. A configuration wizard opens for adding a new relying party trust. - .. image:: ../../images/adfs_1_add_new_relying_party_trust.png +.. image:: /images/adfs_1_add_new_relying_party_trust.png 2. On the **Welcome** screen, select **Start**. - .. image:: ../../images/adfs_2_start_wizard.png +.. image:: /images/adfs_2_start_wizard.png 3. On the **Select Data Source** screen, select **Enter data about the relying party manually**. - .. image:: ../../images/adfs_3_select_data_source.png +.. image:: /images/adfs_3_select_data_source.png 4. On the **Specify Display Name** screen, enter a **Display Name** to recognize the trust, such as ``Mattermost``, then add any notes you want to make. - .. image:: ../../images/adfs_4_specify_display_name.png +.. image:: /images/adfs_4_specify_display_name.png 5. On the **Choose Profile** screen, select **AD FS profile**. - .. image:: ../../images/adfs_5_choose_profile.png +.. image:: /images/adfs_5_choose_profile.png 6. On the **Configure Certificate** screen, leave the certificate settings at their default values. - .. image:: ../../images/adfs_6_configure_certificate_default.png +.. image:: /images/adfs_6_configure_certificate_default.png However, if you would like to set up encryption for your SAML connection, select **Browse**, then upload your Service Provider Public Certificate. - .. image:: ../../images/adfs_7_configure_certificate_encryption.png +.. image:: /images/adfs_7_configure_certificate_encryption.png -7. On the **Configure URL** screen, select **Enable Support for the SAML 2.0 WebSSO protocol**, then enter the **SAML 2.0 SSO service URL**, similar to ``https:///login/sso/saml`` where ```` should typically match the :ref:`Mattermost Site URL `. +7. On the **Configure URL** screen, select **Enable Support for the SAML 2.0 WebSSO protocol**, then enter the **SAML 2.0 SSO service URL**, similar to ``https:///login/sso/saml`` where ```` should typically match the :ref:`Mattermost Site URL `. - .. image:: ../../images/adfs_8_configure_url.png +.. image:: /images/adfs_8_configure_url.png 8. On the **Configure Identifiers** screen, enter the **Relying party trust identifier** (also known as the **Identity Provider Issuer URL**) of the form ``https:///adfs/services/trust``, then click **Add**. - .. image:: ../../images/adfs_9_configure_identifiers.png +.. image:: /images/adfs_9_configure_identifiers.png 9. On the **Configure Multi-factor Authentication Now** screen, you may enable multi-factor authentication. This is beyond the scope of this documentation. - .. image:: ../../images/adfs_10_configure_mfa.png +.. image:: /images/adfs_10_configure_mfa.png 10. On the **Choose Issuance Authorization Rules** screen, select **Permit all users to access this relying party**. - .. image:: ../../images/adfs_11_authorization.png +.. image:: /images/adfs_11_authorization.png 11. On the **Ready to Add Trust** screen, review your settings. - .. image:: ../../images/adfs_12_ready_to_add_trust.png +.. image:: /images/adfs_12_ready_to_add_trust.png 12. On the **Finish** screen, select **Open the Edit Claim Rules dialog for this relying party trust when the wizard closes**, then select **Close**. You exit the configuration wizard, and a **Claim Rules** editor opens. - .. image:: ../../images/adfs_13_finish_trust.png + .. image:: /images/adfs_13_finish_trust.png Create claim rules ------------------ 1. In the **Issuance Transform Rules** section of the **Claim Rules** editor, select **Add Rule…** to open an **Add Transform Claim Rule Wizard**. - .. image:: ../../images/adfs_14_claim_rules_editor.png +.. image:: /images/adfs_14_claim_rules_editor.png 2. On the **Choose Rule Type** screen, select **Send LDAP Attributes as Claims** from the drop-down menu, then select **Next**. - .. image:: ../../images/adfs_15_choose_rule_type.png +.. image:: /images/adfs_15_choose_rule_type.png 3. In the **Configure Claim Rule** screen, enter a **Claim Rule Name** of your choice, select **Active Directory** as the **Attribute Store**, then complete the following: @@ -94,13 +94,13 @@ Select **Finish** to add the rule. Note that the entries in the **Outgoing Claim Type** column can be chosen to be something else. They can contain dashes but no spaces. They will be used to map the corresponding fields in Mattermost later. - .. image:: ../../images/adfs_16_configure_claim_rule.png +.. image:: /images/adfs_16_configure_claim_rule.png 4. Create another new rule by selecting **Add Rule**. 5. On the **Choose Rule Type** screen, select **Transform an Incoming Claim** from the drop-down menu, then select **Next**. - .. image:: ../../images/adfs_17_transformation_of_incoming_claim.png +.. image:: /images/adfs_17_transformation_of_incoming_claim.png 6. On the **Configure Claim Rule** screen, enter a **Claim Rule Name** of your choice, then: @@ -110,7 +110,7 @@ Note that the entries in the **Outgoing Claim Type** column can be chosen to be Select **Pass through all claim values**, then select **Finish**. - .. image:: ../../images/adfs_18_configure_incoming_claim.png +.. image:: /images/adfs_18_configure_incoming_claim.png 7. Select **Finish** to create the claim rule, then select **OK** to finish creating rules. @@ -129,25 +129,25 @@ Next, export the identity provider certificate, which will be later uploaded to 1. In the ADFS management sidebar, go to **AD FS > Service > Certificates**, then double click on the certificate under **Token-signing**. Alternatively, you can right-click on the field, then select **View Certificate**. - .. image:: ../../images/adfs_19_export_idp_cert_start.png +.. image:: /images/adfs_19_export_idp_cert_start.png 2. On the **Certificate** screen, go to the **Details** tab, then select **Copy to File**, followed by **OK**. This opens a **Certificate Export Wizard**. - .. image:: ../../images/adfs_20_export_idp_cert_copy.png +.. image:: /images/adfs_20_export_idp_cert_copy.png 3. On the **Certificate Export Wizard** screen, select **Next**, then, select the option **Base-64 encoded X.509 (.CER)**, and select **Next** again. - .. image:: ../../images/adfs_21_export_idp_cert_wizard.png +.. image:: /images/adfs_21_export_idp_cert_wizard.png 4. On the **Certificate Export Wizard** screen, select **Browse** to specify the location where you want the Identity Provider Certificate to be exported, then specify the file name. - .. image:: ../../images/adfs_21-2_export_idp_cert_wizard.png +.. image:: /images/adfs_21-2_export_idp_cert_wizard.png 5. Select **Save**. In the **Certificate Export Wizard** screen, verify the file path is correct, then select **Next**. 6. In the **Completing the Certificate Export Wizard**, select **Finish**, then select **OK** to confirm the export was successful. - .. image:: ../../images/adfs_21-3_export_idp_cert_wizard.png +.. image:: /images/adfs_21-3_export_idp_cert_wizard.png Configure SAML Sign-On for Mattermost -------------------------------------- @@ -163,15 +163,15 @@ Alternatively you can enter the following fields manually: - **Identity Provider Issuer URL**: ``Relying party trust identifier`` from ADFS you specified earlier. - **Identity Provider Public Certificate**: ``X.509 Public Certificate`` you downloaded earlier. - .. image:: ../../images/adfs_22_mattermost_basics.png +.. image:: /images/adfs_22_mattermost_basics.png 2. Configure Mattermost to verify the signature. The **Service Provider Login URL** is the SAML 2.0 SSO service URL you specified in ADFS earlier. - .. image:: ../../images/adfs_23_mattermost_verification.png +.. image:: /images/adfs_23_mattermost_verification.png 3. Enable encryption by uploading the Service Provider Private Key and Service Provider Public Certificate you generated earlier. - .. image:: ../../images/adfs_24_mattermost_encryption.png +.. image:: /images/adfs_24_mattermost_encryption.png 4. Configure Mattermost to sign SAML requests using the Service Provider Private Key. @@ -179,11 +179,11 @@ Alternatively you can enter the following fields manually: For Mattermost servers running 3.3 and earlier, the ``FirstName`` and ``LastName`` attributes are also required fields. - .. image:: ../../images/adfs_25_mattermost_attributes.png +.. image:: /images/adfs_25_mattermost_attributes.png 6. (Optional) Customize the login button text. - .. image:: ../../images/adfs_26_mattermost_login_button.png +.. image:: /images/adfs_26_mattermost_login_button.png 7. Select **Save**. diff --git a/source/administration-guide/onboard/sso-saml-before-you-begin.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-before-you-begin.rst similarity index 100% rename from source/administration-guide/onboard/sso-saml-before-you-begin.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-before-you-begin.rst diff --git a/source/administration-guide/onboard/sso-saml-faq.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-faq.rst similarity index 93% rename from source/administration-guide/onboard/sso-saml-faq.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-faq.rst index 61a370ab999..37a6bf54c46 100644 --- a/source/administration-guide/onboard/sso-saml-faq.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-faq.rst @@ -40,12 +40,12 @@ However, IWA is not supported on the Mattermost Desktop Apps due to a limitation Can I provision and deprovision users who log in via SAML? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Yes, but this relies on AD/LDAP to do so. Currently, we do not support SCIM. See :ref:`"How do I deactivate users?" ` for more information. +Yes, but this relies on AD/LDAP to do so. Currently, we do not support SCIM. See :ref:`"How do I deactivate users?" ` for more information. How do I migrate users from one authentication method (e.g. email) to SAML? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -See the :ref:`mmctl user migrate-auth ` command documentation for details. +See the :ref:`mmctl user migrate-auth ` command documentation for details. How is SAML different from OAuth 2.0 and OpenId Connect? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/onboard/sso-saml-keycloak.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-keycloak.rst similarity index 86% rename from source/administration-guide/onboard/sso-saml-keycloak.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-keycloak.rst index b06dff7120f..162e0725566 100644 --- a/source/administration-guide/onboard/sso-saml-keycloak.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-keycloak.rst @@ -1,7 +1,7 @@ Configure SAML with Keycloak ============================ -.. include:: ../../_static/badges/ent-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: The following process provides steps to configure SAML with Keycloak for Mattermost. @@ -37,7 +37,7 @@ Set up a connection app for Mattermost SSO - **Force Name ID format**: **On** - **Sign Documents**: **Off** - .. image:: ../../images/keycloak_1_client_settings.png +.. image:: /images/keycloak_1_client_settings.png :alt: In Keycloak, create the Mattermost client, specify the Client ID and Client Protocol, then save your changes. 6. Navigate to the **Keys** tab. @@ -59,7 +59,7 @@ Set up a connection app for Mattermost SSO .. note:: In the image below, we used `Mattermost` for the `Realm Certificate Alias`. You should use your Realm Name here, as it's designed to identify what this certificate is within your Keycloak realm. - .. image:: ../../images/keycloak_2_saml_keys.png +.. image:: /images/keycloak_2_saml_keys.png :alt: In Keycloak, on the Keys tab, generate new keys, export using the values documented, then select Download. 7. Navigate to the **Client scopes** tab. @@ -69,7 +69,7 @@ Set up a connection app for Mattermost SSO c. Select the **X500 email**, **X500 givenName**, and **X500 surname** attributes. d. Click **Add**. - .. image:: ../../images/keycloak_3_add_builtins.png +.. image:: /images/keycloak_3_add_builtins.png :alt: In Keycloak, on the Mappers tab, add default attributes 8. Add the username and ID attribute. @@ -83,12 +83,12 @@ Set up a connection app for Mattermost SSO e. Select **Save**. f. Repeat the above steps and use the property of ``id`` to create the ID Attribute. - .. image:: ../../images/keycloak_4_create_username_attribute.png +.. image:: /images/keycloak_4_create_username_attribute.png :alt: In Keycloak, on the Mappers tab, create a protocol mapper, then save your changes. Once done your Mappers should look like this: - .. image:: ../../images/keycloak_4_create_username_attribute_finished.png - :alt: Example of protocol mapper configuration. +.. image:: /images/keycloak_4_create_username_attribute_finished.png + :alt: Example of protocol mapper configuration. 9. Get the metadata URL from Keycloak: @@ -96,7 +96,7 @@ Set up a connection app for Mattermost SSO a. Within your Realm, select **Realm Settings**. b. At the bottom of the **General** tab you should see a **SAML 2.0 Identity Provider Metadata** endpoint. Right-click and copy this URL. Store for the next step. - .. image:: ../../images/keycloak_9_export_metadata.png +.. image:: /images/keycloak_9_export_metadata.png :alt: Within your Realm, select Realm Settings. At the bottom of the General tab, you should see a SAML 2.0 Identify Provider Metadata endpoint. Copy this URL for the next step. Configure SAML for Mattermost @@ -106,9 +106,9 @@ Configure SAML for Mattermost 2. Set the **Identity Provider Metadata URL** to the value you copied from the step above and select **Get SAML Metadata from IdP**. The metadata import will populate fields related to your Keycloak configuration. - If you have any issues with this import, you can check the ``mattermost.log`` file for more information. :ref:`Enable debug logging ` and try again. + If you have any issues with this import, you can check the ``mattermost.log`` file for more information. :ref:`Enable debug logging ` and try again. - .. image:: ../../images/keycloak_10_get_metadata.png +.. image:: /images/keycloak_10_get_metadata.png :alt: In Mattermost, configure SAML in the System Console by going to Authentication > SAML. Set the Identity Provider Metadata URL to the value you copied in the previous step. When you select Get SAML Metadata from IdP, fields related to your Keycloak configuration are populated. 3. Set the below fields: @@ -119,7 +119,7 @@ Configure SAML for Mattermost The Service Provider Identifier will match the **Client ID** that you configured in the second Keycloak step. - .. image:: ../../images/keycloak_5_mattermost_config.png +.. image:: /images/keycloak_5_mattermost_config.png :alt: In the System Console, configure SAML as documented, where the Service Provider Identifier matches the Client ID you configured in Keycloak. 4. Configure the Encryption using the key you downloaded in step 6 of the Keycloak config. @@ -137,23 +137,23 @@ Configure SAML for Mattermost - **Service Provider Private Key**: ``mattermost.key`` - **Service Provider Private Certificate**: ``mattermost.crt`` - .. image:: ../../images/keycloak_6_mattermost_encryption.png +.. image:: /images/keycloak_6_mattermost_encryption.png :alt: In the System Console, upload both the Service Provider Private Key and the Service Provider Private Certificate. 5. (Optional) Set up request signing with the below parameters. - .. image:: ../../images/keycloak_7_mattermost_request_signing.png +.. image:: /images/keycloak_7_mattermost_request_signing.png :alt: In the System Console, you can optionally request signing with configured parameters. 6. Set attributes for the SAML Assertions, which will update user information in Mattermost. - The attributes below are from steps 7 and 8 above. These values must be the **SAML Attribute Name** within Keycloak. See :ref:`documentation on SAML configuration settings ` for more details. + The attributes below are from steps 7 and 8 above. These values must be the **SAML Attribute Name** within Keycloak. See :ref:`documentation on SAML configuration settings ` for more details. - **Email Attribute**: ``email`` - **Username Attribute**: ``username`` - **Id Attribute**: ``id`` - .. image:: ../../images/keycloak_8_mattermost_attributes.png +.. image:: /images/keycloak_8_mattermost_attributes.png :alt: Set attributes for the SAML assertions which updates user information in Mattermost. 7. Select **Save**. @@ -162,7 +162,7 @@ You’re done! If you’d like to confirm SAML SSO is successfully enabled, swit It's also recommended to post an announcement about how the migration will work for users. -You may also configure SAML for Keycloak by editing ``config.json``. Before starting the Mattermost server, edit ``config.json`` to enable SAML based on :ref:`SAML configuration settings `. You must restart the Mattermost server for the changes to take effect. +You may also configure SAML for Keycloak by editing ``config.json``. Before starting the Mattermost server, edit ``config.json`` to enable SAML based on :ref:`SAML configuration settings `. You must restart the Mattermost server for the changes to take effect. .. include:: sso-saml-ldapsync.rst :start-after: :nosearch: diff --git a/source/administration-guide/onboard/sso-saml-ldapsync.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-ldapsync.rst similarity index 91% rename from source/administration-guide/onboard/sso-saml-ldapsync.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-ldapsync.rst index f4efe2b692f..4150b25db24 100644 --- a/source/administration-guide/onboard/sso-saml-ldapsync.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-ldapsync.rst @@ -14,7 +14,7 @@ To configure SAML synchronization with AD/LDAP: 1. Go to **System Console > Authentication > SAML 2.0**, then set **Enable Synchronizing SAML Accounts With AD/LDAP** to **true**. 2. Go to **System Console > Authentication > AD/LDAP** to open the AD/LDAP wizard, navigate to the **Connection Settings** section, then set **Enable Synchronization with AD/LDAP** to **true**. 3. To ignore guest users when sychronizing, go to **System Console > Authentication > SAML 2.0**, then set **Ignore Guest Users when Synchronizing with AD/LDAP** to **true**. -4. Set the rest of the AD/LDAP settings based on :ref:`configuration settings documentation ` to connect Mattermost with your AD/LDAP server. +4. Set the rest of the AD/LDAP settings based on :ref:`configuration settings documentation ` to connect Mattermost with your AD/LDAP server. - If you don't want to enable AD/LDAP sign-in, go to **System Console > Authentication > AD/LDAP** wizard, navigate to the **Connection Settings** section, then set **Enable sign-in with AD/LDAP** to **false**. @@ -40,12 +40,12 @@ To re-activate the account: In particular, the user filter cannot be used to control who can log in to Mattermost, this should be controlled by your SAML service provider's group permissions. -See :ref:`technical description of SAML synchronization with AD/LDAP ` for more details. +See :ref:`technical description of SAML synchronization with AD/LDAP ` for more details. Override SAML data with AD/LDAP data ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Alternatively, you can choose to override SAML bind data with AD/LDAP information. For more information on binding a user with the SAML ID Attribute, please refer to this :ref:`documentation `. +Alternatively, you can choose to override SAML bind data with AD/LDAP information. For more information on binding a user with the SAML ID Attribute, please refer to this :ref:`documentation `. This process overrides SAML email address with AD/LDAP email address data or SAML Id Attribute with AD/LDAP Id Attribute if configured. We recommend using this configuration with the SAML ID Attribute to help ensure new users are not created when the email address changes for a user. diff --git a/source/administration-guide/onboard/sso-saml-okta.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-okta.rst similarity index 85% rename from source/administration-guide/onboard/sso-saml-okta.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-okta.rst index 56d85e8d6ac..874a328c3be 100644 --- a/source/administration-guide/onboard/sso-saml-okta.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-okta.rst @@ -19,37 +19,37 @@ Set Up a connection app for Mattermost Single Sign-On 4. Select **Create New App**, then choose **SAML 2.0** as the Sign on method. - .. image:: ../../images/okta_1_new_app.png + .. image:: /images/okta_1_new_app.png :alt: In Okta, switch to the Classic UI, then go to the Admin Dashboard > Applications > Add Application to create a new app. Choose SAML 2.0 as the Sign on method. 5. Enter **General Settings** for the application, including **App name** and **App logo** (optional). It's recommended to display the application icon to users, including in the Okta Mobile app. If you’d like to use a Mattermost logo for the application, you can download one `from our page `__. - .. image:: ../../images/okta_2_general_settings.png + .. image:: /images/okta_2_general_settings.png :alt: In Okta, under General Settings, enter an App name and an optional logo. Mattermost recommends displaying the application icon to users and within the Okta mobile app. Select Next to continue. 6. Enter **SAML Settings**, including: - - **Single sign on URL:** ``https:///login/sso/saml`` where ``https://`` should typically match the :ref:`Mattermost Site URL `. + - **Single sign on URL:** ``https:///login/sso/saml`` where ``https://`` should typically match the :ref:`Mattermost Site URL `. - **Audience URI:** For instance, ``mattermost`` - **Name ID format:** ``unspecified`` - **Application username:** ``Email`` - .. image:: ../../images/okta_3_initial_saml_settings.png + .. image:: /images/okta_3_initial_saml_settings.png :alt: In Okta, under Configure SAML, enter required SAML settings. 7. To set up encryption for your SAML connection, select **Show Advanced Settings**. - .. image:: ../../images/okta_4_initial_saml_settings.png + .. image:: /images/okta_4_initial_saml_settings.png :alt: In Okta, under Configure SAML, set up encryption for your SAML connection by selecting Show Advanced Settings. 8. Set **Assertion Encryption** as **Encrypted**, then upload the Service Provider Public Certificate you generated earlier to the **Encryption Certificate** field. - .. image:: ../../images/okta_5_advanced_saml_settings.png + .. image:: /images/okta_5_advanced_saml_settings.png :alt: In Advanced Settings, set the Assertion Encryption as Encrypted, then upload the generated Service Provider Public Certificate to the Encryption Certificate field -9. Enter attribute statements used to map attributes between Okta and Mattermost. For more information on which attributes are configurable, see our :ref:`documentation on SAML configuration settings `. Email and username attributes are required. For SAML with Okta, an :ref:`ID attribute ` is also required, and that ID must be mapped to ``user.id``. +9. Enter attribute statements used to map attributes between Okta and Mattermost. For more information on which attributes are configurable, see our :ref:`documentation on SAML configuration settings `. Email and username attributes are required. For SAML with Okta, an :ref:`ID attribute ` is also required, and that ID must be mapped to ``user.id``. - .. image:: ../../images/okta_6_attribute_statements.png + .. image:: /images/okta_6_attribute_statements.png :alt: Enter attribute statements used to map attributes between Okta and Mattermost. Email and username attributes are required. Okta also requires an ID attribute that must be mapped to user.id. 10. Select **Next**. Then, set Okta support parameters for the application. Recommended settings: @@ -57,25 +57,25 @@ Set Up a connection app for Mattermost Single Sign-On - **I’m an Okta customer adding an internal app** - **This is an internal app that we have created** - .. image:: ../../images/okta_7_support_configuration.png + .. image:: /images/okta_7_support_configuration.png :alt: Set recommended Okta support parameters for the application, including I'm an Okta customer adding an internal app and This is an internal app that we have created. 11. Select **Finish**. -12. In the Mattermost System Console, go to **Authentication > SAML 2.0**, then set **Override SAML bind data with AD/LDAP information** to **false** if currently set to **true**. You can re-enable :ref:`this configuration setting ` later when once setup is complete. +12. In the Mattermost System Console, go to **Authentication > SAML 2.0**, then set **Override SAML bind data with AD/LDAP information** to **false** if currently set to **true**. You can re-enable :ref:`this configuration setting ` later when once setup is complete. 13. On the next screen, select the **Sign On** tab, then select **View Setup Instructions**. 14. Select the **Identity Provider metadata** link, then copy the link from the browser URL field. This will be used during the SAML configuration steps in the next section. - .. image:: ../../images/okta_8_view_instructions.png + .. image:: /images/okta_8_view_instructions.png :alt: In the Mattermost System Console, after disabling the Override SAML bind data with AD/LDAP information setting, select the Sign On tab, then select View Setup Instructions. Select the Identity Provider metadata link, then copy the link from the browser URL field to a convenient location. 15. Take note of **Identity Provider Single Sign-On URL** (also known as **SAML SSO URL**), and the Identity Provider Issuer, as both may be needed to configure SAML for Mattermost. 16. Download the X.509 Certificate file and save it. You may need to upload it to Mattermost in a later step. - .. image:: ../../images/okta_9_view_instructions.png + .. image:: /images/okta_9_view_instructions.png :alt: Download the X.509 certificate file and save it. You'll upload this certificate file to Mattermost later. @@ -91,19 +91,19 @@ Alternatively you can enter the following fields manually: - **Identity Provider Issuer URL:** ``Identity Provider Issuer`` from Okta, specified earlier. - **Identity Provider Public Certificate:** X.509 Public Certificate file you downloaded from Okta earlier. - .. image:: ../../images/okta_10_mattermost_basics.png + .. image:: /images/okta_10_mattermost_basics.png :alt: In the Mattermost System Console, go to Authentication > SAML 2.0 to manually enter the SAML SSO URL and Identity Provider Issuer URL, and upload the Identity Provider Public Certificate manually. 2. Configure Mattermost to verify the signature. The **Service Provider Login URL** is the ``Single sign on URL`` you specified in Okta earlier. - .. image:: ../../images/okta_11_mattermost_verification.png + .. image:: /images/okta_11_mattermost_verification.png :alt: On the SAML 2.0 page, configure Mattermost to verify the signature, and set the Service Provider Login ULR as the Single sign on URL configured in Okta. 3. Enable encryption based on the parameters provided earlier. - .. image:: ../../images/okta_12_mattermost_encryption.png + .. image:: /images/okta_12_mattermost_encryption.png :alt: On the SAML 2.0 page, enable encryption and upload both the Service Provider Private Key and the Service Provider Public Certificate. @@ -112,13 +112,13 @@ Alternatively you can enter the following fields manually: 5. Set attributes for the SAML Assertions used to update user information in Mattermost. - Attributes for Email, Username, and Id are required and should match the values you entered in Okta earlier. - .. image:: ../../images/okta_13_mattermost_attributes.png + .. image:: /images/okta_13_mattermost_attributes.png :alt: Set attributes for the SAML Assertions used to update user information in Mattermost. Attributes for Email, Username, and Id are required and should match the values set in Okta. 6. (Optional) Customize the login button text. - .. image:: ../../images/okta_14_mattermost_login_button.png + .. image:: /images/okta_14_mattermost_login_button.png :alt: You can customize the login button text. By default, the text displays as "With SAML". 7. Select **Save**. diff --git a/source/administration-guide/onboard/sso-saml-onelogin.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-onelogin.rst similarity index 88% rename from source/administration-guide/onboard/sso-saml-onelogin.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-onelogin.rst index 7ce03f4d0f5..7168fc59889 100644 --- a/source/administration-guide/onboard/sso-saml-onelogin.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-onelogin.rst @@ -17,12 +17,12 @@ Create a OneLogin connection app for Mattermost SSO b. Go to **Apps > Add Apps**. c. Search for "SAML Test Connector", then select **SAML Test Connector (Advanced)**. - .. image:: ../../images/onelogin_1_new_app.png + .. image:: /images/onelogin_1_new_app.png :alt: In OneLogin, go to Apps > Add Apps, search for SAML Test Connector, then select the matching result in the list d. In the **Display Name** field, enter a name for the application, then optionally upload an app icon. You can use the Mattermost logo for the icon, which you can download from `Branding Guidelines `__ page. - .. image:: ../../images/onelogin_2_basic_configuration.png + .. image:: /images/onelogin_2_basic_configuration.png :alt: Enter a display name for the application in the Display Name field. You can optionally upload an app icon. Ensure the Visible in portal option is enabled, and save your OneLogin changes. e. Make sure that the **Visible in portal** option is enabled. @@ -34,18 +34,18 @@ Create a OneLogin connection app for Mattermost SSO - **RelayState**: leave blank - **Audience**: leave blank - - **Recipient**: ``https:///login/sso/saml`` where ``https://`` should typically match the :ref:`Mattermost Site URL `. + - **Recipient**: ``https:///login/sso/saml`` where ``https://`` should typically match the :ref:`Mattermost Site URL `. - **ACS (Consumer) URL Validator**: ``https:\/\/\/login\/sso\/saml`` - **ACS (Consumer) URL**: ``https:///login/sso/saml`` - .. image:: ../../images/onelogin_3_configuration_1.png + .. image:: /images/onelogin_3_configuration_1.png :alt: In OneLogin, select the Configuration tab to configure the SSO integration with required values. - b. In System Console, :ref:`enable encryption `, then select **Save**. You're redirected to the **Info** tab. From there, select the **Configuration** tab to access the **SAML Encryption** field. + b. In System Console, :ref:`enable encryption `, then select **Save**. You're redirected to the **Info** tab. From there, select the **Configuration** tab to access the **SAML Encryption** field. c. Paste the Public Key that you generated earlier into the **SAML Encryption** field at the bottom of the page. This field displays in OneLogin only when encryption is enabled in Mattermost. - .. image:: ../../images/onelogin_4_configuration_2.png + .. image:: /images/onelogin_4_configuration_2.png :alt: In the Mattermost System Console, enable encryption and save your changes. When you return to OneLogin, return to the Configuration tab, access the SAML Encryption field, and paste the generated Public Key into the SAML Encryption field. This field isn't visible in OneLogin until encryption is enabled in Mattermost. Save your OneLogin changes. d. Select **Save**. @@ -75,25 +75,25 @@ Create a OneLogin connection app for Mattermost SSO a. Select the **Parameters** tab. b. Select **Add Parameter**. - .. image:: ../../images/onelogin_5_parameters_add.png + .. image:: /images/onelogin_5_parameters_add.png :alt: In OneLogin, select the Parameters tab, then select Add parameter. Map attribute parameters between OneLogin and Mattermost. Email attributes are required. c. In the **Field name** field, enter an attribute parameter such as ``Email``. d. Select the **Include in SAML assertion** checkbox. e. Select **Save**. - .. image:: ../../images/onelogin_6_parameters_add_2.png + .. image:: /images/onelogin_6_parameters_add_2.png :alt: For each field you map in OneLogin, ensure the Include in SAML assertion flag is enabled. f. Select **Edit**. g. In the **Value** field, select the OneLogin value that corresponds to the attribute parameter. - .. image:: ../../images/onelogin_7_parameters_add_3.png + .. image:: /images/onelogin_7_parameters_add_3.png :alt: For each field you map in OneLogin, select the OneLogin value that corresponds to the attribute parameter. h. Repeat the steps above to add any other attributes that you need. After you've added all the attributes you want to use, the parameter list should look similar to the following image: - .. image:: ../../images/onelogin_8_parameters_add_4.png + .. image:: /images/onelogin_8_parameters_add_4.png :alt: Example of attribute parameters mapped between OneLogin and Mattermost. 4. Copy the SSO information. @@ -101,13 +101,13 @@ Create a OneLogin connection app for Mattermost SSO a. Select the **SSO** tab. b. Copy the values in the **Issuer URL** and **SAML 2.0 Endpoint (HTTP)** fields, then save them for later use. - .. image:: ../../images/onelogin_9_sso.png + .. image:: /images/onelogin_9_sso.png :alt: In OneLogin, select the SSO tab, copy the Issuer URL and SAML 2.0 Endpoint (HTTP) values to a convenient location. c. Select **View Details** to view the X.509 certificate. d. Make sure that the **X.509 PEM** option is selected in the drop-down. - .. image:: ../../images/onelogin_10_sso_certificate.png + .. image:: /images/onelogin_10_sso_certificate.png :alt: On the SSO tab in OneLogin, select View Details to access the X.509 certificate. Ensure that the X.509 PEM option is selected. Select Download and save the file in a convenient location. e. Select **DOWNLOAD**, then save the file in a convenient location for later use. @@ -127,7 +127,7 @@ Configure SAML Sign-On for Mattermost a. In the **Verify Signature** field, select **True**. b. In the **Service Provider Login URL**, enter ``https///login/sso/saml``. - .. image:: ../../images/okta_11_mattermost_verification.png + .. image:: /images/okta_11_mattermost_verification.png :alt: On the System Console SAML page, enable the Verify Signature option by setting it to true, then enter your specific Service Provider Login URL based on your Mattermost URL 3. Configure Mattermost to sign SAML requests using the Service Provider Private Key. @@ -138,14 +138,14 @@ Configure SAML Sign-On for Mattermost b. In the **Service Provider Private Key** field, upload the private key that you generated earlier. c. In the **Service Provider Public Certificate** field, upload the public key that you generated earlier. - .. image:: ../../images/okta_12_mattermost_encryption.png + .. image:: /images/okta_12_mattermost_encryption.png :alt: On the System Console SAML page, enable encryption, then upload both the private and public generated keys. 5. Set attributes for the SAML Assertions, which are used for updating user information in Mattermost. The **Email Atttribute** field and the **Username Attribute** field are required, and should match the values that you entered earlier when you configured the SAML Test Connector on OneLogin. - .. image:: ../../images/okta_13_mattermost_attributes.png + .. image:: /images/okta_13_mattermost_attributes.png :alt: On the System Console SAML page, set attributes for the SAML Assertions used to update user information in Mattermost. Both Email Attribute and Username Attribute are required, and should match the values entered when configuring the SAML Test Connector in OneLogin. 6. (Optional) Customize the login button text. diff --git a/source/administration-guide/onboard/sso-saml-technical.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-technical.rst similarity index 98% rename from source/administration-guide/onboard/sso-saml-technical.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-technical.rst index cf367cc45e9..407814a06b1 100644 --- a/source/administration-guide/onboard/sso-saml-technical.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-technical.rst @@ -1,9 +1,9 @@ -.. _administration-guide/onboard/sso-saml-technical: +.. _administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-technical: SAML Single Sign-On: technical documentation ============================================ -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP), like OneLogin, to pass authorization credentials to service providers (SP), like Mattermost. diff --git a/source/administration-guide/onboard/sso-saml.rst b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml.rst similarity index 99% rename from source/administration-guide/onboard/sso-saml.rst rename to source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml.rst index c13bef3bc91..7bc84726717 100644 --- a/source/administration-guide/onboard/sso-saml.rst +++ b/source/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml.rst @@ -1,7 +1,7 @@ SAML Single Sign-On =================== -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Single sign-on (SSO) is a way for users to log into multiple applications with a single user ID and password without having to re-enter their credentials. The SAML standard allows identity providers to pass credentials to service providers. Mattermost can be configured to act as a SAML 2.0 Service Provider. diff --git a/source/administration-guide/onboard/common-converting-oauth-to-openidconnect.rst b/source/administration-guide/identity-access/authentication-methods/sso/common-converting-oauth-to-openidconnect.rst similarity index 100% rename from source/administration-guide/onboard/common-converting-oauth-to-openidconnect.rst rename to source/administration-guide/identity-access/authentication-methods/sso/common-converting-oauth-to-openidconnect.rst diff --git a/source/administration-guide/identity-access/authentication-methods/sso/convert-oauth20-service-providers-to-openidconnect.rst b/source/administration-guide/identity-access/authentication-methods/sso/convert-oauth20-service-providers-to-openidconnect.rst new file mode 100644 index 00000000000..0915286fbe4 --- /dev/null +++ b/source/administration-guide/identity-access/authentication-methods/sso/convert-oauth20-service-providers-to-openidconnect.rst @@ -0,0 +1,21 @@ +Converting OAuth 2.0 Service Providers to OpenID Connect +======================================================== + +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst + :start-after: :nosearch: + +.. include:: common-converting-oauth-to-openidconnect.rst + :start-after: :nosearch: + +Configuring OpenID Connect Single Sign-On +----------------------------------------- + +.. include:: ../../../../_static/badges/selfhosted-only.rst + :start-after: :nosearch: + +For details on configuring Mattermost to use a service provider as a Single Sign-on (SSO) service for team creation, account creation, and user sign-in using OpenID Connect, refer to the following documentation: + +- :doc:`OpenID Connect Single Sign-On ` +- :doc:`GitLab Single Sign-On ` +- :doc:`Google Apps Single Sign-On ` +- :doc:`Entra ID Single Sign-On ` diff --git a/source/administration-guide/onboard/sso-entraid.rst b/source/administration-guide/identity-access/authentication-methods/sso/sso-entraid.rst similarity index 98% rename from source/administration-guide/onboard/sso-entraid.rst rename to source/administration-guide/identity-access/authentication-methods/sso/sso-entraid.rst index c8f2f8e138d..92c7ca01d81 100644 --- a/source/administration-guide/onboard/sso-entraid.rst +++ b/source/administration-guide/identity-access/authentication-methods/sso/sso-entraid.rst @@ -1,7 +1,7 @@ Entra ID Single Sign-On ========================= -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Configuring EntraID as a Single Sign-On (SSO) service @@ -81,7 +81,7 @@ If you don't register Mattermost in the Microsoft Azure AD tenant your organizat Configure Mattermost ``config.json`` for Entra ID SSO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Instead of using the System Console, you can add the Entra ID settings directly to the ``config.json`` file on your Mattermost server. diff --git a/source/administration-guide/onboard/sso-gitlab.rst b/source/administration-guide/identity-access/authentication-methods/sso/sso-gitlab.rst similarity index 98% rename from source/administration-guide/onboard/sso-gitlab.rst rename to source/administration-guide/identity-access/authentication-methods/sso/sso-gitlab.rst index d9c25d66a03..a7803f41223 100644 --- a/source/administration-guide/onboard/sso-gitlab.rst +++ b/source/administration-guide/identity-access/authentication-methods/sso/sso-gitlab.rst @@ -1,7 +1,7 @@ GitLab Single Sign-On ===================== -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Configuring GitLab as a Single Sign-On (SSO) service diff --git a/source/administration-guide/onboard/sso-google.rst b/source/administration-guide/identity-access/authentication-methods/sso/sso-google.rst similarity index 97% rename from source/administration-guide/onboard/sso-google.rst rename to source/administration-guide/identity-access/authentication-methods/sso/sso-google.rst index e7201344460..7fa8b27e503 100644 --- a/source/administration-guide/onboard/sso-google.rst +++ b/source/administration-guide/identity-access/authentication-methods/sso/sso-google.rst @@ -1,7 +1,7 @@ Google Single Sign-On ===================== -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Configuring Google Apps as a Single Sign-On (SSO) service @@ -68,7 +68,7 @@ Step 3: Configure Mattermost for Google Apps SSO Configure Mattermost ``config.json`` for Google Apps SSO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. include:: ../../_static/badges/selfhosted-only.rst +.. include:: ../../../../_static/badges/selfhosted-only.rst :start-after: :nosearch: Instead of using the System Console, you can add the Google settings directly to the ``config.json`` file directly on your Mattermost server. diff --git a/source/administration-guide/identity-access/authentication-methods/sso/sso-index.rst b/source/administration-guide/identity-access/authentication-methods/sso/sso-index.rst new file mode 100644 index 00000000000..4a58ff2af7d --- /dev/null +++ b/source/administration-guide/identity-access/authentication-methods/sso/sso-index.rst @@ -0,0 +1,18 @@ +Single Sign-On (SSO) +==================== + +Centralize authentication with :doc:`OpenID Connect (OIDC) ` and supported providers. Use these guides to configure :doc:`GitLab `, :doc:`Google `, and :doc:`Microsoft Entra ID `, and to :doc:`convert legacy OAuth 2.0 providers to OIDC `. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + sso-gitlab + sso-openidconnect + sso-google + sso-entraid + convert-oauth20-service-providers-to-openidconnect + +.. tip:: + + Looking for SAML-based SSO options? See :doc:`SAML-based SSO `. \ No newline at end of file diff --git a/source/administration-guide/onboard/sso-openidconnect.rst b/source/administration-guide/identity-access/authentication-methods/sso/sso-openidconnect.rst similarity index 80% rename from source/administration-guide/onboard/sso-openidconnect.rst rename to source/administration-guide/identity-access/authentication-methods/sso/sso-openidconnect.rst index 049003b8150..7cc7d105671 100644 --- a/source/administration-guide/onboard/sso-openidconnect.rst +++ b/source/administration-guide/identity-access/authentication-methods/sso/sso-openidconnect.rst @@ -1,10 +1,10 @@ OpenID Connect Single Sign-On ============================== -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: -Mattermost provides OpenID Connect support for :doc:`GitLab `, :doc:`Google Apps `, and :doc:`Entra ID `. With OpenID Connect, users can also use their login to Keycloak, Atlassian Crowd, Apple, Microsoft, Salesforce, Auth0, Ory.sh, Facebook, Okta, OneLogin, and Azure AD, as well as others, as a Single Sign-on (SSO) service for team creation, account creation, and user login. +Mattermost provides OpenID Connect support for :doc:`GitLab `, :doc:`Google Apps `, and :doc:`Entra ID `. With OpenID Connect, users can also use their login to Keycloak, Atlassian Crowd, Apple, Microsoft, Salesforce, Auth0, Ory.sh, Facebook, Okta, OneLogin, and Azure AD, as well as others, as a Single Sign-on (SSO) service for team creation, account creation, and user login. Follow these steps to configure a service provider using OpenID Connect. diff --git a/source/administration-guide/onboard/certificate-based-authentication.rst b/source/administration-guide/identity-access/certificate-based-authentication.rst similarity index 96% rename from source/administration-guide/onboard/certificate-based-authentication.rst rename to source/administration-guide/identity-access/certificate-based-authentication.rst index 00100a04f67..ca8e2a88310 100644 --- a/source/administration-guide/onboard/certificate-based-authentication.rst +++ b/source/administration-guide/identity-access/certificate-based-authentication.rst @@ -13,7 +13,7 @@ Before you begin, follow the :doc:`official guides to install Mattermost `. +This is the first step for setting up certificate-based authentication. If you haven't set up mutual TLS authentication yet, :doc:`see our documentation to learn more `. Set up Mattermost server to log in with a client certificate ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/identity-access/identity-access-index.rst b/source/administration-guide/identity-access/identity-access-index.rst new file mode 100644 index 00000000000..6a336bdd3eb --- /dev/null +++ b/source/administration-guide/identity-access/identity-access-index.rst @@ -0,0 +1,33 @@ +Identity and Access Management +=============================== + +.. toctree:: + :maxdepth: 1 + :titlesonly: + +Secure sign-in through centralized identity providers, map attributes, and control user access and membership. + +user provisioning + +- :doc:`Set up Active Directory (AD) or LDAP ` +- :doc:`Configure SSO ` +- :doc:`Enforce multi-factor authentication (MFA) ` +- :doc:`Enable SSL client certificates ` + +Permissions and Roles +~~~~~~~~~~~~~~~~~~~~~~ + + + +User Management +~~~~~~~~~~~~~~~~~ + + + +Guest Accounts +~~~~~~~~~~~~~~~ + + + +Team and Channel Member Management +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \ No newline at end of file diff --git a/source/administration-guide/onboard/multi-factor-authentication.rst b/source/administration-guide/identity-access/multi-factor-authentication.rst similarity index 100% rename from source/administration-guide/onboard/multi-factor-authentication.rst rename to source/administration-guide/identity-access/multi-factor-authentication.rst diff --git a/source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst b/source/administration-guide/identity-access/permissions-and-roles/advanced-permissions-backend-infrastructure.rst similarity index 99% rename from source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst rename to source/administration-guide/identity-access/permissions-and-roles/advanced-permissions-backend-infrastructure.rst index 370746aacbd..71776ffa36e 100644 --- a/source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst +++ b/source/administration-guide/identity-access/permissions-and-roles/advanced-permissions-backend-infrastructure.rst @@ -1,7 +1,7 @@ Advanced permissions: backend infrastructure ============================================ -.. include:: ../../_static/badges/allplans-cloud-selfhosted.rst +.. include:: ../../../_static/badges/allplans-cloud-selfhosted.rst :start-after: :nosearch: This document outlines the backend server infrastructure for permissions in Mattermost and is recommended only for technical Admins or developers looking to make modifications to their installation. diff --git a/source/administration-guide/onboard/advanced-permissions.rst b/source/administration-guide/identity-access/permissions-and-roles/advanced-permissions.rst similarity index 90% rename from source/administration-guide/onboard/advanced-permissions.rst rename to source/administration-guide/identity-access/permissions-and-roles/advanced-permissions.rst index 67f2b033e3a..6551d701ad6 100644 --- a/source/administration-guide/onboard/advanced-permissions.rst +++ b/source/administration-guide/identity-access/permissions-and-roles/advanced-permissions.rst @@ -1,7 +1,7 @@ Advanced permissions ==================== -.. include:: ../../_static/badges/allplans-cloud-selfhosted.rst +.. include:: ../../../_static/badges/allplans-cloud-selfhosted.rst :start-after: :nosearch: Mattermost system admins using Mattermost Cloud or Mattermost Server can use Advanced Permissions to customize which users can perform specific actions, such as creating teams, managing channels, and configuring webhooks. The Mattermost permission system is based on a modified RBAC (role-based access control) architecture, using roles to determine which users have the ability to perform various actions. @@ -11,7 +11,7 @@ Two permission schemes are provided in Mattermost: * **System Scheme**: Applies permissions universally across all teams and channels. * **Team Override Schemes**: Allow admins to customize permissions for each team. -This document describes the types of permissions that can be given to users of Mattermost using schemes as well as channel settings and roles. The :doc:`permissions backend documentation ` provides additional technical details around permissions. +This document describes the types of permissions that can be given to users of Mattermost using schemes as well as channel settings and roles. The :doc:`permissions backend documentation ` provides additional technical details around permissions. Permissions structure ---------------------- @@ -32,12 +32,12 @@ To override the System Scheme default permissions in a specific team, you must s You can access the System Scheme interface by going to **System Console > User Management > Permissions > System Scheme**. -.. image:: ../../images/system-scheme.png +.. image:: /images/system-scheme.png Team override scheme ~~~~~~~~~~~~~~~~~~~~ -.. include:: ../../_static/badges/ent-only.rst +.. include:: ../../../_static/badges/ent-only.rst :start-after: :nosearch: On systems with multiple :ref:`Mattermost teams `, each team may operate and collaborate in a unique way. Team Override Schemes give Admins the flexibility to tailor permissions to the needs of each team. @@ -50,7 +50,7 @@ When you use this permission scheme: You can access the Team Override Scheme interface by going to **System Console > User Management > Permissions > Team Override Schemes**. -.. image:: ../../images/team-scheme.png +.. image:: /images/team-scheme.png Channel permissions -------------------- @@ -60,10 +60,10 @@ The channel permissions interface is accessed in **System Console > User Managem Advanced access controls ~~~~~~~~~~~~~~~~~~~~~~~~~ -.. include:: ../../_static/badges/ent-pro-only.rst +.. include:: ../../../_static/badges/ent-pro-only.rst :start-after: :nosearch: -See the :ref:`team and channel management ` documentation for details on available channel access controls. +See the :ref:`team and channel management ` documentation for details on available channel access controls. Recipes ------- @@ -78,7 +78,7 @@ Ensure users only see each other when in the same team or channel Example: A classified organization wants to use Mattermost teams for classified projects. In each project, team members can't know about members outside of their project, and :doc:`@mentions ` can't disclose the names of people outside of a classified project. -Use the :ref:`mmctl permissions remove ` command to revoke the ``view_member`` permission from the ``system_user`` role: ``mmctl permissions remove system_user view_member``. +Use the :ref:`mmctl permissions remove ` command to revoke the ``view_member`` permission from the ``system_user`` role: ``mmctl permissions remove system_user view_member``. Only allow admins, in a specific team, to add members ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -148,7 +148,7 @@ This permission is applied to all other roles (excluding the Guest role). When t Read-only channels ~~~~~~~~~~~~~~~~~~ -.. include:: ../../_static/badges/ent-only.rst +.. include:: ../../../_static/badges/ent-only.rst :start-after: :nosearch: Members can participate but guests can only read and react @@ -214,14 +214,14 @@ Administration tools There are a number of API and mmctl tools available for admins to help in configuring and troubleshooting the permissions system: -1. Reset all permissions to the default on new installations using the :ref:`mmctl permissions reset ` command. +1. Reset all permissions to the default on new installations using the :ref:`mmctl permissions reset ` command. 2. Use the `GetAllRoles `__ API endpoint to get a list of all roles. -3. Add permissions to a role using the :ref:`mmctl permissions add ` command. +3. Add permissions to a role using the :ref:`mmctl permissions add ` command. Backend infrastructure ---------------------- -Technical admins or developers looking for a deeper understanding of the permissions backend can refer to our :doc:`permissions backend documentation `. +Technical admins or developers looking for a deeper understanding of the permissions backend can refer to our :doc:`permissions backend documentation `. Glossary -------- diff --git a/source/administration-guide/onboard/delegated-granular-administration.rst b/source/administration-guide/identity-access/permissions-and-roles/delegated-granular-administration.rst similarity index 99% rename from source/administration-guide/onboard/delegated-granular-administration.rst rename to source/administration-guide/identity-access/permissions-and-roles/delegated-granular-administration.rst index 2274c42f7e2..471e5e372c5 100644 --- a/source/administration-guide/onboard/delegated-granular-administration.rst +++ b/source/administration-guide/identity-access/permissions-and-roles/delegated-granular-administration.rst @@ -1,7 +1,7 @@ Delegated granular administration ================================= -.. include:: ../../_static/badges/ent-cloud-selfhosted.rst +.. include:: ../../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: Mattermost supports the creation and customization of system administration roles with specific granular permissions and System Console access. This allows senior administrators in large organizations to delegate and de-centralize specialized administration and administrative tasks with specific admin roles. @@ -53,7 +53,7 @@ Assign admin roles There are two ways to assign roles: 1. In the System Console under **User Management > Delegated Granular Administration**. -2. Using the :doc:`mmctl tool `. This can be done either locally or remotely. +2. Using the :doc:`mmctl tool `. This can be done either locally or remotely. +---------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ | **You want to** | **Using the System Console** | **Using mmctl** | @@ -94,7 +94,7 @@ System admins can grant read/write access to other areas of the System Console, There are two ways to assign roles: 1. In the System Console under **User Management > Delegated Granular Administration**. -2. Using the :doc:`mmctl tool `. This can be done either locally or remotely. +2. Using the :doc:`mmctl tool `. This can be done either locally or remotely. +--------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+ | **You want to** | **Using the System Console** | **Using mmctl** | diff --git a/source/administration-guide/onboard/guest-accounts.rst b/source/administration-guide/identity-access/permissions-and-roles/guest-accounts.rst similarity index 96% rename from source/administration-guide/onboard/guest-accounts.rst rename to source/administration-guide/identity-access/permissions-and-roles/guest-accounts.rst index 9a8e91b527e..0f43bf900d8 100644 --- a/source/administration-guide/onboard/guest-accounts.rst +++ b/source/administration-guide/identity-access/permissions-and-roles/guest-accounts.rst @@ -3,14 +3,14 @@ Guest accounts ============== -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: Guest accounts in Mattermost are a way to collaborate with individuals, such as vendors and contractors, outside of your organization by controlling their access to channels and team members. For example, guest accounts can be used to collaborate with customers on a support issue or work on a website project with resources from an external design firm. .. important:: - - A system admin must :ref:`enable guest access ` before guests can be invited. + - A system admin must :ref:`enable guest access ` before guests can be invited. - Mattermost Enterprise and Professional customers can :doc:`control who can invite guests ` in their organization. By default, only system admins can invite guests. - Guest accounts count as a paid user in your Mattermost :doc:`workspace `. However, guests aren't automatically added to the default **Town-square** channel when they log in. You must :doc:`invite guests ` to individual teams and channels manually. Deactivating a guest account reduces your licensed seat count. - You'll identify guest users in Mattermost based on their **GUEST** badge next to their name and profile picture. Channels that contain guests also display the message ***This channel has guests** in the channel header. @@ -40,7 +40,7 @@ Guest authentication Guests can access the Mattermost server via email invitation, and be authenticated using AD/LDAP or SAML 2.0. -Before you proceed, ensure that the authentication method you wish to use is correctly configured on your server and enabled in Mattermost. For configuration steps and technical documentation, see :doc:`Active Directory/LDAP setup ` and :doc:`SAML Single-Sign-On `. +Before you proceed, ensure that the authentication method you wish to use is correctly configured on your server and enabled in Mattermost. For configuration steps and technical documentation, see :doc:`Active Directory/LDAP setup ` and :doc:`SAML Single-Sign-On `. Converting a member user to a guest won't change the channels they are in. However, they will be restricted from discovering additional channels and are unable to direct message/group message users outside of the channels they are in. They can be added to channels by system admins and other roles that have the correct permissions to invite guests. diff --git a/source/administration-guide/identity-access/permissions-and-roles/permissions-and-roles-index.rst b/source/administration-guide/identity-access/permissions-and-roles/permissions-and-roles-index.rst new file mode 100644 index 00000000000..e69de29bb2d diff --git a/source/administration-guide/onboard/ssl-client-certificate.rst b/source/administration-guide/identity-access/ssl-client-certificate.rst similarity index 100% rename from source/administration-guide/onboard/ssl-client-certificate.rst rename to source/administration-guide/identity-access/ssl-client-certificate.rst diff --git a/source/administration-guide/manage/team-channel-members.rst b/source/administration-guide/identity-access/team-channel-members.rst similarity index 97% rename from source/administration-guide/manage/team-channel-members.rst rename to source/administration-guide/identity-access/team-channel-members.rst index 29e726647ac..e06e9a2ff47 100644 --- a/source/administration-guide/manage/team-channel-members.rst +++ b/source/administration-guide/identity-access/team-channel-members.rst @@ -31,14 +31,14 @@ Archive a team Select **Archive Team**, then select **Save**. Select **Archive** when prompted to confirm the team archive. -Alternatively, system admins can use the mmctl ``mmctl team archive`` to archive teams. See the :ref:`mmctl product documentation ` for details. +Alternatively, system admins can use the mmctl ``mmctl team archive`` to archive teams. See the :ref:`mmctl product documentation ` for details. Unarchive a team ~~~~~~~~~~~~~~~~~~ Select **Unarchive Team**, then select **Save**. -Alternatively, system admins can use the mmctl ``mmctl team restore`` to archive teams. See the :ref:`mmctl product documentation ` for details. +Alternatively, system admins can use the mmctl ``mmctl team restore`` to archive teams. See the :ref:`mmctl product documentation ` for details. Team management ~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/identity-access/user-management.rst b/source/administration-guide/identity-access/user-management.rst new file mode 100644 index 00000000000..3ca70816fb6 --- /dev/null +++ b/source/administration-guide/identity-access/user-management.rst @@ -0,0 +1,21 @@ +User management +=============== + +Welcome to the Mattermost User Management Guide. This User Management Guide is organized into sections to help you manage users, permissions, and roles effectively in your Mattermost workspace. + +Whether you’re configuring team and channel settings, managing guest accounts, or leveraging advanced permissions infrastructure, this guide provides the resources and instructions necessary to tailor user management to your organization’s needs. Use the navigation below to explore detailed guidance for each area. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Permissions + Manage team and channel configuration + Advanced permissions infrastructure + Guest accounts + +* :doc:`Permissions ` - Learn about permissions in Mattermost. +* :doc:`Manage team and channel configuration ` - Learn about managing team and channel configuration in Mattermost. +* :doc:`Advanced permissions infrastructure ` - Learn about advanced permissions infrastructure in Mattermost. +* :doc:`Guest accounts ` - Learn about guest accounts in Mattermost. \ No newline at end of file diff --git a/source/administration-guide/onboard/user-provisioning-workflows.rst b/source/administration-guide/identity-access/user-provisioning-workflows.rst similarity index 74% rename from source/administration-guide/onboard/user-provisioning-workflows.rst rename to source/administration-guide/identity-access/user-provisioning-workflows.rst index eacbb9b659d..f4b16195a8a 100644 --- a/source/administration-guide/onboard/user-provisioning-workflows.rst +++ b/source/administration-guide/identity-access/user-provisioning-workflows.rst @@ -10,8 +10,8 @@ This document provides an overview of user provisioning and deprovisioning workf There are currently 3 recommended user provisioning workflows in Mattermost: -1. **On demand:** If user accounts are not pre-provisioned using one of the methods described below, then a new user account will be provisioned when the user first logs in. When the user logs in, they are asked to select a public team to join (all users must belong to at least one team) and then they are added automatically to the Town Square channel. Mattermost also has a :ref:`default channel setting ` that enables system admins to add everyone to additional channels specified by the organization. -2. **Pre-provisioned via bulk import:** Mattermost features a :doc:`bulk data loading tool ` that can be used for pre-provisioning new users by adding them to teams and channels before their first login to Mattermost. This tool automates the creation of Teams, Channels, Users, and Posts (with file attachments). It can also be used to migrate users and content from an existing system. +1. **On demand:** If user accounts are not pre-provisioned using one of the methods described below, then a new user account will be provisioned when the user first logs in. When the user logs in, they are asked to select a public team to join (all users must belong to at least one team) and then they are added automatically to the Town Square channel. Mattermost also has a :ref:`default channel setting ` that enables system admins to add everyone to additional channels specified by the organization. +2. **Pre-provisioned via bulk import:** Mattermost features a :doc:`bulk data loading tool ` that can be used for pre-provisioning new users by adding them to teams and channels before their first login to Mattermost. This tool automates the creation of Teams, Channels, Users, and Posts (with file attachments). It can also be used to migrate users and content from an existing system. 3. **Mattermost API:** The Mattermost `RESTful API `__ can be used to pre-provision new user accounts as well as add and remove them from teams and channels. This model is commonly used by enterprises that have central account provisioning applications. Mattermost user identifier @@ -28,12 +28,12 @@ User deprovisioning Users in Mattermost can be deactivated in the following ways: -- **AD/LDAP Synchronization**: AD/LDAP users can be deactivated in Mattermost based on their status in the directory server via synchronization. Learn more in :ref:`AD/LDAP documentation `. -- **System Console**: User management screen in **System Console > Users** allows system admins to deactiveate users with email/password login. See the :ref:`Deactivate users ` documentation for details. +- **AD/LDAP Synchronization**: AD/LDAP users can be deactivated in Mattermost based on their status in the directory server via synchronization. Learn more in :ref:`AD/LDAP documentation `. +- **System Console**: User management screen in **System Console > Users** allows system admins to deactiveate users with email/password login. See the :ref:`Deactivate users ` documentation for details. - **RESTful API** The Mattermost API can be used to deactivate users. See `API documentation to learn more `__. -- **Command Line Interface**: You can use the Mattermost :ref:`mmctl user deactivate ` command to deactivate users. +- **Command Line Interface**: You can use the Mattermost :ref:`mmctl user deactivate ` command to deactivate users. -Once deactivated, users still exist in the Mattermost database and their messages can still be viewed in Mattermost. You can use the :ref:`mmctl ` tools to delete a user and all of their content. +Once deactivated, users still exist in the Mattermost database and their messages can still be viewed in Mattermost. You can use the :ref:`mmctl ` tools to delete a user and all of their content. From Mattermost v10.10, when a user is deactivated, the account's :ref:`availability ` is automatically set to offline. diff --git a/source/administration-guide/identity-access/user-provisioning.rst b/source/administration-guide/identity-access/user-provisioning.rst new file mode 100644 index 00000000000..1244a3ffced --- /dev/null +++ b/source/administration-guide/identity-access/user-provisioning.rst @@ -0,0 +1,27 @@ +User provisioning +================== + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Corporate directory integrations + Provisioning workflows + AD/LDAP setup + AD/LDAP manage team or private channel membership + GitLab SSO + OpenID Connect SSO + Google SSO + Entra ID SSO + Convert OAuth 2.0 providers to OpenID + +* :doc:`Corporate directory integrations ` - Mattermost integrates with all major account providers via Active Directory, SAML, and OAuth. +* :doc:`Provisioning workflows ` - Learn about provisioning workflows in Mattermost. +* :doc:`AD/LDAP setup ` - Learn how to set up AD/LDAP in Mattermost. +* :doc:`AD/LDAP manage team or private channel membership ` - Learn how to manage team or private channel membership using AD/LDAP sync groups in Mattermost. +* :doc:`GitLab SSO ` - Learn how to use GitLab SSO in Mattermost. +* :doc:`OpenID Connect SSO ` - Learn how to use about OpenID Connect SSO in Mattermost. +* :doc:`Google SSO ` - Learn how to use Google SSO in Mattermost. +* :doc:`Entra ID SSO ` - Learn how to use Entra ID SSO in Mattermost. +* :doc:`Convert OAuth 2.0 providers to OpenID ` - Learn how to convert OAuth 2.0 providers to OpenID in Mattermost. \ No newline at end of file diff --git a/source/administration-guide/configure/cloud-billing-account-settings.rst b/source/administration-guide/licensing/cloud-billing-account-settings.rst similarity index 100% rename from source/administration-guide/configure/cloud-billing-account-settings.rst rename to source/administration-guide/licensing/cloud-billing-account-settings.rst diff --git a/source/administration-guide/manage/cloud-byok.rst b/source/administration-guide/licensing/cloud-byok.rst similarity index 100% rename from source/administration-guide/manage/cloud-byok.rst rename to source/administration-guide/licensing/cloud-byok.rst diff --git a/source/administration-guide/manage/cloud-data-residency.rst b/source/administration-guide/licensing/cloud-data-residency.rst similarity index 100% rename from source/administration-guide/manage/cloud-data-residency.rst rename to source/administration-guide/licensing/cloud-data-residency.rst diff --git a/source/administration-guide/manage/cloud-ip-filtering.rst b/source/administration-guide/licensing/cloud-ip-filtering.rst similarity index 100% rename from source/administration-guide/manage/cloud-ip-filtering.rst rename to source/administration-guide/licensing/cloud-ip-filtering.rst diff --git a/source/administration-guide/licensing/cloud-workspace-management.rst b/source/administration-guide/licensing/cloud-workspace-management.rst new file mode 100644 index 00000000000..e183a8ee05f --- /dev/null +++ b/source/administration-guide/licensing/cloud-workspace-management.rst @@ -0,0 +1,25 @@ +Cloud workspace management +========================== + +This section of the guide is for system admins of Mattermost Cloud deployments. + +.. tip:: + + If you're the system admin for a Mattermost self-hosted workspace, see the :doc:`Self-hosted administration ` documentation. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Workspace migration + Cloud data residency + Cloud IP Filtering + Cloud Bring Your Own Key (BYOK) + +* :doc:`Workspace migration ` - Migrate your workspace using the mmctl tool. +* :doc:`Cloud data residency ` - Find information about your data in the Cloud. +* :doc:`Cloud IP Filtering ` - Restrict access to your Mattermost Cloud workspace to a specific IP address range. +* :doc:`Cloud Bring Your Own Key (BYOK) ` - Learn how to manage data encryption processes within a Mattermost Cloud Enterprise Dedicated deployment. + +`Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/manage/code-signing-custom-builds.rst b/source/administration-guide/licensing/code-signing-custom-builds.rst similarity index 100% rename from source/administration-guide/manage/code-signing-custom-builds.rst rename to source/administration-guide/licensing/code-signing-custom-builds.rst diff --git a/source/administration-guide/licensing/licensing-index.rst b/source/administration-guide/licensing/licensing-index.rst new file mode 100644 index 00000000000..0a42e508b48 --- /dev/null +++ b/source/administration-guide/licensing/licensing-index.rst @@ -0,0 +1,28 @@ +Licensing & Workspace Management +===================================== + +Manage editions, licenses, billing, and workspace-wide policies for Cloud and self-hosted deployments. Use these guides to configure account settings and workspace controls. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + self-hosted-billing + /administration-guide/platform-features/installing-license-key + cloud-workspace-management + /administration-guide/licensing/self-hosted-account-settings + /administration-guide/licensing/cloud-billing-account-settings + /administration-guide/licensing/cloud-byok + /administration-guide/licensing/cloud-data-residency + /administration-guide/licensing/cloud-ip-filtering + + +Govern your workspace, control data residency and billing, and enable licensed features. + +- `Manage license keys for self-hosted deployments `_ +- `Administer Cloud workspaces `_ +- `Configure BYOK, data residency, and IP filtering `_ +- `Set account details and billing information `_ + +- :doc:`Cloud workspace management ` +- :doc:`Self-hosted billing ` diff --git a/source/administration-guide/configure/self-hosted-account-settings.rst b/source/administration-guide/licensing/self-hosted-account-settings.rst similarity index 90% rename from source/administration-guide/configure/self-hosted-account-settings.rst rename to source/administration-guide/licensing/self-hosted-account-settings.rst index f871bd1b3b6..5227010e82e 100644 --- a/source/administration-guide/configure/self-hosted-account-settings.rst +++ b/source/administration-guide/licensing/self-hosted-account-settings.rst @@ -22,6 +22,6 @@ You can also review and manage the following aspects of your self-hosted deploym - View the :doc:`edition ` of your Mattermost self-hosted deployment. - Manage your :doc:`product subscription `. -- :doc:`Upload a new license `. -- Remove a license to :doc:`downgrade the server `. +- :doc:`Upload a new license `. +- Remove a license to :doc:`downgrade the server `. - Talk to a `Mattermost Expert `_ for assistance. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/self-hosted-billing.rst b/source/administration-guide/licensing/self-hosted-billing.rst similarity index 100% rename from source/administration-guide/manage/admin/self-hosted-billing.rst rename to source/administration-guide/licensing/self-hosted-billing.rst diff --git a/source/administration-guide/manage/admin/customize-branding.rst b/source/administration-guide/manage/admin/customize-branding.rst deleted file mode 100644 index e409120f3a7..00000000000 --- a/source/administration-guide/manage/admin/customize-branding.rst +++ /dev/null @@ -1,17 +0,0 @@ -Customize branding -=================== - -Whether you’re customizing the appearance of your workspace, utilizing branding tools, or managing code signing for custom builds, this section of documentation has you covered and provides everything you need to customize the branding of Mattermost to align with your organization’s identity. Use the navigation below to access detailed instructions for each customization option. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Customize Mattermost - Custom branding tools - Code signing custom builds - -* :doc:`Customize Mattermost ` - Learn how to customize the Mattermost server. -* :doc:`Custom branding tools ` - Learn about custom branding tools for Mattermost. -* :doc:`Code signing custom builds ` - Learn about code signing custom builds of Mattermost. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/migration.rst b/source/administration-guide/manage/admin/migration.rst deleted file mode 100644 index 6f5a960844f..00000000000 --- a/source/administration-guide/manage/admin/migration.rst +++ /dev/null @@ -1,25 +0,0 @@ -Migration -========== - -This Mattermost Migration Guide is organized into sections based on migration scenarios and tools to help you transition smoothly to Mattermost or optimize your current setup. - -Whether you’re migrating from another platform, upgrading your database, or using bulk tools for data management, this guide provides the resources and instructions you need for a successful migration. Use the navigation below to explore detailed guidance tailored to your migration needs. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Migrate from MySQL to PostgreSQL - Server migration guide - Migrate from Slack - Bulk export tool - Bulk loading tool - Migration announcement email template - -* :doc:`Migrate from MySQL to PostgreSQL ` - Learn how to migrate from MySQL to PostgreSQL. -* :doc:`Server migration guide ` - Learn about about migrating to Mattermost. -* :doc:`Migrate from Slack ` - Learn how to migrate from Slack to Mattermost. -* :doc:`Bulk export tool ` - Learn about the bulk export tool for Mattermost. -* :doc:`Bulk loading tool ` - Learn about the bulk loading tool for Mattermost. -* :doc:`Migration announcement email template ` - Use this email template to notify your users that you've migrated to Mattermost. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/monitoring-and-performance.rst b/source/administration-guide/manage/admin/monitoring-and-performance.rst deleted file mode 100644 index 9c6e314a256..00000000000 --- a/source/administration-guide/manage/admin/monitoring-and-performance.rst +++ /dev/null @@ -1,45 +0,0 @@ -Monitoring and performance -========================== - -This Monitoring and Performance Guide is organized into sections to help you effectively monitor, optimize, and manage the performance of your Mattermost installation. - -From collecting performance metrics and deploying monitoring tools to configuring health checks and managing notifications, this guide offers comprehensive resources to ensure your Mattermost workspace operates at peak efficiency. Use the navigation below to explore detailed instructions and best practices. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Optimize your Mattermost workspace - Collect performance metrics - Deploy Prometheus and Grafana for performance monitoring - Performance monitoring metrics - Push notification health targets - Performance alerting guide - Ensuring releases perform at scale - Manage user surveys - User satisfaction surveys - Notify admin - System-wide notifications - Statistics - In-product notices - Health checks - Health check probes - Product limits - -* :doc:`Optimize your Mattermost workspace ` - Learn about optimizing your Mattermost workspace. -* :doc:`Collect performance metrics ` - Learn about collecting performance metrics for Mattermost. -* :doc:`Deploy Prometheus and Grafana for performance monitoring ` - Learn how to deploy Prometheus and Grafana for performance monitoring. -* :doc:`Performance monitoring metrics ` - Learn about performance monitoring metrics for Mattermost. -* :doc:`Push notification health targets ` - Learn about push notification health targets for Mattermost. -* :doc:`Performance alerting guide ` - Learn about performance alerting for Mattermost. -* :doc:`Ensuring releases perform at scale ` - Learn how to ensure releases perform at scale for Mattermost. -* :doc:`Manage user surveys ` - Learn about managing user surveys for Mattermost. -* :doc:`User satisfaction surveys ` - Learn how to send user satisfaction surveys for Mattermost. -* :doc:`Notify admin ` - Learn how to notify admins for Mattermost. -* :doc:`System-wide notifications ` - Learn about system-wide notifications for Mattermost. -* :doc:`Statistics ` - Learn about Mattermost statistics . -* :doc:`In-product notices ` - Learn how to use in-product notices for Mattermost. -* :doc:`Health checks ` - Learn about health checks for Mattermost. -* :doc:`Health check probes ` - Learn how to set up health check probes for Mattermost. -* :doc:`Product limits ` - Learn about product limits for Mattermost. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/server-configuration.rst b/source/administration-guide/manage/admin/server-configuration.rst deleted file mode 100644 index 52f680b10fe..00000000000 --- a/source/administration-guide/manage/admin/server-configuration.rst +++ /dev/null @@ -1,41 +0,0 @@ -Server configuration -===================== - -This Server Configuration Guide is organized into sections to provide you with the tools and knowledge necessary to configure your Mattermost server for improved efficiency, scalability, and functionality. - -Whether you’re setting up email notifications, optimizing search capabilities, enabling high availability, or configuring telemetry, this guide covers all aspects of server setup and management. Use the navigation below to access detailed instructions for each topic. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Store configuration in your database - Server configuration options - Set up attribute-based access controls - Set up Mattermost Agents - Install Mattermost Boards - Manage user attributes - Environment variables - Customize the server - SMTP email setup - Email templates - Chinese, Japanese, and Korean search - SSL client certificate setup - Connected workspaces - Telemetry - -* :doc:`Store configuration in your database ` - Learn how to store configuration information in your Mattermost database rather than as a JSON file. -* :doc:`Server configuration options ` - Learn about server configuration options for Mattermost. -* :doc:`Set up attribute-based access controls ` - Learn how to set up attribute-based access controls for your Mattermost instance for Zero Trust Security. -* :doc:`Set up Mattermost Agents` - Learn how to enable AI-powered Agents for your Mattermost instance. -* :doc:`Install Mattermost Boards ` - Learn how to install and configure the Boards plugin for your Mattermost instance. -* :doc:`Manage custom user attributes ` - Learn how to manage custom user attributes in user profiles in Mattermost. -* :doc:`Environment variables ` - Learn how to use environment variables for Mattermost configuration. -* :doc:`Customize the server ` - Learn about customizing branding for Mattermost server. -* :doc:`SMTP email setup ` - Learn how to set up SMTP email for Mattermost. -* :doc:`Email templates ` - Learn about customizing email templates for Mattermost. -* :doc:`Chinese, Japanese, and Korean search ` - Learn about enabling Chinese, Japanese, and Korean search for Mattermost. -* :doc:`SSL client certificate setup ` - Learn how to set up SSL client certificates for Mattermost. -* :doc:`Connected workspaces ` - Learn how to connect Mattermost workspaces. -* :doc:`Telemetry ` - Learn about Mattermost telemetry and data collection. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/server-maintenance.rst b/source/administration-guide/manage/admin/server-maintenance.rst deleted file mode 100644 index 03d9ee1fafe..00000000000 --- a/source/administration-guide/manage/admin/server-maintenance.rst +++ /dev/null @@ -1,33 +0,0 @@ -Server maintenance -==================== - -This Server Maintenance Guide is organized into sections that provide the tools and knowledge needed to maintain your Mattermost server effectively, ensuring optimal security, scalability, and reliability. - -Whether you’re installing a license key, performing backups, upgrading the server, or using administrative tools like mmctl and the CLI, this guide offers comprehensive instructions to help you manage your server with confidence. Use the navigation below to access detailed information on each topic. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Install a license key - Generate a support packet - Backup and disaster recovery - Upgrade Mattermost server - Secure Mattermost - Mattermost error codes - Logging - mmctl - CLI - Feature labels - -* :doc:`Install a license key ` - Learn how to install a license key for Mattermost. -* :doc:`Generate a support packet ` - Learn how to generate a support packet for Mattermost. -* :doc:`Backup and disaster recovery ` - Learn about backup and disaster recovery for Mattermost. -* :doc:`Upgrade Mattermost server ` - Learn how to upgrading Mattermost server. -* :doc:`Secure Mattermost ` - Learn about securing Mattermost server. -* :doc:`Mattermost error codes ` - Learn about Mattermost error codes and troubleshooting. -* :doc:`Logging ` - Learn how to customize logging options based on business practices and needs. -* :doc:`mmctl ` - Learn about the mmctl command line tool for Mattermost. -* :doc:`CLI ` - Learn about command line tools for Mattermost. -* :doc:`Feature labels ` - Learn about Mattermost feature labels and their meanings. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/user-management.rst b/source/administration-guide/manage/admin/user-management.rst deleted file mode 100644 index a0476243e5b..00000000000 --- a/source/administration-guide/manage/admin/user-management.rst +++ /dev/null @@ -1,21 +0,0 @@ -User management -=============== - -Welcome to the Mattermost User Management Guide. This User Management Guide is organized into sections to help you manage users, permissions, and roles effectively in your Mattermost workspace. - -Whether you’re configuring team and channel settings, managing guest accounts, or leveraging advanced permissions infrastructure, this guide provides the resources and instructions necessary to tailor user management to your organization’s needs. Use the navigation below to explore detailed guidance for each area. - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Permissions - Manage team and channel configuration - Advanced permissions infrastructure - Guest accounts - -* :doc:`Permissions ` - Learn about permissions in Mattermost. -* :doc:`Manage team and channel configuration ` - Learn about managing team and channel configuration in Mattermost. -* :doc:`Advanced permissions infrastructure ` - Learn about advanced permissions infrastructure in Mattermost. -* :doc:`Guest accounts ` - Learn about guest accounts in Mattermost. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/user-provisioning.rst b/source/administration-guide/manage/admin/user-provisioning.rst deleted file mode 100644 index 83ad18d6bba..00000000000 --- a/source/administration-guide/manage/admin/user-provisioning.rst +++ /dev/null @@ -1,27 +0,0 @@ -User provisioning -================== - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Corporate directory integrations - Provisioning workflows - AD/LDAP setup - AD/LDAP manage team or private channel membership - GitLab SSO - OpenID Connect SSO - Google SSO - Entra ID SSO - Convert OAuth 2.0 providers to OpenID - -* :doc:`Corporate directory integrations ` - Mattermost integrates with all major account providers via Active Directory, SAML, and OAuth. -* :doc:`Provisioning workflows ` - Learn about provisioning workflows in Mattermost. -* :doc:`AD/LDAP setup ` - Learn how to set up AD/LDAP in Mattermost. -* :doc:`AD/LDAP manage team or private channel membership ` - Learn how to manage team or private channel membership using AD/LDAP sync groups in Mattermost. -* :doc:`GitLab SSO ` - Learn how to use GitLab SSO in Mattermost. -* :doc:`OpenID Connect SSO ` - Learn how to use about OpenID Connect SSO in Mattermost. -* :doc:`Google SSO ` - Learn how to use Google SSO in Mattermost. -* :doc:`Entra ID SSO ` - Learn how to use Entra ID SSO in Mattermost. -* :doc:`Convert OAuth 2.0 providers to OpenID ` - Learn how to convert OAuth 2.0 providers to OpenID in Mattermost. \ No newline at end of file diff --git a/source/administration-guide/scale/collect-performance-metrics.rst b/source/administration-guide/monitoring-observability/collect-performance-metrics.rst similarity index 77% rename from source/administration-guide/scale/collect-performance-metrics.rst rename to source/administration-guide/monitoring-observability/collect-performance-metrics.rst index 3c38593bf93..b8062e0cf8d 100644 --- a/source/administration-guide/scale/collect-performance-metrics.rst +++ b/source/administration-guide/monitoring-observability/collect-performance-metrics.rst @@ -4,13 +4,13 @@ Collect performance metrics .. include:: ../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -System admins can collect and store the :doc:`same performance monitoring metrics ` as Prometheus, without having to deploy these third-party tools. Data is collected every minute and is stored in a path you configure. The data is synchronized to either a cloud-based or local file store every hour, and retained for 15 days. +System admins can collect and store the :doc:`same performance monitoring metrics ` as Prometheus, without having to deploy these third-party tools. Data is collected every minute and is stored in a path you configure. The data is synchronized to either a cloud-based or local file store every hour, and retained for 15 days. Download and share the collected data with Mattermost to understand application performance, troubleshoot system stability and performance, as well as inform route cause analysis. .. tip:: - Already have Prometheus and Grafana deployed? You can :doc:`use these tools to monitor performance of your Mattermost deployment `. + Already have Prometheus and Grafana deployed? You can :doc:`use these tools to monitor performance of your Mattermost deployment `. Mattermost configuration ------------------------ @@ -62,4 +62,4 @@ You can also use our `Mattermost Performance Monitoring v2 ` and :ref:`standard Go metrics ` that can be used to monitor your system's performance. Additionally Enterprise customers can use the Metrics plugin to collect :ref:`host/system metrics ` from `node exporter `_ targets to monitor network-related panels for Mattermost Calls. \ No newline at end of file +Mattermost provides :ref:`custom metrics ` and :ref:`standard Go metrics ` that can be used to monitor your system's performance. Additionally Enterprise customers can use the Metrics plugin to collect :ref:`host/system metrics ` from `node exporter `_ targets to monitor network-related panels for Mattermost Calls. \ No newline at end of file diff --git a/source/administration-guide/scale/deploy-prometheus-grafana-for-performance-monitoring.rst b/source/administration-guide/monitoring-observability/deploy-prometheus-grafana-for-performance-monitoring.rst similarity index 89% rename from source/administration-guide/scale/deploy-prometheus-grafana-for-performance-monitoring.rst rename to source/administration-guide/monitoring-observability/deploy-prometheus-grafana-for-performance-monitoring.rst index 8d35a2d3721..85cc42f3387 100644 --- a/source/administration-guide/scale/deploy-prometheus-grafana-for-performance-monitoring.rst +++ b/source/administration-guide/monitoring-observability/deploy-prometheus-grafana-for-performance-monitoring.rst @@ -4,13 +4,13 @@ Deploy Prometheus and Grafana for performance monitoring .. include:: ../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -Performance monitoring support enables admins to track system health for large Enterprise deployments through integrations with `Prometheus `_ and `Grafana `__. These integrations support data collection from several Mattermost servers, which is particularly useful if you're running Mattermost :doc:`in high availability mode `. Once you're tracking system health, you can :doc:`set up performance alerts ` on your Grafana dashboard. +Performance monitoring support enables admins to track system health for large Enterprise deployments through integrations with `Prometheus `_ and `Grafana `__. These integrations support data collection from several Mattermost servers, which is particularly useful if you're running Mattermost :doc:`in high availability mode `. Once you're tracking system health, you can :doc:`set up performance alerts ` on your Grafana dashboard. Admins can collect and store various data points from the Mattermost application in an `OpenMetrics `_ format by `deploying Prometheus <#install-prometheus>`_ and `Grafana <#install-grafana>`_. .. tip:: - Don't want to deploy Prometheus and Grafana? You can also :doc:`collect performance metrics using the Mattermost Metrics plugin `. + Don't want to deploy Prometheus and Grafana? You can also :doc:`collect performance metrics using the Mattermost Metrics plugin `. Install Prometheus ------------------- @@ -58,7 +58,7 @@ Install Prometheus 3. Replace the ``:`` parameter with your Mattermost host IP address and port to scrape the data. It connects to ``/metrics`` using HTTP. -4. In the Mattermost System Console, go to **Environment > Performance Monitoring** to set **Enable Performance Monitoring** to **true**, then specify the **Listen Address** and select **Save**. See our :ref:`Configuration Settings ` documentation for details. +4. In the Mattermost System Console, go to **Environment > Performance Monitoring** to set **Enable Performance Monitoring** to **true**, then specify the **Listen Address** and select **Save**. See our :ref:`Configuration Settings ` documentation for details. .. image:: ../../images/perf_monitoring_system_console.png :scale: 70 @@ -109,7 +109,7 @@ To help you get started, you can download three sample dashboards shared in Graf See `this Grafana guide `_ to learn how to import Grafana dashboards either from the UI or from the HTTP API. - `Mattermost Performance Monitoring v2 `_, which contains detailed charts for performance monitoring including application, cluster, job server, and system metrics. -- `Mattermost Notification Health Monitoring `_, which can be used to track different types of notifications sent from Mattermost. Accessing and enabling Mattermost Notification Health Monitoring requires the feature flag ``NotificationMonitoring`` to be set to ``true``. System admins can :ref:`disable notification monitoring data collection ` through the System Console. +- `Mattermost Notification Health Monitoring `_, which can be used to track different types of notifications sent from Mattermost. Accessing and enabling Mattermost Notification Health Monitoring requires the feature flag ``NotificationMonitoring`` to be set to ``true``. System admins can :ref:`disable notification monitoring data collection ` through the System Console. - `Mattermost Web App Performance Metrics `_, which contains detailed metrics for client-side performance, including web vitals and Mattermost-specifc metrics. - `Mattermost Desktop App Performance Metrics `_, which contains detailed metrics for client-side desktop performance, including CPU and memory usage metrics. - `Mattermost Mobile App Performance Metrics `_, which contains detailed metrics for client-side mobile performance, including web vitals and Mattermost-specifc metrics. @@ -120,4 +120,4 @@ To help you get started, you can download three sample dashboards shared in Graf What's collected? ----------------- -Mattermost provides :ref:`custom metrics ` and :ref:`standard Go metrics ` that can be used to monitor your system's performance. +Mattermost provides :ref:`custom metrics ` and :ref:`standard Go metrics ` that can be used to monitor your system's performance. diff --git a/source/administration-guide/monitoring-observability/monitoring-and-performance.rst b/source/administration-guide/monitoring-observability/monitoring-and-performance.rst new file mode 100644 index 00000000000..e46916d4f5c --- /dev/null +++ b/source/administration-guide/monitoring-observability/monitoring-and-performance.rst @@ -0,0 +1,43 @@ +Monitoring and performance +========================== + +This Monitoring and Performance Guide is organized into sections to help you effectively monitor, optimize, and manage the performance of your Mattermost installation. + +From collecting performance metrics and deploying monitoring tools to configuring health checks and managing notifications, this guide offers comprehensive resources to ensure your Mattermost workspace operates at peak efficiency. Use the navigation below to explore detailed instructions and best practices. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Collect performance metrics + Deploy Prometheus and Grafana for performance monitoring + Performance monitoring metrics + Push notification health targets + Performance alerting guide + Ensuring releases perform at scale + Manage user surveys + User satisfaction surveys + Notify admin + System-wide notifications + Statistics + In-product notices + Health checks + Health check probes + Product limits + +* :doc:`Collect performance metrics ` - Learn about collecting performance metrics for Mattermost. +* :doc:`Deploy Prometheus and Grafana for performance monitoring ` - Learn how to deploy Prometheus and Grafana for performance monitoring. +* :doc:`Performance monitoring metrics ` - Learn about performance monitoring metrics for Mattermost. +* :doc:`Push notification health targets ` - Learn about push notification health targets for Mattermost. +* :doc:`Performance alerting guide ` - Learn about performance alerting for Mattermost. +* :doc:`Ensuring releases perform at scale ` - Learn how to ensure releases perform at scale for Mattermost. +* :doc:`Manage user surveys ` - Learn about managing user surveys for Mattermost. +* :doc:`User satisfaction surveys ` - Learn how to send user satisfaction surveys for Mattermost. +* :doc:`Notify admin ` - Learn how to notify admins for Mattermost. +* :doc:`System-wide notifications ` - Learn about system-wide notifications for Mattermost. +* :doc:`Statistics ` - Learn about Mattermost statistics . +* :doc:`In-product notices ` - Learn how to use in-product notices for Mattermost. +* :doc:`Health checks ` - Learn about health checks for Mattermost. +* :doc:`Health check probes ` - Learn how to set up health check probes for Mattermost. +* :doc:`Product limits ` - Learn about product limits for Mattermost. \ No newline at end of file diff --git a/source/administration-guide/monitoring-observability/monitoring-observability-index.rst b/source/administration-guide/monitoring-observability/monitoring-observability-index.rst new file mode 100644 index 00000000000..ff7431b9641 --- /dev/null +++ b/source/administration-guide/monitoring-observability/monitoring-observability-index.rst @@ -0,0 +1,26 @@ +Monitoring & Observability +========================== + +Gain visibility into system health and performance. Configure logging, telemetry, probes, and dashboards to detect issues early and keep Mattermost reliable at scale. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + /administration-guide/compliance-security-auditing/logging + /administration-guide/admin-tools/telemetry + /administration-guide/monitoring-observability/statistics + /administration-guide/admin-tools/configure-health-check-probes + /administration-guide/monitoring-observability/performance-monitoring-metrics + /administration-guide/monitoring-observability/deploy-prometheus-grafana-for-performance-monitoring + /administration-guide/monitoring-observability/performance-alerting + /administration-guide/admin-tools/request-server-health-check + + +Gain visibility into system health, define alerts, and proactively prevent incidents. + +- `Configure logging, telemetry, and system statistics `_ +- `Set health probes `_ +- `Deploy Prometheus and Grafana `_ +- `Define alerting rules `_ +- `Request health checks `_ \ No newline at end of file diff --git a/source/administration-guide/scale/performance-alerting.rst b/source/administration-guide/monitoring-observability/performance-alerting.rst similarity index 97% rename from source/administration-guide/scale/performance-alerting.rst rename to source/administration-guide/monitoring-observability/performance-alerting.rst index c379a4ce567..29a0d764509 100644 --- a/source/administration-guide/scale/performance-alerting.rst +++ b/source/administration-guide/monitoring-observability/performance-alerting.rst @@ -4,7 +4,7 @@ Mattermost performance alerting guide .. include:: ../../_static/badges/ent-cloud-selfhosted.rst :start-after: :nosearch: -Mattermost recommends using `Prometheus `_ and `Grafana `_ to track performance metrics of the Mattermost application servers. The purpose of this guide is to help you set up alerts on your Grafana dashboard once you've :doc:`set up system health tracking `. +Mattermost recommends using `Prometheus `_ and `Grafana `_ to track performance metrics of the Mattermost application servers. The purpose of this guide is to help you set up alerts on your Grafana dashboard once you've :doc:`set up system health tracking `. .. note:: We highly recommend setting up performance alerting for deployments above 5,000 users, where additional servers have been added for performance load-balancing. @@ -12,7 +12,7 @@ Mattermost recommends using `Prometheus `_ and `Grafana Prerequisites ------------- -Set up performance monitoring for Mattermost. See our :doc:`Performance Monitoring ` documentation to learn more. +Set up performance monitoring for Mattermost. See our :doc:`Performance Monitoring ` documentation to learn more. To get alerts, first set up a Notification Channel in Grafana. Here’s how you can set it up to automatically post alerts in Mattermost: @@ -172,4 +172,4 @@ You can trace hooks and plugin API calls with Prometheus. Below are some example Other alerts ------------- -If you want more alerts, you can set them up on any of the Grafana charts you'd like. We recommend reviewing custom metrics listed on our :doc:`Performance Monitoring feature documentation `. +If you want more alerts, you can set them up on any of the Grafana charts you'd like. We recommend reviewing custom metrics listed on our :doc:`Performance Monitoring feature documentation `. diff --git a/source/administration-guide/scale/performance-monitoring-metrics.rst b/source/administration-guide/monitoring-observability/performance-monitoring-metrics.rst similarity index 100% rename from source/administration-guide/scale/performance-monitoring-metrics.rst rename to source/administration-guide/monitoring-observability/performance-monitoring-metrics.rst diff --git a/source/administration-guide/scale/push-notification-health-targets.rst b/source/administration-guide/monitoring-observability/push-notification-health-targets.rst similarity index 97% rename from source/administration-guide/scale/push-notification-health-targets.rst rename to source/administration-guide/monitoring-observability/push-notification-health-targets.rst index dd22333a243..19bbe2dbe1e 100644 --- a/source/administration-guide/scale/push-notification-health-targets.rst +++ b/source/administration-guide/monitoring-observability/push-notification-health-targets.rst @@ -9,7 +9,7 @@ When using the `Mattermost Notification Health ` through the System Console. + - System admins can :ref:`disable notification monitoring data collection ` through the System Console. Push Proxy Delivery Rate ------------------------ diff --git a/source/administration-guide/manage/statistics.rst b/source/administration-guide/monitoring-observability/statistics.rst similarity index 95% rename from source/administration-guide/manage/statistics.rst rename to source/administration-guide/monitoring-observability/statistics.rst index de5da457b31..b988650a8cc 100644 --- a/source/administration-guide/manage/statistics.rst +++ b/source/administration-guide/monitoring-observability/statistics.rst @@ -8,9 +8,9 @@ Statistics on users, posts, and channels are tracked for each system and team. E .. note:: - To maximize performance for large Enterprise deployments, statistics for total messages, total hashtag messages, total file messages, messages per day, and activated users with messages per day is configurable by changing the ``MaxUsersForStatistics`` value :ref:`in config.json `. + To maximize performance for large Enterprise deployments, statistics for total messages, total hashtag messages, total file messages, messages per day, and activated users with messages per day is configurable by changing the ``MaxUsersForStatistics`` value :ref:`in config.json `. -For advanced metrics for Enterprise deployments, :doc:`see performance monitoring documentation to learn more `. +For advanced metrics for Enterprise deployments, :doc:`see performance monitoring documentation to learn more `. Site statistics --------------- @@ -71,7 +71,7 @@ Master DB Conns The number of active connections currently on your master database. Replica DB Conns - The number of active connections currently on one or more of :ref:`your read replica databases `. + The number of active connections currently on one or more of :ref:`your read replica databases `. Total Playbooks The total number of collaborative playbooks on this server. diff --git a/source/administration-guide/onboard/convert-oauth20-service-providers-to-openidconnect.rst b/source/administration-guide/onboard/convert-oauth20-service-providers-to-openidconnect.rst deleted file mode 100644 index 88455655a28..00000000000 --- a/source/administration-guide/onboard/convert-oauth20-service-providers-to-openidconnect.rst +++ /dev/null @@ -1,21 +0,0 @@ -Converting OAuth 2.0 Service Providers to OpenID Connect -======================================================== - -.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst - :start-after: :nosearch: - -.. include:: common-converting-oauth-to-openidconnect.rst - :start-after: :nosearch: - -Configuring OpenID Connect Single Sign-On ------------------------------------------ - -.. include:: ../../_static/badges/selfhosted-only.rst - :start-after: :nosearch: - -For details on configuring Mattermost to use a service provider as a Single Sign-on (SSO) service for team creation, account creation, and user sign-in using OpenID Connect, refer to the following documentation: - -- :doc:`OpenID Connect Single Sign-On ` -- :doc:`GitLab Single Sign-On ` -- :doc:`Google Apps Single Sign-On ` -- :doc:`Entra ID Single Sign-On ` diff --git a/source/administration-guide/scale/additional-ha-considerations.rst b/source/administration-guide/operations-scaling/additional-ha-considerations.rst similarity index 59% rename from source/administration-guide/scale/additional-ha-considerations.rst rename to source/administration-guide/operations-scaling/additional-ha-considerations.rst index c37041f5b44..2e0d3944ed3 100644 --- a/source/administration-guide/scale/additional-ha-considerations.rst +++ b/source/administration-guide/operations-scaling/additional-ha-considerations.rst @@ -3,6 +3,6 @@ .. This page intentionally not accessible via the LHS navigation pane because it's included in other pages -`Elasticsearch `__ provides enterprise-scale deployments with optimized search performance and prevents performance degradation and timeouts. Elasticsearch allows you to search large volumes of data quickly, in near real-time, by creating and managing an index of post data. Mattermost’s implementation uses `Elasticsearch `_ as a distributed, RESTful search engine supporting highly efficient database searches in a :doc:`cluster environment `. Visit the :doc:`Mattermost Elasticsearch product documentation ` for deployment and configuration details. +`Elasticsearch `__ provides enterprise-scale deployments with optimized search performance and prevents performance degradation and timeouts. Elasticsearch allows you to search large volumes of data quickly, in near real-time, by creating and managing an index of post data. Mattermost’s implementation uses `Elasticsearch `_ as a distributed, RESTful search engine supporting highly efficient database searches in a :doc:`cluster environment `. Visit the :doc:`Mattermost Elasticsearch product documentation ` for deployment and configuration details. -Performance monitoring support enables a Mattermost server to track system health for large Enterprise deployments through integrations with `Prometheus `__ and `Grafana `__. These integrations support data collection from several Mattermost servers, which is particularly useful if you’re running Mattermost :doc:`in high availability mode `. Once you’re tracking system health, you can :doc:`set up performance alerts ` on your Grafana dashboard. Visit the :doc:`Mattermost Performance Monitoring product documentation ` for installation details. \ No newline at end of file +Performance monitoring support enables a Mattermost server to track system health for large Enterprise deployments through integrations with `Prometheus `__ and `Grafana `__. These integrations support data collection from several Mattermost servers, which is particularly useful if you’re running Mattermost :doc:`in high availability mode `. Once you’re tracking system health, you can :doc:`set up performance alerts ` on your Grafana dashboard. Visit the :doc:`Mattermost Performance Monitoring product documentation ` for installation details. \ No newline at end of file diff --git a/source/administration-guide/scale/backing-storage-benchmarks.rst b/source/administration-guide/operations-scaling/backing-storage-benchmarks.rst similarity index 89% rename from source/administration-guide/scale/backing-storage-benchmarks.rst rename to source/administration-guide/operations-scaling/backing-storage-benchmarks.rst index b73ff8ddc43..8754b56925e 100644 --- a/source/administration-guide/scale/backing-storage-benchmarks.rst +++ b/source/administration-guide/operations-scaling/backing-storage-benchmarks.rst @@ -71,9 +71,9 @@ Read operations Testing notes -------------- -- For S3 tests, :ref:`Amazon S3 exported upload part size ` was set to the default value (100MB). +- For S3 tests, :ref:`Amazon S3 exported upload part size ` was set to the default value (100MB). - Local EBS storage is the stock gp3 (3000 IOPS) provided by EC2 instances. -- Both EBS and EFS solutions tested are considered ``local`` storage options from the application's perspective, where the :ref:`file storage system ` is set to ``local`` in both cases. EFS is essentially AWS's managed NFS, which enables it to serve as a potential alternative to S3 by allowing multiple Mattermost nodes in a high-availability (HA) deployment to share a common file system. In such HA scenarios, the standard local file storage (e.g., an EBS volume attached to a single instance) :ref:`is not suitable, as it can't be shared across multiple nodes `. EFS is a good alternative in this case, but EFS is not a block storage solution like EBS. +- Both EBS and EFS solutions tested are considered ``local`` storage options from the application's perspective, where the :ref:`file storage system ` is set to ``local`` in both cases. EFS is essentially AWS's managed NFS, which enables it to serve as a potential alternative to S3 by allowing multiple Mattermost nodes in a high-availability (HA) deployment to share a common file system. In such HA scenarios, the standard local file storage (e.g., an EBS volume attached to a single instance) :ref:`is not suitable, as it can't be shared across multiple nodes `. EFS is a good alternative in this case, but EFS is not a block storage solution like EBS. Supported storage options diff --git a/source/administration-guide/scale/ensuring-releases-perform-at-scale.rst b/source/administration-guide/operations-scaling/ensuring-releases-perform-at-scale.rst similarity index 100% rename from source/administration-guide/scale/ensuring-releases-perform-at-scale.rst rename to source/administration-guide/operations-scaling/ensuring-releases-perform-at-scale.rst diff --git a/source/administration-guide/scale/estimated-storage-per-user-per-month.rst b/source/administration-guide/operations-scaling/estimated-storage-per-user-per-month.rst similarity index 100% rename from source/administration-guide/scale/estimated-storage-per-user-per-month.rst rename to source/administration-guide/operations-scaling/estimated-storage-per-user-per-month.rst diff --git a/source/administration-guide/scale/high-availability-cluster-based-deployment.rst b/source/administration-guide/operations-scaling/high-availability-cluster-based-deployment.rst similarity index 92% rename from source/administration-guide/scale/high-availability-cluster-based-deployment.rst rename to source/administration-guide/operations-scaling/high-availability-cluster-based-deployment.rst index 7fc618047f1..31b455b25ec 100644 --- a/source/administration-guide/scale/high-availability-cluster-based-deployment.rst +++ b/source/administration-guide/operations-scaling/high-availability-cluster-based-deployment.rst @@ -39,7 +39,7 @@ To ensure your instance and configuration are compatible with a high availabilit Back up your Mattermost database and file storage locations before configuring high availability. For more information about backing up, see :doc:`/deployment-guide/backup-disaster-recovery`. 1. Set up a new Mattermost server by following one of our **Install Guides**. This server must use an identical copy of the configuration file, ``config.json``. Verify the servers are functioning by hitting each independent server through its private IP address. -2. Modify the ``config.json`` files on both servers to add ``ClusterSettings``. See the :ref:`high availability cluster-based deployment configuration settings ` documentation for details. +2. Modify the ``config.json`` files on both servers to add ``ClusterSettings``. See the :ref:`high availability cluster-based deployment configuration settings ` documentation for details. 3. Verify the configuration files are identical on both servers then restart each machine in the cluster. 4. Modify your NGINX setup so that it proxies to both servers. For more information about this, see `proxy server configuration`_. 5. Open **System Console > Environment > High Availability** to verify that each machine in the cluster is communicating as expected with green status indicators. If not, investigate the log files for any extra information. @@ -83,7 +83,7 @@ Configuration settings "GossipPort": 8074 } - For more details on these settings, see the :ref:`high availability configuration settings ` documentation. + For more details on these settings, see the :ref:`high availability configuration settings ` documentation. 2. Change the process limit to 8192 and the maximum number of open files to 65536. @@ -149,7 +149,7 @@ You can do the same for the proxy server. Cluster discovery ^^^^^^^^^^^^^^^^^ -If you have non-standard (i.e. complex) network configurations, then you may need to use the :ref:`Override Hostname ` setting to help the cluster nodes discover each other. The cluster settings in the config are removed from the config file hash for this reason, meaning you can have ``config.json`` files that are slightly different in high availability mode. The Override Hostname is intended to be different for each clustered node in ``config.json`` if you need to force discovery. +If you have non-standard (i.e. complex) network configurations, then you may need to use the :ref:`Override Hostname ` setting to help the cluster nodes discover each other. The cluster settings in the config are removed from the config file hash for this reason, meaning you can have ``config.json`` files that are slightly different in high availability mode. The Override Hostname is intended to be different for each clustered node in ``config.json`` if you need to force discovery. If ``UseIpAddress`` is set to ``true``, it attempts to obtain the IP address by searching for the first non-local IP address (non-loop-back, non-localunicast, non-localmulticast network interface). It enumerates the network interfaces using the built-in go function `net.InterfaceAddrs() `_. Otherwise it tries to get the hostname using the `os.Hostname() `_ built-in go function. @@ -270,15 +270,15 @@ Database configuration Specifying configuration setting values using Mattermost environment variables ensure that they always take precedent over any other configuration settings. -For an AWS High Availability RDS cluster deployment, point the :ref:`datasource ` configuration setting to the write/read endpoint at the **cluster** level to benefit from the AWS failover handling. AWS takes care of promoting different database nodes to be the writer node. Mattermost doesn't need to manage this. +For an AWS High Availability RDS cluster deployment, point the :ref:`datasource ` configuration setting to the write/read endpoint at the **cluster** level to benefit from the AWS failover handling. AWS takes care of promoting different database nodes to be the writer node. Mattermost doesn't need to manage this. -Use the :ref:`read replica ` feature to scale the database. The Mattermost server can be set up to use one master database and one or more read replica databases. +Use the :ref:`read replica ` feature to scale the database. The Mattermost server can be set up to use one master database and one or more read replica databases. .. note:: For an AWS High Availability RDS cluster deployment, don't hard-code the IP addresses. Point this configuration setting to the write/read endpoint at the **cluster** level. This will benefit from the AWS failover handling where AWS takes care of promoting different database nodes to be the writer node. Mattermost doesn't need to manage this. -On large deployments, also consider using the :ref:`search replicas ` feature to isolate search queries onto one or more search replicas. A search replica is similar to a read replica, but is used only for handling search queries. +On large deployments, also consider using the :ref:`search replicas ` feature to isolate search queries onto one or more search replicas. A search replica is similar to a read replica, but is used only for handling search queries. .. note:: @@ -451,7 +451,7 @@ The process is based on a widely used `bully leader election algorithm `. These tasks include: +Mattermost runs periodic tasks via the :ref:`job server `. These tasks include: - LDAP sync - Data retention @@ -478,9 +478,9 @@ When you reinstall a plugin in v5.14, the previous **Enabled** or **Disabled** s CLI and High Availability ^^^^^^^^^^^^^^^^^^^^^^^^^ -The CLI is run in a single node which bypasses the mechanisms that a :doc:`high availability environment ` uses to perform actions across all nodes in the cluster. As a result, when running :doc:`CLI commands ` in a High Availability environment, tasks such as updating and deleting users or changing configuration settings require a server restart. +The CLI is run in a single node which bypasses the mechanisms that a :doc:`high availability environment ` uses to perform actions across all nodes in the cluster. As a result, when running :doc:`CLI commands ` in a High Availability environment, tasks such as updating and deleting users or changing configuration settings require a server restart. -We recommend using :doc:`mmctl ` in a high availability environment instead since a server restart is not required. These changes are made through the API layer, so the node receiving the change request notifies all other nodes in the cluster. +We recommend using :doc:`mmctl ` in a high availability environment instead since a server restart is not required. These changes are made through the API layer, so the node receiving the change request notifies all other nodes in the cluster. Upgrade guide ------------- @@ -489,7 +489,7 @@ An update is an incremental change to Mattermost server that fixes bugs or perfo .. tip:: - To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. + To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. Update configuration changes while operating continuously ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -518,7 +518,7 @@ A service interruption is not required for security patch dot releases of Matter When restarting, you aren't restarting the machines, only the Mattermost server applications. A Mattermost server restart generally takes about five seconds. -1. Review the upgrade procedure in the *Upgrade Enterprise Edition* section of :doc:`/administration-guide/upgrade/upgrading-mattermost-server`. +1. Review the upgrade procedure in the *Upgrade Enterprise Edition* section of :doc:`/administration-guide/operations-scaling/upgrading-mattermost-server`. 2. Make a backup of your existing ``config.json`` file. 3. Set your proxy to move all new requests to a single server. If you are using NGINX and it's configured with an upstream backend section in ``/etc/nginx/sites-available/mattermost`` then comment out all but the one server that you intend to update first, and reload NGINX. 4. Shut down Mattermost on each server except the one that you are updating first. @@ -542,7 +542,7 @@ If the upgrade includes a change to the database schema, the database is upgrade Apply upgrades during a period of low load. The system downtime is brief, and depends on the number of Mattermost servers in your cluster. Note that you are not restarting the machines, only the Mattermost server applications. -1. Review the upgrade procedure in the *Upgrade Enterprise Edition* section of :doc:`/administration-guide/upgrade/upgrading-mattermost-server`. +1. Review the upgrade procedure in the *Upgrade Enterprise Edition* section of :doc:`/administration-guide/operations-scaling/upgrading-mattermost-server`. 2. Make a backup of your existing ``config.json`` file. 3. Stop NGINX. 4. Upgrade each Mattermost instance. @@ -554,7 +554,7 @@ Apply upgrades during a period of low load. The system downtime is brief, and de All cluster nodes must use a single protocol ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -All cluster traffic uses the gossip protocol. :ref:`Gossip clustering can no longer be disabled `. +All cluster traffic uses the gossip protocol. :ref:`Gossip clustering can no longer be disabled `. When upgrading a high availability cluster-based deployment, you can't upgrade other nodes in the cluster when one node isn't using the gossip protocol. You must use gossip to complete this type of upgrade. Alternatively you can shut down all nodes and bring them all up individually following an upgrade. @@ -619,7 +619,7 @@ When high availability mode is enabled, the System Console displays the server s A server status of red can occur for the following reasons: - **Configuration file mismatch:** Mattermost will still attempt the inter-node communication, but the System Console will show a red status for the server since the high availability mode feature assumes the same configuration file to function properly. -- **Server version mismatch:** Mattermost will still attempt the inter-node communication, but the System Console will show a red status for the server since the high availability mode feature assumes the same version of Mattermost is installed on each server in the cluster. It is recommended to use the `latest version of Mattermost `__ on all servers. Follow the upgrade procedure in :doc:`/administration-guide/upgrade/upgrading-mattermost-server` for any server that needs to be upgraded. +- **Server version mismatch:** Mattermost will still attempt the inter-node communication, but the System Console will show a red status for the server since the high availability mode feature assumes the same version of Mattermost is installed on each server in the cluster. It is recommended to use the `latest version of Mattermost `__ on all servers. Follow the upgrade procedure in :doc:`/administration-guide/operations-scaling/upgrading-mattermost-server` for any server that needs to be upgraded. - **Server is down:** If an inter-node communication fails to send a message it makes another attempt in 15 seconds. If the second attempt fails, the server is assumed to be down. An error message is written to the logs and the System Console shows a status of red for that server. The inter-node communication continues to ping the down server in 15 second intervals. When the server comes back up, any new messages are sent to it. WebSocket disconnect @@ -632,7 +632,7 @@ App refreshes continuously When configuration settings are modified through the System Console, the client refreshes every time a user connects to a different app server. This occurs because the servers have different ``config.json`` files in a high availability cluster-based deployment. -Modify configuration settings directly through ``config.json`` :ref:`following these steps `. +Modify configuration settings directly through ``config.json`` :ref:`following these steps `. Messages do not post until after reloading ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/scale/lifetime-storage.rst b/source/administration-guide/operations-scaling/lifetime-storage.rst similarity index 100% rename from source/administration-guide/scale/lifetime-storage.rst rename to source/administration-guide/operations-scaling/lifetime-storage.rst diff --git a/source/administration-guide/operations-scaling/operations-scaling-index.rst b/source/administration-guide/operations-scaling/operations-scaling-index.rst new file mode 100644 index 00000000000..97c57b50d77 --- /dev/null +++ b/source/administration-guide/operations-scaling/operations-scaling-index.rst @@ -0,0 +1,31 @@ +Operations & Scaling +==================== + +Operate Mattermost reliably and scale capacity as your organization grows. Use these guides for upgrades, high availability, storage, search, and performance tuning. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + /administration-guide/upgrade/prepare-to-upgrade-mattermost + /administration-guide/upgrade/important-upgrade-notes + /administration-guide/upgrade/upgrading-mattermost-server + /administration-guide/upgrade/upgrade-mattermost-kubernetes-ha + /administration-guide/upgrade/downgrading-mattermost-server + high-availability-cluster-based-deployment + scaling-for-enterprise + redis + /administration-guide/platform-features/elasticsearch-setup + /administration-guide/platform-features/opensearch-setup + ensuring-releases-perform-at-scale + /administration-guide/monitoring-observability/collect-performance-metrics + /administration-guide/operations-scaling/product-limits + +Keep your deployment reliable and performant, scale as needed, and upgrade safely with minimal downtime. + +- `Plan and perform upgrades or downgrades `_ +- `Deploy high availability (HA) clusters `_ +- `Scale horizontally with Redis `_ +- `Configure Elasticsearch or OpenSearch `_ +- `Tune system performance and plan storage capacity `_ +- `Monitor push notification health `_ diff --git a/source/administration-guide/manage/product-limits.rst b/source/administration-guide/operations-scaling/product-limits.rst similarity index 83% rename from source/administration-guide/manage/product-limits.rst rename to source/administration-guide/operations-scaling/product-limits.rst index 8d34c666996..129a20eb16e 100644 --- a/source/administration-guide/manage/product-limits.rst +++ b/source/administration-guide/operations-scaling/product-limits.rst @@ -11,9 +11,9 @@ This page describes some of the product limits that apply to Mattermost, includi ":doc:`Group messages `", "8 participants", "If 8 isn't enough, create a private channel" ":doc:`Call participants `", "Unlimited", "50" - ":ref:`Custom brand text `", "500", "" - ":ref:`Custom site description `", "1024", "" - ":ref:`Advanced log output `", "500 MB file size, 1000 audit records", "" + ":ref:`Custom brand text `", "500", "" + ":ref:`Custom site description `", "1024", "" + ":ref:`Advanced log output `", "500 MB file size, 1000 audit records", "" ":ref:`Custom status `", "100 characters", "" ":ref:`Channel name `", "64 characters", "" ":ref:`Channel purpose `", "250 characters", "" @@ -24,8 +24,8 @@ This page describes some of the product limits that apply to Mattermost, includi ":ref:`Emoji reactions ` per message", "50", "" ":ref:`Custom emoji uploads `", "6000", "" ":ref:`Team description `", "50 characters", "" - ":ref:`SSO user session duration `", "30 days", "" - ":ref:`Mobile user session duration `", "30 days", "" + ":ref:`SSO user session duration `", "30 days", "" + ":ref:`Mobile user session duration `", "30 days", "" ":doc:`Attachments per message ` (files or images)", "10", "" ":ref:`Attachment file size `", "100 MB", "Configurable" ":ref:`Attachment image file size `", "253 MB", "Configurable" diff --git a/source/administration-guide/scale/redis.rst b/source/administration-guide/operations-scaling/redis.rst similarity index 100% rename from source/administration-guide/scale/redis.rst rename to source/administration-guide/operations-scaling/redis.rst diff --git a/source/administration-guide/scale/scale-to-100000-users.rst b/source/administration-guide/operations-scaling/scale-to-100000-users.rst similarity index 95% rename from source/administration-guide/scale/scale-to-100000-users.rst rename to source/administration-guide/operations-scaling/scale-to-100000-users.rst index 37a9e8cb6fe..89b74643430 100644 --- a/source/administration-guide/scale/scale-to-100000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-100000-users.rst @@ -4,14 +4,14 @@ Scale Mattermost up to 100000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 100000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 100000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers .. note:: - Usage of CPU, RAM, and storage space can vary significantly based on user behavior. These hardware recommendations are based on traditional deployments and may grow or shrink depending on how active your users are. - - From Mattermost v10.4, Mattermost Enterprise customers can configure `Redis `_ (Remote Dictionary Server) as an alternative cache backend. Using Redis can help ensure that Mattermost remains performant and efficient, even under heavy usage. See the :ref:`Redis cache backend ` configuration settings documentation for details. + - From Mattermost v10.4, Mattermost Enterprise customers can configure `Redis `_ (Remote Dictionary Server) as an alternative cache backend. Using Redis can help ensure that Mattermost remains performant and efficient, even under heavy usage. See the :ref:`Redis cache backend ` configuration settings documentation for details. - While the following Elasticsearch specifications may be more than sufficient for some use cases, we have not extensively tested configurations with lower resource allocations for this user scale. If cost optimization is a priority, admins may choose to experiment with smaller configurations, but we recommend starting with the tested specifications to ensure system stability and performance. Keep in mind that under-provisioning can lead to degraded user experience and additional troubleshooting effort. Requirements diff --git a/source/administration-guide/scale/scale-to-15000-users.rst b/source/administration-guide/operations-scaling/scale-to-15000-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-15000-users.rst rename to source/administration-guide/operations-scaling/scale-to-15000-users.rst index ee118c0e250..bd6976c0b2f 100644 --- a/source/administration-guide/scale/scale-to-15000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-15000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 15000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 15000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 15000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, reader diff --git a/source/administration-guide/scale/scale-to-200-users.rst b/source/administration-guide/operations-scaling/scale-to-200-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-200-users.rst rename to source/administration-guide/operations-scaling/scale-to-200-users.rst index 6bfafe4cf52..20ca17e0cb1 100644 --- a/source/administration-guide/scale/scale-to-200-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-200-users.rst @@ -1,7 +1,7 @@ Scale Mattermost up to 200 users ================================ -This page describes the Mattermost reference architecture designed for the load of up to 200 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 200 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Not required - **Database Configuration**: Single diff --git a/source/administration-guide/scale/scale-to-2000-users.rst b/source/administration-guide/operations-scaling/scale-to-2000-users.rst similarity index 96% rename from source/administration-guide/scale/scale-to-2000-users.rst rename to source/administration-guide/operations-scaling/scale-to-2000-users.rst index 57432c38168..a4b55f60ca2 100644 --- a/source/administration-guide/scale/scale-to-2000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-2000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 2000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for a minimum load of 100 concurrent users and up to 2000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for a minimum load of 100 concurrent users and up to 2000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, reader diff --git a/source/administration-guide/scale/scale-to-200000-users.rst b/source/administration-guide/operations-scaling/scale-to-200000-users.rst similarity index 96% rename from source/administration-guide/scale/scale-to-200000-users.rst rename to source/administration-guide/operations-scaling/scale-to-200000-users.rst index b0d92690e54..a32f00c17c0 100644 --- a/source/administration-guide/scale/scale-to-200000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-200000-users.rst @@ -4,14 +4,14 @@ Scale Mattermost up to 200000 users .. include:: ../../_static/badges/ent-adv-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 200000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 200000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers .. note:: - Usage of CPU, RAM, and storage space can vary significantly based on user behavior. These hardware recommendations are based on traditional deployments and may grow or shrink depending on how active your users are. - - From Mattermost v10.4, Mattermost Enterprise customers can configure `Redis `_ (Remote Dictionary Server) as an alternative cache backend. Using Redis can help ensure that Mattermost remains performant and efficient, even under heavy usage. See the :ref:`Redis cache backend ` configuration settings documentation for details. + - From Mattermost v10.4, Mattermost Enterprise customers can configure `Redis `_ (Remote Dictionary Server) as an alternative cache backend. Using Redis can help ensure that Mattermost remains performant and efficient, even under heavy usage. See the :ref:`Redis cache backend ` configuration settings documentation for details. - While the following Elasticsearch specifications may be more than sufficient for some use cases, we have not extensively tested configurations with lower resource allocations for this user scale. If cost optimization is a priority, admins may choose to experiment with smaller configurations, but we recommend starting with the tested specifications to ensure system stability and performance. Keep in mind that under-provisioning can lead to degraded user experience and additional troubleshooting effort. User login scalability diff --git a/source/administration-guide/scale/scale-to-30000-users.rst b/source/administration-guide/operations-scaling/scale-to-30000-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-30000-users.rst rename to source/administration-guide/operations-scaling/scale-to-30000-users.rst index 89904bddc58..4a46e42361f 100644 --- a/source/administration-guide/scale/scale-to-30000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-30000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 30000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 30000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 30000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers diff --git a/source/administration-guide/scale/scale-to-50000-users.rst b/source/administration-guide/operations-scaling/scale-to-50000-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-50000-users.rst rename to source/administration-guide/operations-scaling/scale-to-50000-users.rst index e17d155aeb3..2b58fd3a99c 100644 --- a/source/administration-guide/scale/scale-to-50000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-50000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 50000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 50000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 50000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers diff --git a/source/administration-guide/scale/scale-to-80000-users.rst b/source/administration-guide/operations-scaling/scale-to-80000-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-80000-users.rst rename to source/administration-guide/operations-scaling/scale-to-80000-users.rst index 0b15f31b736..169f9d0d062 100644 --- a/source/administration-guide/scale/scale-to-80000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-80000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 80000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 80000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 80000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers diff --git a/source/administration-guide/scale/scale-to-90000-users.rst b/source/administration-guide/operations-scaling/scale-to-90000-users.rst similarity index 97% rename from source/administration-guide/scale/scale-to-90000-users.rst rename to source/administration-guide/operations-scaling/scale-to-90000-users.rst index 94dbee14620..13e96e2fa7e 100644 --- a/source/administration-guide/scale/scale-to-90000-users.rst +++ b/source/administration-guide/operations-scaling/scale-to-90000-users.rst @@ -4,7 +4,7 @@ Scale Mattermost up to 90000 users .. include:: ../../_static/badges/ent-selfhosted.rst :start-after: :nosearch: -This page describes the Mattermost reference architecture designed for the load of up to 90000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. +This page describes the Mattermost reference architecture designed for the load of up to 90000 concurrent users. Unsure which reference architecture to use? See the :doc:`scaling for enterprise ` documentation for details. - **High Availability**: Required - **Database Configuration**: writer, multiple readers diff --git a/source/administration-guide/scale/scaling-for-enterprise.rst b/source/administration-guide/operations-scaling/scaling-for-enterprise.rst similarity index 57% rename from source/administration-guide/scale/scaling-for-enterprise.rst rename to source/administration-guide/operations-scaling/scaling-for-enterprise.rst index 16e95354841..ea37bebca8d 100644 --- a/source/administration-guide/scale/scaling-for-enterprise.rst +++ b/source/administration-guide/operations-scaling/scaling-for-enterprise.rst @@ -12,24 +12,24 @@ Server requirements vary based on usage and we highly recommend that you run a p Backing storage --------------- -Review detailed :doc:`write and read storage benchmark results ` for supported storage options including local file system (EBS, gp3), network file system (EFS), and object storage (S3) to make informed decisions based on your use case and infrastructure needs. +Review detailed :doc:`write and read storage benchmark results ` for supported storage options including local file system (EBS, gp3), network file system (EFS), and object storage (S3) to make informed decisions based on your use case and infrastructure needs. Enterprise search ----------------- We highly recommend a dedicated server for large enterprise deployments to run highly efficient database searches in a cluster environment. -For deployments with over 5 million posts, :doc:`Enterprise search ` using :ref:`Elasticsearch ` or :ref:`AWS OpenSearch Service ` is required for optimized search performance, dedicated indexing and usage resourcing via cluster support without performance degradation and timeouts, resulting in faster, more predicable search results. +For deployments with over 5 million posts, :doc:`Enterprise search ` using :ref:`Elasticsearch ` or :ref:`AWS OpenSearch Service ` is required for optimized search performance, dedicated indexing and usage resourcing via cluster support without performance degradation and timeouts, resulting in faster, more predicable search results. High availability ----------------- -A :doc:`high availability cluster-based deployment ` enables a Mattermost system to maintain service during outages and hardware failures through the use of redundant infrastructure. +A :doc:`high availability cluster-based deployment ` enables a Mattermost system to maintain service during outages and hardware failures through the use of redundant infrastructure. Redis ----- -:doc:`Redis ` is an in-memory data structure store that can be used as a database, cache, and message broker. Mattermost uses Redis as an external cache to improve performance at scale. When properly configured, Redis can help support Mattermost installations with more than 100,000 users by providing improved performance through efficient caching. +:doc:`Redis ` is an in-memory data structure store that can be used as a database, cache, and message broker. Mattermost uses Redis as an external cache to improve performance at scale. When properly configured, Redis can help support Mattermost installations with more than 100,000 users by providing improved performance through efficient caching. Available reference architectures --------------------------------- @@ -39,31 +39,31 @@ Available reference architectures :hidden: :titlesonly: - Backing storage benchmarks - Enterprise search - High availability - Redis - Scale up to 200 users - Scale up to 2000 users - Scale up to 15000 users - Scale up to 30000 users - Scale up to 50000 users - Scale up to 80000 users - Scale up to 90000 users - Scale up to 100000 users - Scale up to 200000 users + Backing storage benchmarks + Enterprise search + High availability + Redis + Scale up to 200 users + Scale up to 2000 users + Scale up to 15000 users + Scale up to 30000 users + Scale up to 50000 users + Scale up to 80000 users + Scale up to 90000 users + Scale up to 100000 users + Scale up to 200000 users The following reference architectures are available as recommended starting points for your self-hosted Mattermost deployment, where user counts refer to the number of concurrent users for a given deployment. The number of concurrent numbers is commonly lower than the total number of user accounts. -* :doc:`Scale up to 200 users ` - Learn how to scale Mattermost to up to 200 users. -* :doc:`Scale up to 2000 users ` - Learn how to scale Mattermost to up to 2000 users. -* :doc:`Scale up to 15000 users ` - Learn how to scale Mattermost to up to 15000 users. -* :doc:`Scale up to 30000 users ` - Learn how to scale Mattermost to up to 30000 users. -* :doc:`Scale up to 50000 users ` - Learn how to scale Mattermost to up to 50000 users. -* :doc:`Scale up to 80000 users ` - Learn how to scale Mattermost to up to 80000 users. -* :doc:`Scale up to 90000 users ` - Learn how to scale Mattermost to up to 90000 users. -* :doc:`Scale up to 100000 users ` - Learn how to scale Mattermost to up to 100000 users. -* :doc:`Scale up to 200000 users ` - Learn how to scale Mattermost to up to 200000 users. +* :doc:`Scale up to 200 users ` - Learn how to scale Mattermost to up to 200 users. +* :doc:`Scale up to 2000 users ` - Learn how to scale Mattermost to up to 2000 users. +* :doc:`Scale up to 15000 users ` - Learn how to scale Mattermost to up to 15000 users. +* :doc:`Scale up to 30000 users ` - Learn how to scale Mattermost to up to 30000 users. +* :doc:`Scale up to 50000 users ` - Learn how to scale Mattermost to up to 50000 users. +* :doc:`Scale up to 80000 users ` - Learn how to scale Mattermost to up to 80000 users. +* :doc:`Scale up to 90000 users ` - Learn how to scale Mattermost to up to 90000 users. +* :doc:`Scale up to 100000 users ` - Learn how to scale Mattermost to up to 100000 users. +* :doc:`Scale up to 200000 users ` - Learn how to scale Mattermost to up to 200000 users. .. important:: @@ -78,7 +78,7 @@ At a high level, each deployment size was fixed (Mattermost server node count/si Tests were defined by configuration of the actions executed by each simulated user (and the frequency of these actions) where the coordinator metrics define a health system under load. Tests were performed using the Mattermost v9.5 Extended Support Release (ESR). Job servers weren't used. All tests with more than a single app node had an NGINX proxy running in front of them. -For the last test of 200K users, further infrastructure changes were made. Elasticsearch nodes were added. A Redis instance was added, and multiple NGINX proxies were used to distribute traffic evenly across all nodes in the cluster. More details can be found on the :doc:`scale to 200000 users ` documentation page. +For the last test of 200K users, further infrastructure changes were made. Elasticsearch nodes were added. A Redis instance was added, and multiple NGINX proxies were used to distribute traffic evenly across all nodes in the cluster. More details can be found on the :doc:`scale to 200000 users ` documentation page. Full testing methodology, configuration, and setup is available, incluidng a `fixed database dump with 100 million posts `_. Visit the `Mattermost Community `_ and join the `Developers: Performance channel `_ for details. @@ -96,7 +96,7 @@ Visit the `Mattermost Load Test Tool ` with our :ref:`dashboards ` for ongoing monitoring and scale guidance. - - If you encounter performance concerns, we recommend :doc:`collecting performance metrics ` and sharing them with us as a first troubleshooting step. + - We recommend deploying :doc:`Prometheus and Grafana ` with our :ref:`dashboards ` for ongoing monitoring and scale guidance. + - If you encounter performance concerns, we recommend :doc:`collecting performance metrics ` and sharing them with us as a first troubleshooting step. `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. diff --git a/source/administration-guide/configure/agents-admin-guide.rst b/source/administration-guide/platform-features/agents-admin-guide.rst similarity index 100% rename from source/administration-guide/configure/agents-admin-guide.rst rename to source/administration-guide/platform-features/agents-admin-guide.rst diff --git a/source/administration-guide/configure/bleve-search.rst b/source/administration-guide/platform-features/bleve-search.rst similarity index 83% rename from source/administration-guide/configure/bleve-search.rst rename to source/administration-guide/platform-features/bleve-search.rst index e91faa9198a..eb418399c54 100644 --- a/source/administration-guide/configure/bleve-search.rst +++ b/source/administration-guide/platform-features/bleve-search.rst @@ -21,7 +21,7 @@ Follow these steps to configure the Mattermost server to use Bleve and generate 1. Open **System Console > Experimental > Bleve**. 2. Set **Enable Bleve Indexing** to **true** to enable the other settings on the page. -3. Set the directory path to use for storing Bleve indexes (e.g.: ``/var/opt/mattermost/bleveindexes``). The user running Mattermost should have permissions to access the directory. See our :ref:`configuration settings ` documentation for details. +3. Set the directory path to use for storing Bleve indexes (e.g.: ``/var/opt/mattermost/bleveindexes``). The user running Mattermost should have permissions to access the directory. See our :ref:`configuration settings ` documentation for details. 4. Save the configuration. 5. Select **Index Now**. All users, channels, and posts in the database will be indexed oldest to newest. 6. Set **Enable Bleve for search queries** to **true**. @@ -29,7 +29,7 @@ Follow these steps to configure the Mattermost server to use Bleve and generate .. note:: - Search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an extraction command is run using the :ref:`mmctl `. After running this command, the search index must be rebuilt. Go to **System Console > Experimental > Bleve > Bulk Indexing**, then select **Index Now** to rebuild the search index to include older file contents. + Search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an extraction command is run using the :ref:`mmctl `. After running this command, the search index must be rebuilt. Go to **System Console > Experimental > Bleve > Bulk Indexing**, then select **Index Now** to rebuild the search index to include older file contents. Using Bleve search ------------------ @@ -42,4 +42,4 @@ The following conditions are applied when using Bleve search: How does search work with Bleve disabled? ------------------------------------------- -Mattermost performs full text searches against the database unless you have an :ref:`Enterprise license ` and :doc:`enterprise search ` configured. \ No newline at end of file +Mattermost performs full text searches against the database unless you have an :ref:`Enterprise license ` and :doc:`enterprise search ` configured. \ No newline at end of file diff --git a/source/administration-guide/configure/calls-deployment.md b/source/administration-guide/platform-features/calls-deployment.md similarity index 100% rename from source/administration-guide/configure/calls-deployment.md rename to source/administration-guide/platform-features/calls-deployment.md diff --git a/source/administration-guide/configure/calls-rtcd-ent-only.md b/source/administration-guide/platform-features/calls-rtcd-ent-only.md similarity index 100% rename from source/administration-guide/configure/calls-rtcd-ent-only.md rename to source/administration-guide/platform-features/calls-rtcd-ent-only.md diff --git a/source/administration-guide/scale/common-configure-mattermost-for-enterprise-search.rst b/source/administration-guide/platform-features/common-configure-mattermost-for-enterprise-search.rst similarity index 92% rename from source/administration-guide/scale/common-configure-mattermost-for-enterprise-search.rst rename to source/administration-guide/platform-features/common-configure-mattermost-for-enterprise-search.rst index 7849b2753a9..c4f1bf60670 100644 --- a/source/administration-guide/scale/common-configure-mattermost-for-enterprise-search.rst +++ b/source/administration-guide/platform-features/common-configure-mattermost-for-enterprise-search.rst @@ -9,7 +9,7 @@ Set server connection details 1. (Optional) Enter **Server Username** used to access the enterprise search server. 2. (Optional) Enter **Server Password** associated with the username. 3. Set **Enable Cluster Sniffing** (Optional). Sniffing finds and connects to all data nodes in your cluster automatically. -4. Optional CA and client certificate configuration settings are available for use with basic authentication credentials or to replace them. See the :ref:`Enterprise search configuration settings ` documentation for details. +4. Optional CA and client certificate configuration settings are available for use with basic authentication credentials or to replace them. See the :ref:`Enterprise search configuration settings ` documentation for details. 5. Select **Test Connection** and then select **Save**. If the server connection is unsuccessful you won't be able to save the configuration or enable searching with Elasticsearch or AWS OpenSearch. Build the post index of existing messages @@ -26,7 +26,7 @@ Set **Enable Elasticsearch for search queries** to ``true``, and setting **Enabl .. note:: - For high post volume deployments, we strongly encourage you to read and properly configure the Mattermost :ref:`LiveIndexingBatchSize ` configuration setting. + For high post volume deployments, we strongly encourage you to read and properly configure the Mattermost :ref:`LiveIndexingBatchSize ` configuration setting. .. warning:: diff --git a/source/administration-guide/onboard/connected-workspaces.rst b/source/administration-guide/platform-features/connected-workspaces.rst similarity index 94% rename from source/administration-guide/onboard/connected-workspaces.rst rename to source/administration-guide/platform-features/connected-workspaces.rst index 3282706e7b2..7dd930a627c 100644 --- a/source/administration-guide/onboard/connected-workspaces.rst +++ b/source/administration-guide/platform-features/connected-workspaces.rst @@ -8,7 +8,7 @@ Communicate across organizations, as well as external partners and vendors using Connected workspaces in Mattermost behave like regular public and private channels and offer the same user experience and functionality. All members using secure connections, including local members and remote members, can :doc:`send and receive channel messages `, :doc:`use emojis ` to react to messages, :doc:`share files `, and :doc:`search message history `. Content is synchronized across all participating Mattermost instances. -A channel's permissions and access continues to be governed by each server separately. :ref:`Advanced access control ` permissions can be applied to a shared channel, and be in effect on the local Mattermost server while not being in effect on a remote Mattermost server. +A channel's permissions and access continues to be governed by each server separately. :ref:`Advanced access control ` permissions can be applied to a shared channel, and be in effect on the local Mattermost server while not being in effect on a remote Mattermost server. Set up connected workspaces --------------------------- @@ -39,11 +39,11 @@ System admins must enable connected workspaces functionality for their Mattermos - ``ConnectedWorkspacesSettings.EnableRemoteClusterService = true`` - ``ConnectedWorkspacesSettings.EnableSharedChannels = true`` -See the :ref:`Site Configuration Settings ` documentation for details. +See the :ref:`Site Configuration Settings ` documentation for details. .. note:: - Following an upgrade to Mattermost v10.2 or later, existing configuration values for shared channels, including ``EnableSharedChannels`` and ``EnableRemoteClusterService`` are automatically converted to :ref:`connected workspace configuration settings ` in the ``config.json`` file. The :ref:`deprecated shared channels experimental settings ` remain in the ``config.json`` file to support backwards compatibility. + Following an upgrade to Mattermost v10.2 or later, existing configuration values for shared channels, including ``EnableSharedChannels`` and ``EnableRemoteClusterService`` are automatically converted to :ref:`connected workspace configuration settings ` in the ``config.json`` file. The :ref:`deprecated shared channels experimental settings ` remain in the ``config.json`` file to support backwards compatibility. Create a secure connection --------------------------- @@ -169,7 +169,7 @@ From Mattermost v10.10, remote users across connected workspaces can be discover - Filters out users from their original cluster to prevent syncing users back to their home instance - Only syncs users that have been updated since the last synchronization -The feature includes configuration options for :ref:`automatically syncing users when connections are established ` and :ref:`controlling batch processing sizes ` for optimal performance. +The feature includes configuration options for :ref:`automatically syncing users when connections are established ` and :ref:`controlling batch processing sizes ` for optimal performance. When ``EnableSyncAllUsersForRemoteCluster`` is disabled, remote users are only discoverable in the DM/GM creation modal after they have participated in a shared channel. @@ -189,7 +189,7 @@ When ``EnableSharedChannelsMemberSync`` is enabled: - Membership changes are processed in configurable batch sizes to optimize performance and prevent timeouts - The system uses cursor-based synchronization to efficiently track and sync membership changes -The feature includes a configuration option for :ref:`controlling batch processing sizes for member synchronization ` to ensure optimal performance during large membership changes. +The feature includes a configuration option for :ref:`controlling batch processing sizes for member synchronization ` to ensure optimal performance during large membership changes. When ``EnableSharedChannelsMemberSync`` is disabled, channel membership changes are not synchronized between connected workspaces, and users must be manually added or removed from shared channels on each workspace. @@ -313,9 +313,9 @@ When a user is added to a shared channel, member status is synchronized within a When using Mattermost in a web browser, Mattermost polls the server every minute. Refreshing the browser page triggers immediate synchronization. -By default, a maximum of 50 messages are synchronized at a time, and :ref:`this value is configurable `. +By default, a maximum of 50 messages are synchronized at a time, and :ref:`this value is configurable `. -Channel as well as member status and availability synchronization :ref:`can be disabled `. +Channel as well as member status and availability synchronization :ref:`can be disabled `. From Mattermost v10.10, channel membership can be synchronized between connected workspaces when the feature flag ``EnableSharedChannelsMemberSync`` is enabled. When a user is added to or removed from a shared channel on one workspace, that membership change is automatically applied to the corresponding shared channel on all connected workspaces. This ensures consistent channel membership across all participating Mattermost instances. Additionally, connected workspaces also synchronize message priority, message acknowledgements, and persistent notifications between connected servers. This ensures that important message indicators and user interactions are consistently reflected across all connected workspace instances. diff --git a/source/administration-guide/scale/elasticsearch-setup.rst b/source/administration-guide/platform-features/elasticsearch-setup.rst similarity index 97% rename from source/administration-guide/scale/elasticsearch-setup.rst rename to source/administration-guide/platform-features/elasticsearch-setup.rst index 54bd45798d7..997e4cfee26 100644 --- a/source/administration-guide/scale/elasticsearch-setup.rst +++ b/source/administration-guide/platform-features/elasticsearch-setup.rst @@ -83,5 +83,5 @@ Follow these steps to configure Mattermost to use your Elasticsearch server and 2. Set **Enable Elasticsearch Indexing** to ``true`` to enable the other the settings on the page. Once the configuration is saved, new posts made to the database are automatically indexed on the Elasticsearch server. 3. Ensure **Backend type** is set to ``elasticsearch``. -.. include:: /administration-guide/scale/common-configure-mattermost-for-enterprise-search.rst +.. include:: /administration-guide/platform-features/common-configure-mattermost-for-enterprise-search.rst :start-after: :nosearch: \ No newline at end of file diff --git a/source/administration-guide/configure/enabling-chinese-japanese-korean-search.rst b/source/administration-guide/platform-features/enabling-chinese-japanese-korean-search.rst similarity index 100% rename from source/administration-guide/configure/enabling-chinese-japanese-korean-search.rst rename to source/administration-guide/platform-features/enabling-chinese-japanese-korean-search.rst diff --git a/source/administration-guide/scale/enterprise-search.rst b/source/administration-guide/platform-features/enterprise-search.rst similarity index 87% rename from source/administration-guide/scale/enterprise-search.rst rename to source/administration-guide/platform-features/enterprise-search.rst index d25640d5ecb..b6457181147 100644 --- a/source/administration-guide/scale/enterprise-search.rst +++ b/source/administration-guide/platform-features/enterprise-search.rst @@ -15,22 +15,22 @@ Mattermost database search starts to show performance degradation at around 2 mi :hidden: :titlesonly: - Elasticsearch setup - AWS OpenSearch setup + Elasticsearch setup + AWS OpenSearch setup Elasticsearch ------------- Elasticsearch is a well-established and widely used search engine with a large ecosystem and community support that provides enterprise-scale deployments with optimized search performance, dedicated indexing, and usage resourcing via cluster support for fast, predicable search results. -Mattermost's implementation uses `Elasticsearch `_ as a distributed, RESTful search engine supporting highly efficient database searches in a :doc:`cluster environment `. Learn more about :doc:`setting up and configuring Mattermost for an Elasticsearch server `. +Mattermost's implementation uses `Elasticsearch `_ as a distributed, RESTful search engine supporting highly efficient database searches in a :doc:`cluster environment `. Learn more about :doc:`setting up and configuring Mattermost for an Elasticsearch server `. AWS OpenSearch Service ----------------------- AWS OpenSearch Service is the official path forward from Elasticsearch v7.10.x for AWS customers. It's a fully managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud to provide a simple and cost-effective way to search, analyze, and visualize data in real time. -The AWS OpenSearch Service is built on the open-source OpenSearch project, which is a community-driven fork of Elasticsearch. Learn more about :doc:`setting up and configuring Mattermost for an OpenSearch server `. +The AWS OpenSearch Service is built on the open-source OpenSearch project, which is a community-driven fork of Elasticsearch. Learn more about :doc:`setting up and configuring Mattermost for an OpenSearch server `. Supported paths ---------------- @@ -39,13 +39,13 @@ Review the following support paths for enterprise search based on the version yo .. tab:: Elasticsearch v8 - `Elasticsearch v8 `__ is supported from Mattermost v9.11. While Mattermost supports Elasticsearch v7.17+, we recommend upgrading your Elasticsearch v7 instance to v8.x. See the `Elasticsearch upgrade `_ documentation for upgrade details, and see the :doc:`Elasticsearch setup ` documentation for details on configuring your Mattermost deployment to use Elasticsearch. + `Elasticsearch v8 `__ is supported from Mattermost v9.11. While Mattermost supports Elasticsearch v7.17+, we recommend upgrading your Elasticsearch v7 instance to v8.x. See the `Elasticsearch upgrade `_ documentation for upgrade details, and see the :doc:`Elasticsearch setup ` documentation for details on configuring your Mattermost deployment to use Elasticsearch. .. tab:: AWS OpenSearch Service AWS OpenSearch Service is the official path forward from Elasticsearch v7.10.x for AWS customers to provide a simple and cost-effective way to search, analyze, and visual data in real time. It's essentially a continuation of Elasticsearch v7.10.x but maintained as open source by AWS. It provides long-term support, active development, and compatibility with AWS clients, libraries, and managed services. - See the **AWS Elasticsearch v7.10.x** tab on this page for details on upgrading to AWS OpenSearch, and see the :doc:`AWS OpenSearch setup ` documentation for details on configuring your Mattermost deployment to use AWS OpenSearch. + See the **AWS Elasticsearch v7.10.x** tab on this page for details on upgrading to AWS OpenSearch, and see the :doc:`AWS OpenSearch setup ` documentation for details on configuring your Mattermost deployment to use AWS OpenSearch. .. tab:: AWS Elasticsearch v7.10.x @@ -55,7 +55,7 @@ Review the following support paths for enterprise search based on the version yo 1. Disable "compatibility mode" in OpenSearch. 2. Upgrade Mattermost server. - 3. Update the Mattermost ``ElasticsearchSettings.Backend`` configuration setting value from ``elasticsearch`` to ```opensearch``` manually or using :ref:`mmctl `. This value cannot be changed using the System Console. See the Mattermost search :ref:`backend type ` configuration setting documentation for additional details. + 3. Update the Mattermost ``ElasticsearchSettings.Backend`` configuration setting value from ``elasticsearch`` to ```opensearch``` manually or using :ref:`mmctl `. This value cannot be changed using the System Console. See the Mattermost search :ref:`backend type ` configuration setting documentation for additional details. 4. Restart the Mattermost server. Frequently asked questions (FAQ) @@ -84,7 +84,7 @@ Yes. From Mattermost v6.7, the search indexing job is resumable. Stopping a serv Can an index rollover policy be defined? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The :ref:`AggregatePostsAfterDays ` configuration setting defines a cutoff value. All posts preceding this value are reindexed and aggregated into new and bigger indexes. The default setting is 365 days. +The :ref:`AggregatePostsAfterDays ` configuration setting defines a cutoff value. All posts preceding this value are reindexed and aggregated into new and bigger indexes. The default setting is 365 days. Are there any new search features offered with Elasticsearch? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -101,7 +101,7 @@ How do I monitor system health of an Elasticsearch server? You can use this Prometheus exporter to monitor `various metrics `__ about Elasticsearch: `justwatchcom/elasticsearch_exporter `__. -You can also refer to this `article about Elasticsearch performance monitoring `__. It's not written specifically for Prometheus, which :doc:`Mattermost's performance monitoring ` system uses, but has several tips and best practices. +You can also refer to this `article about Elasticsearch performance monitoring `__. It's not written specifically for Prometheus, which :doc:`Mattermost's performance monitoring ` system uses, but has several tips and best practices. What form of data is sent to Elasticsearch or OpenSearch? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/configure/install-boards.rst b/source/administration-guide/platform-features/install-boards.rst similarity index 99% rename from source/administration-guide/configure/install-boards.rst rename to source/administration-guide/platform-features/install-boards.rst index f521a645efc..f5f5d3be556 100644 --- a/source/administration-guide/configure/install-boards.rst +++ b/source/administration-guide/platform-features/install-boards.rst @@ -1,4 +1,4 @@ -Install Mattermost Boards +Deploy Mattermost Boards ========================== .. include:: ../../_static/badges/ent-cloud-selfhosted.rst diff --git a/source/administration-guide/manage/admin/installing-license-key.rst b/source/administration-guide/platform-features/installing-license-key.rst similarity index 77% rename from source/administration-guide/manage/admin/installing-license-key.rst rename to source/administration-guide/platform-features/installing-license-key.rst index fbf95de289e..b86ee227883 100644 --- a/source/administration-guide/manage/admin/installing-license-key.rst +++ b/source/administration-guide/platform-features/installing-license-key.rst @@ -1,7 +1,7 @@ Install a license key ===================== -.. include:: ../../../_static/badges/ent-pro-cloud-selfhosted.rst +.. include:: ../../_static/badges/ent-pro-cloud-selfhosted.rst :start-after: :nosearch: You can use the System Console or the mmctl tools to add or change a Mattermost license key. @@ -15,7 +15,7 @@ You can use the System Console or the mmctl tools to add or change a Mattermost .. tab:: Use mmctl - Use the :ref:`mmctl license upload ` command to upload a new license or replace an existing license file with a new one. When complete, restart the Mattermost server. If you're running in a :doc:`High Availability ` environment, the new license file must be updated to every node. + Use the :ref:`mmctl license upload ` command to upload a new license or replace an existing license file with a new one. When complete, restart the Mattermost server. If you're running in a :doc:`High Availability ` environment, the new license file must be updated to every node. .. code-block:: sh @@ -23,10 +23,10 @@ You can use the System Console or the mmctl tools to add or change a Mattermost .. note:: - - From Mattermost v10.11, the option to add a license is disabled when the license is set using an :ref:`environment variable `. + - From Mattermost v10.11, the option to add a license is disabled when the license is set using an :ref:`environment variable `. - Enterprise customers with the Premier Support add-on can request a staging license for testing. - Removing a Mattermost Enterprise or Professional license key won't remove the configuration for Enterprise settings; however, these features won't function until an Enterprise or Professional license key is applied. - - When you're using :doc:`High Availability `, it's critical to ensure that all servers in the cluster have same Enterprise license properly installed to prevent multi-node clusters from failing. An Enterprise license is required for High Availability to work. + - When you're using :doc:`High Availability `, it's critical to ensure that all servers in the cluster have same Enterprise license properly installed to prevent multi-node clusters from failing. An Enterprise license is required for High Availability to work. - When you apply an Enterprise license key to a server previously licensed for Professional, Professional features retain their configuration settings in Enterprise. - When you apply a Professional license to a server previously licensed for Enterprise, Enterprise features retain their configuration but will no longer be accessible for use. diff --git a/source/administration-guide/scale/opensearch-setup.rst b/source/administration-guide/platform-features/opensearch-setup.rst similarity index 98% rename from source/administration-guide/scale/opensearch-setup.rst rename to source/administration-guide/platform-features/opensearch-setup.rst index 553b1c26796..1e95d7d8c26 100644 --- a/source/administration-guide/scale/opensearch-setup.rst +++ b/source/administration-guide/platform-features/opensearch-setup.rst @@ -261,5 +261,5 @@ Follow these steps to configure Mattermost to use your AWS OpenSearch server and 4. Set the **Server Connection Address** to your Elasticsearch or OpenSearch cluster endpoint. 5. Monitor cluster health: ``curl https://mattermost-os-xxxxx.us-east-1.es.amazonaws.com/_cluster/health`` -.. include:: /administration-guide/scale/common-configure-mattermost-for-enterprise-search.rst +.. include:: /administration-guide/platform-features/common-configure-mattermost-for-enterprise-search.rst :start-after: :nosearch: diff --git a/source/administration-guide/configure/optimize-your-workspace.rst b/source/administration-guide/platform-features/optimize-your-workspace.rst similarity index 85% rename from source/administration-guide/configure/optimize-your-workspace.rst rename to source/administration-guide/platform-features/optimize-your-workspace.rst index 4929fe13748..d9519dbfcbc 100644 --- a/source/administration-guide/configure/optimize-your-workspace.rst +++ b/source/administration-guide/platform-features/optimize-your-workspace.rst @@ -31,29 +31,30 @@ The following optimization areas can alert you to workspace suggestions, warning | Optimization category | Suggestions, Warnings, or Problems Detected | Additional Information | +=======================+==========================================================================================================+======================================================================================================================================================================+ | Mattermost release | Are you on the latest Mattermost release? | You're notified when updates are available. | -| | | See the :doc:`Upgrade Mattermost ` product documentation for details on upgrading your workspace. | +| | | See the :doc:`Upgrade Mattermost ` product documentation for details on upgrading. | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration issues | - **SSL**: Should your workspace be more secure with SSL? | See the product documentation to learn more: | | | | | -| | - **Session Length**: The default value may not provide an optimal user experience. | - :doc:`Set up SSL ` | -| | | - :ref:`Configure session length ` | -| | - **File Storage**: Write access to the configured file storage location is required. | - :ref:`Configure file storage ` | +| | - **Session Length**: The default value may not provide an optimal user experience. | - :doc:`Set up SSL ` | +| | | - :ref:`Configure session length ` | +| | - **File Storage**: Write access to the configured file storage location is required. | - :ref:`Configure file storage ` | | | | | | | .. include:: ../../_static/badges/academy-file-storage.rst | | | | :start-after: :nosearch: | | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Workspace access | Is the Mattermost workspace accessible to users? | If your web server settings don't pass a live URL test, your workspace may not be accessible to others. | -| | | See the :ref:`Web server configuration settings ` product documentation to learn more: | +| | | See the :ref:`Web server configuration settings ` product | +| | | documentation to learn more: | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Search performance | As your user base grows, is search getting slower? | See the :doc:`Enterprise search ` product documentation to learn more. | +| Search performance | As your user base grows, is search getting slower? | See the :doc:`Enterprise search ` product documentation to learn more. | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Data privacy | Do you need more control and insights into your data? | See the product documentation to learn more: | | | | | -| | | - :doc:`Data Retention ` | -| | | - :doc:`Compliance Export ` | +| | | - :doc:`Data Retention ` | +| | | - :doc:`Compliance Export ` | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | User authentication | - **AD/LDAP**: As your user base grows, would you benefit from easier onboarding, | See the product documentation to learn more: | | | automated deactivations, and role assignments? | | -| | | - :ref:`AD/LDAP ` | -| | - **Guest accounts**: Do you want to control user access to channels and teams with guest accounts? | - :doc:`Guest accounts ` | +| | | - :ref:`AD/LDAP ` | +| | - **Guest accounts**: Do you want to control user access to channels and teams with guest accounts? | - :doc:`Guest accounts ` | +-----------------------+----------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/source/administration-guide/platform-features/platform-features-index.rst b/source/administration-guide/platform-features/platform-features-index.rst new file mode 100644 index 00000000000..4c0c9c6e6e3 --- /dev/null +++ b/source/administration-guide/platform-features/platform-features-index.rst @@ -0,0 +1,28 @@ +Platform Features +================= + +.. toctree:: + :maxdepth: 1 + :titlesonly: + +Expand your deployment with core features and improve search relevance. + +- :doc:`Deploy Boards for project management ` +- :doc:`Deploy Calls for real-time voice and video ` +- :doc:`Deploy Agents ` +- :doc:`Set up SMTP email ` +- :doc:`Manage system attributes ` + + +Search +~~~~~~~ + +- :doc:`Enable enterprise search ` +- :doc:`Connect multiple Mattermost workspaces ` +- :doc:`Enable Chinese, Japanese, or Korean search ` +- :doc:`Optimize your workspace ` + +Integrations +~~~~~~~~~~~~ + +Learn more about :doc:`integrating Mattermost with other systems `. \ No newline at end of file diff --git a/source/administration-guide/configure/smtp-email.rst b/source/administration-guide/platform-features/smtp-email.rst similarity index 96% rename from source/administration-guide/configure/smtp-email.rst rename to source/administration-guide/platform-features/smtp-email.rst index b63294b61b2..e166ada17cc 100644 --- a/source/administration-guide/configure/smtp-email.rst +++ b/source/administration-guide/platform-features/smtp-email.rst @@ -4,7 +4,7 @@ SMTP email setup .. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: -In a production environment, Mattermost requires SMTP email enabled for email notifications and password resets when using :ref:`email-based authentication `. +In a production environment, Mattermost requires SMTP email enabled for email notifications and password resets when using :ref:`email-based authentication `. Set up an SMTP email service ----------------------------- @@ -30,7 +30,7 @@ Configure SMTP settings 1. In Mattermost go to **System Console > Authentication > Email**, and set **Allow Sign Up With Email** to **true**. -2. In the System Console, go to **Notifications > Email** and configure Mattermost for your SMTP service. See the :ref:`SMTP configuration ` documentation for details. +2. In the System Console, go to **Notifications > Email** and configure Mattermost for your SMTP service. See the :ref:`SMTP configuration ` documentation for details. - Set **Send Email Notifications** to **true**. - Set the **Notification Display Name** for the account sending notifications. diff --git a/source/administration-guide/upgrade-mattermost.rst b/source/administration-guide/upgrade-mattermost.rst deleted file mode 100644 index 6e6b9a2403d..00000000000 --- a/source/administration-guide/upgrade-mattermost.rst +++ /dev/null @@ -1,33 +0,0 @@ -Upgrade Mattermost -================== - -.. toctree:: - :maxdepth: 1 - :hidden: - :titlesonly: - - Important upgrade notes - Prepare to upgrade Mattermost - Communicate scheduled maintenance best practices - Upgrade Mattermost Server - Upgrade Mattermost in Kubernetes and High Availability environments - Upgrade Team Edition to Enterprise Edition - Administrator onboarding tasks - Enterprise roll-out-checklist - Welcome email to end users - Downgrade Mattermost Server - Open source components - -Stay up to date with the latest features and improvements. - -* :doc:`Important upgrade notes ` - Find version-specific upgrade considerations. -* :doc:`Prepare to upgrade Mattermost ` - Learn how to prepare for a Mattermost upgrade. -* :doc:`Communicate scheduled maintenance best practices ` - Learn best practices for communicating scheduled server maintenance in advance of a service maintenance window. -* :doc:`Upgrade Mattermost Server ` - Learn the basics of upgrading your Mattermost server to the latest version. -* :doc:`Upgrade Mattermost in Kubernetes and High Availability environments ` - Learn how to upgrade Mattermost in Kubernetes and High Availability environments. -* :doc:`Upgrade Team Edition to Enterprise Edition ` - Learn how to upgrade your Mattermost Team Edition server to Enterprise Edition. -* :doc:`Administrator onboarding tasks ` - Learn about the onboarding tasks for administrators after an upgrade. -* :doc:`Enterprise roll-out-checklist ` - Learn about the roll-out checklist for enterprise users. -* :doc:`Welcome email to end users ` - Learn how to send a welcome email to end users after an upgrade. -* :doc:`Downgrade Mattermost Server ` - Find out how to roll back to older versions of Mattermost. -* :doc:`Open source components ` - Find out about the open source components used in Mattermost. diff --git a/source/administration-guide/manage/bulk-export-tool.rst b/source/administration-guide/upgrade/bulk-export-tool.rst similarity index 95% rename from source/administration-guide/manage/bulk-export-tool.rst rename to source/administration-guide/upgrade/bulk-export-tool.rst index a809f70fb99..157f429a204 100644 --- a/source/administration-guide/manage/bulk-export-tool.rst +++ b/source/administration-guide/upgrade/bulk-export-tool.rst @@ -7,7 +7,7 @@ Bulk export tool :start-after: :nosearch: Moving data from one Mattermost instance into another begins with exporting data to a `JSONL `__ file using the -:doc:`bulk loading feature `. This tool is useful if you have created a server for a proof of concept, have created another server for production use, and now want to retain the history from the proof of concept instance. +:doc:`bulk loading feature `. This tool is useful if you have created a server for a proof of concept, have created another server for production use, and now want to retain the history from the proof of concept instance. You can export the following data types: @@ -38,22 +38,22 @@ Bulk export data .. tab:: Use mmctl - 1. Create a full export file including attachments by running the :ref:`mmctl export create -- attachments ` command. See the :ref:`Mattermost data migration ` documentation for details. + 1. Create a full export file including attachments by running the :ref:`mmctl export create -- attachments ` command. See the :ref:`Mattermost data migration ` documentation for details. - 2. While the job is running, you can check its status by running the :ref:`mmctl export job show ` command. + 2. While the job is running, you can check its status by running the :ref:`mmctl export job show ` command. 3. When the export job status is successful: - a. Identify the name of the completed export file by running the :ref:`mmctl export list ` command. - b. Download the export file to your local machine by running the :ref:`mmctl export download ` command. + a. Identify the name of the completed export file by running the :ref:`mmctl export list ` command. + b. Download the export file to your local machine by running the :ref:`mmctl export download ` command. .. tab:: Use CLI .. note:: - From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl export commands ` as the supported way to export data out of Mattermost. + From Mattermost v6.0, this command has been deprecated in favor of :ref:`mmctl export commands ` as the supported way to export data out of Mattermost. - The export command runs in the :doc:`CLI `. It has permissions to access all information in the Mattermost database. + The export command runs in the :doc:`CLI `. It has permissions to access all information in the Mattermost database. To run the export command: @@ -615,7 +615,7 @@ Post object props object - The props for a post. Contains additional formatting information used by integrations and bot posts. For a more detailed explanation see the message attachments documentation. + The props for a post. Contains additional formatting information used by integrations and bot posts. For a more detailed explanation see the message attachments documentation. create_at diff --git a/source/administration-guide/upgrade/downgrading-mattermost-server.rst b/source/administration-guide/upgrade/downgrading-mattermost-server.rst index 105b382dd85..ad317226f17 100644 --- a/source/administration-guide/upgrade/downgrading-mattermost-server.rst +++ b/source/administration-guide/upgrade/downgrading-mattermost-server.rst @@ -25,14 +25,14 @@ Before downgrading the Mattermost server, we strongly recommend the following pr 2. Carefully review the Mattermost changelog for the version you are downgrading to in order to understand any potential issues or incompatibilities. -3. Verify the current schema version of your database using the :ref:`mattermost db version --all` command. Also, if you aren't sure about the target schema, you can verify the target schema version (i.e., applied migrations) by checking the public `GitHub repository `_ (Select the tag for desired version). +3. Verify the current schema version of your database using the :ref:`mattermost db version --all` command. Also, if you aren't sure about the target schema, you can verify the target schema version (i.e., applied migrations) by checking the public `GitHub repository `_ (Select the tag for desired version). Perform the downgrade --------------------- 1. Stop the Mattermost service to ensure that no data is being written to the database during the downgrade process. -2. If the database schema has changed between versions, you must downgrade the schema. Use the newer mattermost binary to perform the downgrade using the :ref:`mattermost db downgrade ` command. For example: ``mattermost db downgrade 128,127,126`` +2. If the database schema has changed between versions, you must downgrade the schema. Use the newer mattermost binary to perform the downgrade using the :ref:`mattermost db downgrade ` command. For example: ``mattermost db downgrade 128,127,126`` .. tip:: diff --git a/source/administration-guide/upgrade/enterprise-install-upgrade.rst b/source/administration-guide/upgrade/enterprise-install-upgrade.rst index 3205f11b637..cfbb8e2a391 100644 --- a/source/administration-guide/upgrade/enterprise-install-upgrade.rst +++ b/source/administration-guide/upgrade/enterprise-install-upgrade.rst @@ -31,9 +31,9 @@ Once this process is complete, you're prompted to restart your server. The Matte Upgrade manually ~~~~~~~~~~~~~~~~~ -You can alternatively replace the Mattermost Team Edition binary with a Mattermost Enterprise Edition binary when running a regularly scheduled server upgrade via this :doc:`upgrade procedure `. +You can alternatively replace the Mattermost Team Edition binary with a Mattermost Enterprise Edition binary when running a regularly scheduled server upgrade via this :doc:`upgrade procedure `. -We recommend backing up Mattermost prior to upgrading. The :doc:`migration guide ` documentation outlines the process required to back up and restore your database. +We recommend backing up Mattermost prior to upgrading. The :doc:`migration guide ` documentation outlines the process required to back up and restore your database. Upgrade to Enterprise Edition in GitLab Omnibus ------------------------------------------------- diff --git a/source/administration-guide/upgrade/important-upgrade-notes.rst b/source/administration-guide/upgrade/important-upgrade-notes.rst index 70c8f574177..082db5082f7 100644 --- a/source/administration-guide/upgrade/important-upgrade-notes.rst +++ b/source/administration-guide/upgrade/important-upgrade-notes.rst @@ -210,7 +210,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | v10.5 introduces updates to the Compliance Export functionality, which will modify how exported data is structured, stored and processed. These changes | | | primarily affect System Administrators and the main changes are outlined below. See more details in | -| | the `Compliance Export documentation `_. | +| | the :doc:`Compliance Export documentation `. | | | | | | Output files and directories have changed - Previously we were exporting a single zip containing all the batch directories. Now we will export a single | | | directory, and under that directory each batch will be its own zip. | @@ -222,7 +222,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | Changes specific to each Export Type - The export output formats have been changed. Some fields’ semantic meaning has been clarified, and there are a number of | | | new fields. Our goal was to maintain backwards compatibility while fixing the logic bugs. | | | | -| | See the :doc:`compliance export ` product documentation for details. | +| | See the :doc:`compliance export ` product documentation for details. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | As part of the Property System Architecture feature, Mattermost v10.5 is going to run a set of migrations to add new tables to the schema. This migration only | | | creates new tables and indexes, so there is no impact on preexisting data. | @@ -401,8 +401,8 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | | | | - For AWS customers on OpenSearch, you must modify Mattermost configuration from ``elasticsearch`` to ``opensearch`` and disable compatibility mode. | | | See the `OpenSearch documentation `_ for details on upgrading. | -| | - After upgrading the Mattermost server, use :ref:`mmctl ` or edit the config manually, | -| | then restart the Mattermost server. | +| | - After upgrading the Mattermost server, use :ref:`mmctl ` or edit the config | +| | manually, then restart the Mattermost server. | | | - If you are using OpenSearch, you **must** set the backend to ``opensearch``. Otherwise Mattermost will not work. | | | | | | If you are using Elasticsearch v8, be sure to set ``action.destructive_requires_name`` to ``false`` in ``elasticsearch.yml`` to allow for wildcard operations to | @@ -412,7 +412,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Added safety limit error message in compiled Team Edition and Enterprise Edition deployments when enterprise scale and access control automation features are | | | unavailable and count of users who are registered and not deactivated exceeds 10,000. | -| | :doc:`ERROR_SAFETY_LIMITS_EXCEEDED `. | +| | :doc:`ERROR_SAFETY_LIMITS_EXCEEDED `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v9.2 | Fixed data retention policies to run jobs when any custom retention policy is enabled even when the global retention policy is set to "keep-forever". Before | | | this fix, the enabled custom data retention policies wouldn't run as long as the global data retention policy was set to "keep-forever" or was disabled. After | @@ -486,7 +486,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | The Channel Export and Apps plugins are now disabled by default. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Apps Bar is now enabled by default for on-prem servers. ``ExperimentalSettings.EnableAppBar`` was also renamed to ``ExperimentalSettings.DisableAppBar``. | -| | See the :ref: `configuration settings ` documentation, and | +| | See the :ref: `configuration settings ` documentation, and | | | `this forum article `_ for details. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In the main `server package`, the Go module path has changed from ``github.com/mattermost/mattermost-server/server/v8`` to | @@ -527,8 +527,8 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | Removed deprecated ``model.CommandArgs.Session``. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | For servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the ``ServiceSettings.AllowCorsFrom`` | -| | :ref:`configuration setting `. Also ensure that | -| | the ``siteURL`` is set correctly. | +| | :ref:`configuration setting `. Also ensure | +| | that the ``siteURL`` is set correctly. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v8.0 release, the following repositories are merged into one: ``mattermost-server``, ``mattermost-webapp`` and ``mmctl``. | | | Developers should read the updated `Developer Guide `_ for details. | @@ -556,8 +556,8 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v7.10.3, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | | | ``ServiceSettings.AllowCorsFrom`` | -| | :ref:`configuration setting `. Also ensure that | -| | the ``siteURL`` is set correctly. | +| | :ref:`configuration setting `. Also ensure | +| | that the ``siteURL`` is set correctly. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v7.9 | Added a new index on ``Posts(OriginalId)``. For a database with 11.8 million posts, on a machine with a i7-11800H CPU (8 cores, 16 threads), 32GiB of RAM and | | | SSD, the index creation takes 98.51s on MYSQL and 2.6s on PostgreSQL. | @@ -623,10 +623,10 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v7.9.5, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | | | ``ServiceSettings.AllowCorsFrom`` | -| | :ref:`configuration setting `. Also ensure that | -| | the ``siteURL`` is set correctly. | +| | :ref:`configuration setting `. Also ensure | +| | that the ``siteURL`` is set correctly. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| v7.8 | :ref:`Message Priority & Acknowledgement ` is now enabled by default | +| v7.8 | :ref:`Message Priority & Acknowledgement ` is now enabled by default | | | for all instances. You may disable this feature in the System Console by going to **Posts > Message Priority** or via the config ``PostPriority`` setting. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v7.8.5, fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, | @@ -685,8 +685,8 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v7.8.7, for servers wanting to allow websockets to connect from origins other than the origin of the site URL, please set the | | | ``ServiceSettings.AllowCorsFrom`` | -| | :ref:`configuration setting `. Also ensure that | -| | the ``siteURL`` is set correctly. | +| | :ref:`configuration setting `. Also ensure | +| | that the ``siteURL`` is set correctly. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v7.8.11, improved performance on data retention ``DeleteOrphanedRows`` queries. | | | | @@ -846,8 +846,8 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | Starting with the Calls version shipping with v7.7, there's now a minimum version requirement when using the external RTCD service. This means that if Calls is | | | configured to use the external service, customers need to upgrade RTCD first to at least version 0.8.0 or the plugin will fail to start. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| | In v7.7.2, :ref:`Message Priority & Acknowledgement ` is now enabled by | -| | default for all instances. You may disable this feature in the System Console by going to **Posts > Message Priority** or via the config ``PostPriority`` | +| | In v7.7.2, :ref:`Message Priority & Acknowledgement ` is now enabled | +| | by default for all instances. You may disable this feature in the System Console by going to **Posts > Message Priority** or via the config ``PostPriority`` | | | setting. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v7.5 | Added a new schema migration to ensure ``ParentId`` column is dropped from the ``Posts`` table. Depending on the table size, if the column is not dropped | @@ -920,7 +920,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | The value of ``ServiceSettings.TrustedProxyIPHeader`` defaults to empty from now on. A previous bug prevented this from happening in certain conditions. | | | Customers are requested to check for these values in their config and set them to nil if necessary. See more details | -| | :ref:`here `. | +| | :ref:`here `. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | :doc:`Collapsed Reply Threads ` is now generally available and enabled by default for new | | | Mattermost servers. For servers upgrading to v7.0 and later, please reference | @@ -946,7 +946,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v6.7.1, the value of ``ServiceSettings.TrustedProxyIPHeader`` defaults to empty from now on. A previous bug prevented this from happening in certain | | | conditions. Customers are requested to check for these values in their config and set them to nil if necessary. See more details | -| | :ref:`here `. | +| | :ref:`here `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v6.6 | The Apps Framework protocol for binding/form submissions has changed, by separating the single `call` into separate `submit`, `form`, `refresh` and `lookup` | | | calls. If any users have created their own Apps, they have to be updated to the new system. | @@ -957,16 +957,16 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v6.6.2, the value of ``ServiceSettings.TrustedProxyIPHeader`` defaults to empty from now on. A previous bug prevented this from happening in certain | | | conditions. Customers are requested to check for these values in their config and set them to nil if necessary. See more details | -| | :ref:`here `. | +| | :ref:`here `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v6.5 | The ``mattermost version`` CLI command does not interact with the database anymore. Therefore the database version is not going to be | | | printed. Also, the database migrations are not going to be applied with the version sub command. | -| | :ref:`A new db migrate sub command ` is added to enable administrators | +| | :ref:`A new db migrate sub command ` is added to enable administrators | | | to trigger migrations. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v6.5.2, the value of ``ServiceSettings.TrustedProxyIPHeader`` defaults to empty from now on. A previous bug prevented this from happening in certain | | | conditions. Customers are requested to check for these values in their config and set them to nil if necessary. See more details | -| | :ref:`here `. | +| | :ref:`here `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v6.4 | A new schema migration system has been introduced, so we strongly recommend backing up the database before updating the server to this version. The new | | | migration system will run through all existing migrations to record them to a new table. This will only happen for the first run in order to migrate the | @@ -991,10 +991,11 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In v6.3.9, the value of ``ServiceSettings.TrustedProxyIPHeader`` defaults to empty from now on. A previous bug prevented this from happening in certain | | | conditions. Customers are requested to check for these values in their config and set them to nil if necessary. See more details | -| | :ref:`here `. | +| | :ref:`here `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| v6.2 | Channel results in the channel autocomplete will include private channels. Customers using :doc:`Bleve ` or | -| | :doc:`Elasticsearch ` for autocomplete will have to reindex their data to get the new results. Since this can | +| v6.2 | Channel results in the channel autocomplete will include private channels. Customers using | +| | :doc:`Bleve ` or | +| | :doc:`Elasticsearch ` for autocomplete will have to reindex their data to get the new results. Since this can | | | take a long time, we suggest disabling autocomplete and running indexing in the background. When this is complete, re-enable autocomplete. | | | | | | .. note:: | @@ -1072,7 +1073,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | Focalboard plugin has been renamed to Mattermost Boards, and v0.9.1 (released with Mattermost v6.0) is now enabled by default. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | The advanced logging configuration schema changed. This is a breaking change relative to 5.x. See updated | -| | :doc:`documentation `. | +| | :doc:`documentation `. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | The existing theme names and colors, including "Mattermost", "Organization", "Mattermost Dark", and "Windows Dark" have been updated to the new "Denim", | | | "Quartz", "Indigo", and "Onyx" theme names and colors, respectively. Anyone using the existing themes will see slightly modified theme colors after their | @@ -1139,7 +1140,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | passwords for all the users who were generated during the bulk import process and whose password has not been changed even once. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | v5.35.0 introduces a new feature to search for files. Search results for files shared in the past may be incomplete until a | -| | :ref:`content extraction command ` is executed to extract | +| | :ref:`content extraction command ` is executed to extract | | | and index the content of files already in the database. Instances running Elasticsearch or Bleve search backends will also need to execute a Bulk Indexing after | | | the content extraction is complete. Please see more details in `this blog post `_. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1189,7 +1190,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | For more information about coredumps, please see: https://man7.org/linux/man-pages/man5/core.5.html. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | In-product notices have been introduced to keep system admins and end users informed of the latest product enhancements available in new server and desktop | -| | versions. :doc:`Learn more about in-product notices ` and how to disable them in our documentation. | +| | versions. :doc:`Learn more about in-product notices ` and how to disable them in our documentation. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Disabled the xmlsec1-based SAML library in favor of the re-enabled and improved SAML library. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1220,7 +1221,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.25.0 | Some incorrect instructions regarding SAML setup with Active Directory ADFS for setting the “Relying Party Trust Identifier” were corrected. Although the | | | settings will continue to work, it is encouraged that you | -| | :ref:`modify those settings `. | +| | :ref:`modify those settings `. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Disabled the xmlsec1-based SAML library in favor of the re-enabled and improved SAML library. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1254,7 +1255,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | part of an LDAP group. However, the group mention keyword will not be highlighted. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | SAML Setting "Use Improved SAML Library (Beta)" was forcefully disabled. Follow instructions at | -| | https://docs.mattermost.com/administration-guide/onboard/sso-saml.html for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +| | :doc:`/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml` for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.22.0 | Due to fixing performance issues related to emoji reactions, the performance of the upgrade has been affected in that the schema upgrade now takes more time in | | | environments with lots of reactions in their database. These environments are recommended to perform the schema migration during low usage times and potentially | @@ -1277,13 +1278,13 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | used. Also, direct copy of the ``model.Post`` structure must be avoided in favor of the provided ``Clone()`` method. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | SAML Setting "Use Improved SAML Library (Beta)" was forcefully disabled. Follow instructions at | -| | https://docs.mattermost.com/administration-guide/onboard/sso-saml.html for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +| | :doc:`/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml` for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.21.0 | Honour key value expiry in KVCompareAndSet, KVCompareAndDelete, and KVList. We also improved handling of plugin key value race conditions and deleted keys in | | | Postgres. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | SAML Setting "Use Improved SAML Library (Beta)" was forcefully disabled. Follow instructions at | -| | https://docs.mattermost.com/administration-guide/onboard/sso-saml.html for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +| | :doc:`/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml` for enabling SAML using the feature-equivalent ``xmlsec1`` utility. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.20.0 | Any `pre-packaged plugin `_ | | | that is not enabled in the ``config.json`` will no longer install automatically, but can continue to be installed via the | @@ -1322,7 +1323,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | With the update from Google+ to Google People, system admins need to ensure the ``GoogleSettings.Scope`` config.json setting is set to ``profile email`` and | | | ``UserAPIEndpoint`` setting should be set to ``https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata`` per | -| | :doc:`updated documentation `. | +| | :doc:`updated documentation `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.12.0 | If your plugin uses the ``DeleteEphemeralMessage`` plugin API, update it to accept a ``postId string`` parameter. | | | See `documentation `__ to learn more. | @@ -1343,10 +1344,10 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | This change was made because ``Update.Props == nil`` unintentionally cleared all ``Props``, such as the profile picture, instead of preserving them. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.10.0 | ``SupportedTimezonesPath`` setting in config.json and changes to timezones in the UI based on the ``timezones.json`` file was removed. This was made to support | -| | :doc:`storing configurations in the database `. | +| | :doc:`storing configurations in the database `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.9.0 | If ``DisableLegacyMfa`` setting in ``config.json`` is set to ``true`` and | -| | :doc:`multi-factor authentication ` is enabled, ensure your users have upgraded to mobile app | +| | :doc:`multi-factor authentication ` is enabled, ensure your users have upgraded to mobile app | | | version 1.17 or later. Otherwise, users who have MFA enabled may not be able to log in successfully. | | | | | | If the setting is not defined in the ``config.json`` file, the ``DisableLegacyMfa`` setting is set to ``false`` by default to ensure no breaking changes. | @@ -1355,7 +1356,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | The public IP of the Mattermost application server is considered a reserved IP for additional security hardening in the context of untrusted external requests | | | such as Open Graph metadata, webhooks, or slash commands. | -| | :ref:`See documentation ` for additional information. | +| | :ref:`See documentation ` for additional information. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.8.0 | The local image proxy has been added, and images displayed within the client are now affected by the ``AllowUntrustedInternalConnections`` setting. | | | :ref:`See documentation ` for more details if you have trouble loading images. | @@ -1483,13 +1484,13 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | editing time in seconds. If post editing is disabled, this setting does not apply. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | If using Let's Encrypt without a proxy server, the server will fail to start with an error message unless the :ref:`Forward80To443 | -| | ` ``config.json`` setting is set to ``true``. | +| | ` ``config.json`` setting is set to ``true``. | | | | | | If forwarding port 80 to 443, the server will fail to start with an error message unless the :ref:`ListenAddress | -| | ` ``config.json`` setting is set to listen on port 443. | +| | ` ``config.json`` setting is set to listen on port 443. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v4.6.2 | If using Let's Encrypt without a proxy server, forward port 80 through a firewall, with the :ref:`Forward80To443 | -| | ` ``config.json`` setting set to ``true`` to complete the Let's | +| | ` ``config.json`` setting set to ``true`` to complete the Let's | | | Encrypt certification. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v4.4.0 | Composite database indexes were added to the ``Posts`` table. This may lead to longer upgrade times for servers with more than one million messages. | @@ -1505,9 +1506,9 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | This change may cause private integrations to break in testing environments, which may point to a URL such as http://127.0.0.1:1021/my-command. | | | | | | If you point private integrations to such URLs, you may whitelist such domains, IP addresses, or CIDR notations via the | -| | :ref:`Allowed Untrusted Internal Connections ` | +| | :ref:`Allowed Untrusted Internal Connections ` | | | configuration setting in your local environment. Although not recommended, you may also whitelist the addresses in your production environments. See | -| | :ref:`documentation to learn more `. | +| | :ref:`documentation to learn more `. | | | | | | Push notification, OAuth 2.0 and WebRTC server URLs are trusted and not affected by this setting. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1539,7 +1540,7 @@ We recommend reviewing the `additional upgrade notes <#additional-upgrade-notes> | | 3. Make sure that the **File Log Directory** field is either empty or has a directory path only. It must not have a filename as part of the path. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | | Backwards compatibility with the old CLI tool was removed. If you have any scripts that rely on the old CLI, they must be revised to use the | -| | :doc:`new CLI `. | +| | :doc:`new CLI `. | +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v3.6.0 | Update the maximum number of files that can be open. | | | | diff --git a/source/administration-guide/upgrade/prepare-to-upgrade-mattermost.rst b/source/administration-guide/upgrade/prepare-to-upgrade-mattermost.rst index fe0bbf53189..1b97f78cc24 100644 --- a/source/administration-guide/upgrade/prepare-to-upgrade-mattermost.rst +++ b/source/administration-guide/upgrade/prepare-to-upgrade-mattermost.rst @@ -4,7 +4,7 @@ Prepare to upgrade Mattermost .. include:: ../../_static/badges/allplans-selfhosted.rst :start-after: :nosearch: -In most cases, you can :doc:`upgrade Mattermost Server ` in a few minutes. However, the upgrade can take longer depending on several factors, including the size and complexity of your installation, and the version that you're upgrading from. When planning an upgrade, it's worth confirming that your current database and operating system version are still supported. Details can be found on our :ref:`software and hardware requirements ` page. +In most cases, you can :doc:`upgrade Mattermost Server ` in a few minutes. However, the upgrade can take longer depending on several factors, including the size and complexity of your installation, and the version that you're upgrading from. When planning an upgrade, it's worth confirming that your current database and operating system version are still supported. Details can be found on our :ref:`software and hardware requirements ` page. Upgrade Best Practices ---------------------- @@ -115,9 +115,9 @@ Ensure you review the :doc:`important-upgrade-notes` for all intermediate releas Upgrade high availability cluster-based deployments --------------------------------------------------- -In :doc:`high availability cluster-based ` environments, you should expect to schedule downtime for the upgrade to v6.0. Based on your database size and setup, the migration to v6.0 can take a significant amount of time, and may even lock the tables for posts which will prevent your users from posting or receiving messages until the migration is complete. +In :doc:`high availability cluster-based ` environments, you should expect to schedule downtime for the upgrade to v6.0. Based on your database size and setup, the migration to v6.0 can take a significant amount of time, and may even lock the tables for posts which will prevent your users from posting or receiving messages until the migration is complete. -Ensure you review the :ref:`high availability cluster-based deployment upgrade guide `, as well as the :doc:`important-upgrade-notes` to make sure you're aware of any actions you need to take before or after upgrading from your particular version. +Ensure you review the :ref:`high availability cluster-based deployment upgrade guide `, as well as the :doc:`important-upgrade-notes` to make sure you're aware of any actions you need to take before or after upgrading from your particular version. .. important:: diff --git a/source/administration-guide/upgrade/upgrade-mattermost-kubernetes-ha.rst b/source/administration-guide/upgrade/upgrade-mattermost-kubernetes-ha.rst index d8e70cecd22..eb1a5a78d9d 100644 --- a/source/administration-guide/upgrade/upgrade-mattermost-kubernetes-ha.rst +++ b/source/administration-guide/upgrade/upgrade-mattermost-kubernetes-ha.rst @@ -14,14 +14,14 @@ Kubernetes-based deployment Mattermost uses :doc:`Kubernetes ` for container orchestration, deployed and managed via Helm charts and the :ref:`Mattermost Operator `. This model enables scalable, highly available, and automatically managed application lifecycles. -The Mattermost Operator handles the upgrade process automatically, ensuring that pods are updated incrementally and that traffic is routed correctly throughout the upgrade. If an error occurs during the upgrade, the Operator will not apply any changes, allowing you to investigate and resolve the issue or manually roll back without impacting the live environment. See the :doc:`Downgrade Mattermost Server ` documentation for rollback details. +The Mattermost Operator handles the upgrade process automatically, ensuring that pods are updated incrementally and that traffic is routed correctly throughout the upgrade. If an error occurs during the upgrade, the Operator will not apply any changes, allowing you to investigate and resolve the issue or manually roll back without impacting the live environment. See the :doc:`Downgrade Mattermost Server ` documentation for rollback details. Health monitoring ensures that only healthy pods are replaced, and new pods are brought online only after passing health checks. New pods are deployed with the updated version, while old pods are gracefully terminated. High Availability ~~~~~~~~~~~~~~~~~ -In :doc:`High Availability (HA) cluster-based deployments `, Mattermost runs multiple application servers in a cluster. This configuration ensures that if one server fails, others can continue to serve requests without downtime. User traffic load balancing is managed with services such as NGINX Ingress or HAProxy. :ref:`PostgreSQL ` and :ref:`file storage ` are deployed with replication for redundancy and failover. +In :doc:`High Availability (HA) cluster-based deployments `, Mattermost runs multiple application servers in a cluster. This configuration ensures that if one server fails, others can continue to serve requests without downtime. User traffic load balancing is managed with services such as NGINX Ingress or HAProxy. :ref:`PostgreSQL ` and :ref:`file storage ` are deployed with replication for redundancy and failover. Active/Active deployments ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -174,7 +174,7 @@ After the upgrade: - Verify that all integrations, webhooks, and plugins are functioning as expected. - Check for error messages in the logs. -4. Use monitoring tools to confirm application health and performance. See the :doc:`Performance monitoring with Prometheus and Grafana ` documentation or the :doc:`Metrics plugin ` documentation for details on collecting and reviewing performance metrics. +4. Use monitoring tools to confirm application health and performance. See the :doc:`Performance monitoring with Prometheus and Grafana ` documentation or the :doc:`Metrics plugin ` documentation for details on collecting and reviewing performance metrics. Rollback strategy ------------------ diff --git a/source/administration-guide/upgrade/upgrade-mattermost.rst b/source/administration-guide/upgrade/upgrade-mattermost.rst new file mode 100644 index 00000000000..1d14368dc00 --- /dev/null +++ b/source/administration-guide/upgrade/upgrade-mattermost.rst @@ -0,0 +1,32 @@ +Upgrade Mattermost +================== + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Important upgrade notes + Prepare to upgrade Mattermost + Communicate scheduled maintenance best practices + Upgrade Mattermost Server + Upgrade Mattermost in Kubernetes and High Availability environments + Upgrade Team Edition to Enterprise Edition + Administrator onboarding tasks + Roll-out checklist + Downgrade Mattermost Server + Open source components + +Stay up to date with the latest features and improvements. + +* :doc:`Important upgrade notes ` - Find version-specific upgrade considerations. +* :doc:`Prepare to upgrade Mattermost ` - Learn how to prepare for a Mattermost upgrade. +* :doc:`Communicate scheduled maintenance best practices ` - Learn best practices for communicating scheduled server maintenance in advance of a service maintenance window. +* :doc:`Upgrade Mattermost Server ` - Learn the basics of upgrading your Mattermost server to the latest version. +* :doc:`Upgrade Mattermost in Kubernetes and High Availability environments ` - Learn how to upgrade Mattermost in Kubernetes and High Availability environments. +* :doc:`Upgrade Team Edition to Enterprise Edition ` - Learn how to upgrade your Mattermost Team Edition server to Enterprise Edition. +* :doc:`Administrator onboarding tasks ` - Learn about the onboarding tasks for administrators after an upgrade. +* :doc:`Enterprise roll-out-checklist ` - Learn about the roll-out checklist for enterprise users. +* :doc:`Welcome email to end users ` - Learn how to send a welcome email to end users after an upgrade. +* :doc:`Downgrade Mattermost Server ` - Find out how to roll back to older versions of Mattermost. +* :doc:`Open source components ` - Find out about the open source components used in Mattermost. diff --git a/source/administration-guide/upgrade/upgrading-mattermost-server.rst b/source/administration-guide/upgrade/upgrading-mattermost-server.rst index 64019eae46d..6fdff85cbcb 100644 --- a/source/administration-guide/upgrade/upgrading-mattermost-server.rst +++ b/source/administration-guide/upgrade/upgrading-mattermost-server.rst @@ -39,7 +39,7 @@ For detailed instructions and additional considerations, see the complete upgrad .. tip:: - To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. + To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. Comprehensive upgrade guide ---------------------------- @@ -49,7 +49,7 @@ Before you begin **Read these instructions carefully from start to finish.** -Make sure that you understand how to :doc:`prepare for your upgrade `, familiarize yourself with all :doc:`software and hardware requirements `, read the :doc:`important upgrade notes ` and that you understand each step of the upgrade process documented below before starting a Mattermost upgrade. If you have questions or concerns, you can ask on the Mattermost forum at https://forum.mattermost.com/. +Make sure that you understand how to :doc:`prepare for your upgrade `, familiarize yourself with all :doc:`software and hardware requirements `, read the :doc:`important upgrade notes ` and that you understand each step of the upgrade process documented below before starting a Mattermost upgrade. If you have questions or concerns, you can ask on the Mattermost forum at https://forum.mattermost.com/. **Gather the following information before starting the upgrade:** @@ -68,7 +68,7 @@ Make sure that you understand how to :doc:`prepare for your upgrade ` CLI command when upgrading to have a detailed record of the changes that will be applied to your database. This can make it easier to revert those changes if you need to downgrade later. + Consider generating a migration plan using the :ref:`mattermost db migrate --save-plan ` CLI command when upgrading to have a detailed record of the changes that will be applied to your database. This can make it easier to revert those changes if you need to downgrade later. Upgrade Mattermost Server ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -164,11 +164,11 @@ Upgrade Mattermost Server sudo find mattermost/ mattermost/client/ -mindepth 1 -maxdepth 1 \! \( -type d \( -path mattermost/client -o -path mattermost/client/plugins -o -path mattermost/config -o -path mattermost/logs -o -path mattermost/plugins -o -path mattermost/data -o -path mattermost/yourFolderHere \) -prune \) | sort - d. If you're using :doc:`Bleve search `, and the directory exists *within* the ``mattermost`` directory, the index directory path won't be preserved using the command above. + d. If you're using :doc:`Bleve search `, and the directory exists *within* the ``mattermost`` directory, the index directory path won't be preserved using the command above. - You can either move the bleve index directory out from the ``mattermost`` directory before upgrading or, following an upgrade, you can copy the contents of the bleve index directory from the ``backup`` directory. - You can then store that directory or re-index as preferred. - - The bleve indexes can be migrated without reindexing between Mattermost versions. See our :ref:`Configuration Settings ` documentation for details on configuring the bleve index directory. + - The bleve indexes can be migrated without reindexing between Mattermost versions. See our :ref:`Configuration Settings ` documentation for details on configuring the bleve index directory. Once you've completed all of the steps above (where applicable), you're ready to execute the full command that includes ``xargs rm -r`` to delete the files. Note that the following example includes ``-o -path mattermost/yourFolderHere``: @@ -216,7 +216,7 @@ Upgrade Mattermost Server sudo rm -r /tmp/mattermost-upgrade/ sudo rm -i /tmp/mattermost*.gz -13. If you're using a :doc:`high availability ` deployment, you need to apply the steps above on every node in your cluster. Once complete, the **Config File MD5** columns in the high availability section of the System Console should be green. If they're yellow, please ensure that all nodes have the same server version and the same configuration. +13. If you're using a :doc:`high availability ` deployment, you need to apply the steps above on every node in your cluster. Once complete, the **Config File MD5** columns in the high availability section of the System Console should be green. If they're yellow, please ensure that all nodes have the same server version and the same configuration. If they continue to display as yellow, trigger a configuration propagation across the cluster by opening the System Console, changing a setting, and reverting it. This will enable the **Save** button for that page. Then, select **Save**. This will not change any configuration, but sends the existing configuration to all nodes in the cluster. diff --git a/source/administration-guide/upgrade/welcome-email-to-end-users.rst b/source/administration-guide/upgrade/welcome-email-to-end-users.rst deleted file mode 100644 index 346501ce8e6..00000000000 --- a/source/administration-guide/upgrade/welcome-email-to-end-users.rst +++ /dev/null @@ -1,55 +0,0 @@ -Welcome email to end users -=========================== - -.. include:: ../../_static/badges/allplans-cloud-selfhosted.rst - :start-after: :nosearch: - -To make it easy for your end users to start using Mattermost right away, we created a sample email template that you can use. - -Remember to replace all the items below in bold with your information. - -Email template ---------------- - -From: **[company name]** IT Team - -To: End users - -Subject: New Collaboration Platform - Mattermost - - -Hi all, - -As some of you already know, we are moving to Mattermost as our collaboration platform. Mattermost is collaboration software you can use to talk, share files, and collaborate on projects or initiatives. Mattermost also integrates with many of the apps that you use every day, like **[add apps]**. - -We are moving to Mattermost because it will host all our collaboration in one place, is instantly searchable and available from all your devices. - -Some of the major benefits of using Mattermost are: - -- Direct 1:1 and group messaging - -- Channels for topic-based, group-based, or meeting-based chat - -- Streamlined collaboration on projects - -- Reduced email clutter - -- Searching across messages and channels - -- Sharing files - -To get started: - -1. Open a browser on your computer, go to **[Mattermost URL]** and log in with your **[LDAP/AD, SAML, Google, etc]** credentials. Remember to bookmark the URL so you can use it to log in next time. - -2. `Download `__ the Mattermost apps for desktop and mobile. See the :doc:`Use Mattermost ` end user documentation for details on how to get up and running quickly. - -3. Start messaging! - - -Questions? -If you have any questions, feel free to post in the **[~Mattermost channel]** or email us at **[IT email]**. - -Happy collaborating! - -**[company name]** IT Team diff --git a/source/administration-guide/upgrade/communicate-scheduled-maintenance.rst b/source/administration-guide/user-experience/communicate-scheduled-maintenance.rst similarity index 97% rename from source/administration-guide/upgrade/communicate-scheduled-maintenance.rst rename to source/administration-guide/user-experience/communicate-scheduled-maintenance.rst index 083129f57d6..597e38da9ac 100644 --- a/source/administration-guide/upgrade/communicate-scheduled-maintenance.rst +++ b/source/administration-guide/user-experience/communicate-scheduled-maintenance.rst @@ -18,7 +18,7 @@ A well-defined communication strategy is essential for informing users before, d - Mattermost Cloud deployments have predefined service windows scheduled from 8:00-10:00 UTC on Saturdays only (when applicable) unless an exception has been made and communicated to impacted customers. - `Email notifications <#email-templates>`__: Send structured and consistent emails to users at intervals of 7 days, 3 days, and 1 day before the scheduled maintenance window. - `Channel-based reminders <#channel-reminder-templates>`__: :doc:`Send messages ` similar to the emails in relevant Mattermost channels at the same intervals as the email notifications. -- `Mattermost Banner notification <#banner-notification>`__: Set a :doc:`system-wide notification ` to display at the top of the Mattermost instance ahead of the maintenance window and outage. +- `Mattermost Banner notification <#banner-notification>`__: Set a :doc:`system-wide notification ` to display at the top of the Mattermost instance ahead of the maintenance window and outage. - `Display a load balancer message <#display-load-balancer-message>`__: Update the load balancer to show a maintenance message during the scheduled maintenance window of downtime. Notification templates diff --git a/source/administration-guide/configure/custom-branding-tools.rst b/source/administration-guide/user-experience/custom-branding-tools.rst similarity index 100% rename from source/administration-guide/configure/custom-branding-tools.rst rename to source/administration-guide/user-experience/custom-branding-tools.rst diff --git a/source/administration-guide/user-experience/customize-branding.rst b/source/administration-guide/user-experience/customize-branding.rst new file mode 100644 index 00000000000..aad5969f156 --- /dev/null +++ b/source/administration-guide/user-experience/customize-branding.rst @@ -0,0 +1,16 @@ +Customize branding +=================== + +Whether you’re customizing the appearance of your workspace, utilizing branding tools, or managing code signing for custom builds, this section of documentation has you covered and provides everything you need to customize the branding of Mattermost to align with your organization’s identity. Use the navigation below to access detailed instructions for each customization option. + +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + Customize Mattermost + Custom branding tools + +* :doc:`Customize Mattermost ` - Learn how to customize the Mattermost server. +* :doc:`Custom branding tools ` - Learn about custom branding tools for Mattermost. +* :doc:`Code signing custom builds ` - Learn about code signing custom builds of Mattermost. \ No newline at end of file diff --git a/source/administration-guide/configure/customize-mattermost.rst b/source/administration-guide/user-experience/customize-mattermost.rst similarity index 96% rename from source/administration-guide/configure/customize-mattermost.rst rename to source/administration-guide/user-experience/customize-mattermost.rst index ea90eb2c4d5..4adaa17bec9 100644 --- a/source/administration-guide/configure/customize-mattermost.rst +++ b/source/administration-guide/user-experience/customize-mattermost.rst @@ -35,7 +35,7 @@ Mattermost Server There are a few things you can customize in the Mattermost server without forking: 1. Modify text in the Mattermost interface by modifying the ``en.json`` file. -2. Customize or hide help and support links by modifying your :ref:`configuration settings `. +2. Customize or hide help and support links by modifying your :ref:`configuration settings `. 3. Customize the email notifications by editing the HTML files in ``/templates``. Mattermost mobile apps diff --git a/source/administration-guide/configure/email-templates.rst b/source/administration-guide/user-experience/email-templates.rst similarity index 100% rename from source/administration-guide/configure/email-templates.rst rename to source/administration-guide/user-experience/email-templates.rst diff --git a/source/administration-guide/manage/in-product-notices.rst b/source/administration-guide/user-experience/in-product-notices.rst similarity index 100% rename from source/administration-guide/manage/in-product-notices.rst rename to source/administration-guide/user-experience/in-product-notices.rst diff --git a/source/administration-guide/configure/manage-user-surveys.rst b/source/administration-guide/user-experience/manage-user-surveys.rst similarity index 100% rename from source/administration-guide/configure/manage-user-surveys.rst rename to source/administration-guide/user-experience/manage-user-surveys.rst diff --git a/source/administration-guide/upgrade/notify-admin.rst b/source/administration-guide/user-experience/notify-admin.rst similarity index 100% rename from source/administration-guide/upgrade/notify-admin.rst rename to source/administration-guide/user-experience/notify-admin.rst diff --git a/source/administration-guide/manage/system-wide-notifications.rst b/source/administration-guide/user-experience/system-wide-notifications.rst similarity index 100% rename from source/administration-guide/manage/system-wide-notifications.rst rename to source/administration-guide/user-experience/system-wide-notifications.rst diff --git a/source/administration-guide/user-experience/user-experience-index.rst b/source/administration-guide/user-experience/user-experience-index.rst new file mode 100644 index 00000000000..7ece4d66d19 --- /dev/null +++ b/source/administration-guide/user-experience/user-experience-index.rst @@ -0,0 +1,24 @@ +User Experience & Engagement +============================ + +Shape the end-user experience with branding, surveys, notices, and workspace optimization. Improve adoption and satisfaction by tailoring the product experience to your organization. + +.. toctree:: + :maxdepth: 1 + :titlesonly: + + /administration-guide/user-experience/custom-branding-tools + /administration-guide/user-experience/customize-branding + /administration-guide/user-experience/customize-mattermost + /administration-guide/user-experience/user-satisfaction-surveys + /administration-guide/user-experience/in-product-notices + /administration-guide/user-experience/manage-user-surveys + /administration-guide/user-experience/email-templates + + +Deliver a consistent, branded workspace that drives adoption, engagement, and structured feedback. + +- :doc:`Customize branding ` with :doc:`custom branding tools ` +- `Manage in-product notices `_ +- `Run user satisfaction surveys `_ +- `Customize email templates `_ \ No newline at end of file diff --git a/source/administration-guide/manage/user-satisfaction-surveys.rst b/source/administration-guide/user-experience/user-satisfaction-surveys.rst similarity index 93% rename from source/administration-guide/manage/user-satisfaction-surveys.rst rename to source/administration-guide/user-experience/user-satisfaction-surveys.rst index 37e5a6a1482..5b3032964de 100644 --- a/source/administration-guide/manage/user-satisfaction-surveys.rst +++ b/source/administration-guide/user-experience/user-satisfaction-surveys.rst @@ -8,7 +8,7 @@ Feedback is used to measure user satisfaction and improve product quality by hea .. important:: - **Mattermost User Satisfaction Surveys are deprecated from Mattermost v10.11** and are no longer included as a pre-packaged plugin for new Mattermost deployments. Existing deployments that have this plugin enabled will continue to work, but we strongly recommend migrating to :doc:`user surveys ` for enhanced customization options, and local data storage, without telemetry data transmission back to Mattermost. + **Mattermost User Satisfaction Surveys are deprecated from Mattermost v10.11** and are no longer included as a pre-packaged plugin for new Mattermost deployments. Existing deployments that have this plugin enabled will continue to work, but we strongly recommend migrating to :doc:`user surveys ` for enhanced customization options, and local data storage, without telemetry data transmission back to Mattermost. Administration -------------- @@ -16,9 +16,9 @@ Administration Is the survey enabled by default? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -**For Mattermost Server versions prior to v10.11**: The user satisfaction survey is a pre-packaged plugin, and surveys are enabled by default on all servers. However, the plugin will not be activated on any servers that have :doc:`Error and Diagnostic Reporting ` disabled, meaning no surveys or data collection occurs. +**For Mattermost Server versions prior to v10.11**: The user satisfaction survey is a pre-packaged plugin, and surveys are enabled by default on all servers. However, the plugin will not be activated on any servers that have :doc:`Error and Diagnostic Reporting ` disabled, meaning no surveys or data collection occurs. -**For Mattermost Server v10.11 and later**: The User Satisfaction Survey Plugin is no longer included as a pre-packaged plugin for new deployments. We recommend using the :doc:`Mattermost User Survey integration ` instead. +**For Mattermost Server v10.11 and later**: The User Satisfaction Survey Plugin is no longer included as a pre-packaged plugin for new deployments. We recommend using the :doc:`Mattermost User Survey integration ` instead. How can surveys be disabled? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/deployment-guide/application-architecture.rst b/source/deployment-guide/application-architecture.rst index ca42e702514..9eaee6402cb 100644 --- a/source/deployment-guide/application-architecture.rst +++ b/source/deployment-guide/application-architecture.rst @@ -133,8 +133,8 @@ Mattermost is intended to be installed within a private network which can offer If Mattermost is accessible from the open internet, the following is recommended: -1. An IT admin should be assigned to set up appropriate network security, subscribe to `the Mattermost security bulletin `__, and :doc:`apply new security updates `. -2. The organization enables :doc:`SAML Single Sign-on ` or enable :doc:`MFA `. +1. An IT admin should be assigned to set up appropriate network security, subscribe to `the Mattermost security bulletin `__, and :doc:`apply new security updates `. +2. The organization enables :doc:`SAML Single Sign-on ` or enable :doc:`MFA `. If Mattermost is accessible from the open internet with no VPN or MFA set up, we recommended using it only for non-confidential, unimportant conversations where impact of a compromised system is not essential. diff --git a/source/deployment-guide/backup-disaster-recovery.rst b/source/deployment-guide/backup-disaster-recovery.rst index 0757d80e374..ee8c5cc353d 100644 --- a/source/deployment-guide/backup-disaster-recovery.rst +++ b/source/deployment-guide/backup-disaster-recovery.rst @@ -55,7 +55,7 @@ This section details the steps needed to set up Mattermost in a disaster recover .. tip:: - To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. + To learn how to safely upgrade your deployment in Kubernetes for High Availability and Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. Set up in one data center ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -170,7 +170,7 @@ To recap: .. warning:: - After creating the master user, IP based access to the OS might not work from Mattermost application nodes. You may need to update the ``ElasticSearchSettings`` section in ``config.json`` to update the server :ref:`username ` and :ref:`password `. + After creating the master user, IP based access to the OS might not work from Mattermost application nodes. You may need to update the ``ElasticSearchSettings`` section in ``config.json`` to update the server :ref:`username ` and :ref:`password `. 3. Create a new OS cluster in the secondary region. Follow the same steps again for this cluster. diff --git a/source/deployment-guide/deployment-guide-index.rst b/source/deployment-guide/deployment-guide-index.rst index ad5ba981946..0f0cbd650dd 100644 --- a/source/deployment-guide/deployment-guide-index.rst +++ b/source/deployment-guide/deployment-guide-index.rst @@ -38,6 +38,6 @@ If you are new to Mattermost, we recommend starting with the Application Archite - Non-commercial customers: Reference the `Mattermost community forums `_ - Commercial customers: See the `Mattermost Support Knowledge Base `_, or `contact Mattermost Support `_ for assistance. - - For advanced customization or integrations, refer to the :doc:`Open source components ` documentation for details about extending Mattermost functionality. + - For advanced customization or integrations, refer to the :doc:`Open source components ` documentation for details about extending Mattermost functionality. Enjoy deploying Mattermost with confidence! diff --git a/source/deployment-guide/desktop/desktop-app-managed-resources.rst b/source/deployment-guide/desktop/desktop-app-managed-resources.rst index a0238b86782..dbfb9d6157e 100644 --- a/source/deployment-guide/desktop/desktop-app-managed-resources.rst +++ b/source/deployment-guide/desktop/desktop-app-managed-resources.rst @@ -11,7 +11,7 @@ The Mattermost desktop app supports managed resources. A managed resource can be Add the path of a managed resource to your configuration file. When selected, it opens as a pop-up window in the Mattermost desktop app. -In addition to customizing the Mattermost Desktop App, the :ref:`Managed Resource Paths ` setting on the Mattermost server must be configured. +In addition to customizing the Mattermost Desktop App, the :ref:`Managed Resource Paths ` setting on the Mattermost server must be configured. In the below example we add the managed resource ``/video``. diff --git a/source/deployment-guide/desktop/distribute-a-custom-desktop-app.rst b/source/deployment-guide/desktop/distribute-a-custom-desktop-app.rst index 1bb2573f809..4766ebaef9f 100644 --- a/source/deployment-guide/desktop/distribute-a-custom-desktop-app.rst +++ b/source/deployment-guide/desktop/distribute-a-custom-desktop-app.rst @@ -60,7 +60,7 @@ Managed resources To configure managed resources, add their path to the ``managedResources`` field in your configuration file. Selecting a managed resource opens it as a pop-up window in the desktop app. -Additionally, you must configure the :ref:Managed Resource Paths ` server configuration setting. For example, adding the ``/video`` path: +Additionally, you must configure the :ref:Managed Resource Paths ` server configuration setting. For example, adding the ``/video`` path: .. code-block:: text diff --git a/source/deployment-guide/encryption-options.rst b/source/deployment-guide/encryption-options.rst index 1f5398d92ec..069f519761f 100644 --- a/source/deployment-guide/encryption-options.rst +++ b/source/deployment-guide/encryption-options.rst @@ -13,7 +13,7 @@ Encryption-in-transit Mattermost supports TLS encryption including AES-256 with 2048-bit RSA on all data transmissions between Mattermost client applications and the Mattermost server. You may either set up TLS on the Mattermost Server or install a proxy such as NGINX and set up TLS on the proxy. Refer to our :doc:`configuration guide for more details `. -Connections to Active Directory/LDAP can :ref:`optionally be secured with TLS or stunnel `. +Connections to Active Directory/LDAP can :ref:`optionally be secured with TLS or stunnel `. Connections to calls are secured with a combination of: @@ -26,7 +26,7 @@ Gossip encryption In a High Availability mode, Mattermost supports encryption of cluster data in-transit when using the gossip protocol, which is based on principles outlined in the `SWIM protocol developed by researchers at Cornell University `_. The gossip protocol is a communication mechanism in distributed systems where nodes randomly exchange information to ensure data consistency across the network. It is decentralized, scalable, and fault-tolerant, making it ideal for systems with numerous nodes. Information is spread in a manner similar to social gossip, with nodes periodically "gossiping" updates to random peers until the network converges to a consistent state. Widely used in distributed databases, blockchain networks, and peer-to-peer systems, the protocol is simple to implement and resilient to node failures. However, it can suffer from redundancy and propagation delays in large networks. -From Mattermost v10.11, :ref:`gossip encryption ` is enabled by default for new deployments while existing deployments maintain their current configuration. +From Mattermost v10.11, :ref:`gossip encryption ` is enabled by default for new deployments while existing deployments maintain their current configuration. The encryption uses AES-256 by default, and it is not configurable. However, it is possible to manually set the value in the ``Systems`` table for the ``ClusterEncryptionKey`` row. A key is a byte array converted to base64. It can be set to a length of 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256 respectively. @@ -49,7 +49,7 @@ File storage For local storage or storage via Minio, encryption-at-rest is available for files stored via hardware and software disk encryption solutions applied to the server. -For Amazon’s proprietary S3 system, encryption-at-rest is available via :ref:`server-side encryption with Amazon S3-managed keys ` in Mattermost enterprise-badge. +For Amazon’s proprietary S3 system, encryption-at-rest is available via :ref:`server-side encryption with Amazon S3-managed keys ` in Mattermost enterprise-badge. SAML encryption support ----------------------- diff --git a/source/deployment-guide/manual-postgres-migration.rst b/source/deployment-guide/manual-postgres-migration.rst index d9734ec1d01..12ad92dd514 100644 --- a/source/deployment-guide/manual-postgres-migration.rst +++ b/source/deployment-guide/manual-postgres-migration.rst @@ -281,7 +281,7 @@ An error has been identified in the 96th migration that was previously released. Configuration in database ^^^^^^^^^^^^^^^^^^^^^^^^^^ -If you were previously utilizing a database for handling the :doc:`Mattermost configuration `, those tables will not be migrated from your MySQL database with the migration `script <#migrate-the-data>`__. +If you were previously utilizing a database for handling the :doc:`Mattermost configuration `, those tables will not be migrated from your MySQL database with the migration `script <#migrate-the-data>`__. Two migrations are necessary: @@ -291,7 +291,7 @@ Two migrations are necessary: Migrate database configuration to the file system ::::::::::::::::::::::::::::::::::::::::::::::::: -Use the ``mmctl config migrate`` command to :ref:`migrate your config ` to the file system, as follows: +Use the ``mmctl config migrate`` command to :ref:`migrate your config ` to the file system, as follows: .. code-block:: sh diff --git a/source/deployment-guide/mobile/consider-mobile-vpn-options.rst b/source/deployment-guide/mobile/consider-mobile-vpn-options.rst index d17806dab83..0e48d894199 100644 --- a/source/deployment-guide/mobile/consider-mobile-vpn-options.rst +++ b/source/deployment-guide/mobile/consider-mobile-vpn-options.rst @@ -5,7 +5,7 @@ To connect to your private network Mattermost instance, you need to set up a way Depending on your security policies, we recommend deploying Mattermost behind a VPN and using a `per-app VPN <#id3>`_ with your EMM provider, or a mobile VPN client. -Also consider deploying a mobile VPN client with multi-factor authentication (MFA) to your preferred login method, such as GitLab SSO with MFA, or run Mattermost Enterprise Edition with :doc:`multi-factor authentication (MFA) ` enabled. +Also consider deploying a mobile VPN client with multi-factor authentication (MFA) to your preferred login method, such as GitLab SSO with MFA, or run Mattermost Enterprise Edition with :doc:`multi-factor authentication (MFA) ` enabled. Mobile VPN options ------------------ diff --git a/source/deployment-guide/mobile/deploy-mobile-apps-using-emm-provider.rst b/source/deployment-guide/mobile/deploy-mobile-apps-using-emm-provider.rst index 272a46aded1..12143c7eb65 100644 --- a/source/deployment-guide/mobile/deploy-mobile-apps-using-emm-provider.rst +++ b/source/deployment-guide/mobile/deploy-mobile-apps-using-emm-provider.rst @@ -147,7 +147,7 @@ The following table shows all the configuration options that can be sent from th inAppSessionAuth
String - Use the app's internal browser for SSO instead of an external browser. From Mattermost v10.2 and mobile v2.2.1, deprecated in favor of the mobile external browser server configuration setting. + Use the app's internal browser for SSO instead of an external browser. From Mattermost v10.2 and mobile v2.2.1, deprecated in favor of the mobile external browser server configuration setting. Default: false
Valid: true | false diff --git a/source/deployment-guide/mobile/distribute-custom-mobile-apps.rst b/source/deployment-guide/mobile/distribute-custom-mobile-apps.rst index 3c82858a549..6f9624d047a 100644 --- a/source/deployment-guide/mobile/distribute-custom-mobile-apps.rst +++ b/source/deployment-guide/mobile/distribute-custom-mobile-apps.rst @@ -29,7 +29,7 @@ URL schema limitations If you are building your own version of Mattermost's mobile client, you need to be aware of the following limitations: -- To allow users to simultaneously run the App Store versions of Mattermost, in addition to the custom company version, you will need to adapt the URL schemes used for the app in the build, as well as configure those schemes on the server using :ref:`App Custom URL Schemes ` +- To allow users to simultaneously run the App Store versions of Mattermost, in addition to the custom company version, you will need to adapt the URL schemes used for the app in the build, as well as configure those schemes on the server using :ref:`App Custom URL Schemes ` - Be aware that the ``bundleid`` for the application should not include ``rnbeta``. - The same change would be required in a custom build of the Mattermost desktop app. - The mobile and desktop custom clients would no longer be able to log into other Mattermost servers (unless they had the same custom app schema configuration change applied). diff --git a/source/deployment-guide/mobile/mobile-faq.rst b/source/deployment-guide/mobile/mobile-faq.rst index 8917044fa1c..b6cb6aec5f6 100644 --- a/source/deployment-guide/mobile/mobile-faq.rst +++ b/source/deployment-guide/mobile/mobile-faq.rst @@ -77,7 +77,7 @@ This means if you use the Mattermost apps from the `Apple App Store ` documentation for details. + The use of push notifications with iOS and Android applications will require a moment where the contents of push notifications are visible and unencrypted by a server controlled by either Apple or Google. This is standard for any iOS or Android app. For this reason, there is an option available in Mattermost Enterprise to omit the contents of Mattermost messages from push notifications, or to configure message contents to be fetched from the server when notifications reach the device. See our :ref:`Configuration Settings ` documentation for details. Is TLS v1.3 supported? ---------------------- @@ -99,7 +99,7 @@ The following post metadata is sent in all push notifications: - ``Category`` (iOS only, determines if the notifications can be replied to) - ``Badge number`` (what the notification badge on the app icon should be set to when the notification is received) -Additional metadata may be sent depending on the System Console setting for :ref:`Push Notification Contents `: +Additional metadata may be sent depending on the System Console setting for :ref:`Push Notification Contents `: - **Generic description with sender and channel names**: ``Channel name`` metadata will be included. - **Full message content sent in the notification payload**: ``Post content`` and ``Channel name`` metadata will be included. @@ -112,7 +112,7 @@ When it comes to mobile data privacy, many organizations prioritize secure handl This poses a potential risk for organizations that operate under strict compliance requirements and cannot expose message data to external entities. To solve this, we offer an option for greater protection for Mattermost push notification message data by only sending a unique message ID in the notification payload rather than the full message data (available in Mattermost Enterprise). Once the device receives the ID, it then fetches the message content directly from the server and displays the notification per usual. -External entities, such as APNS and FCM, handle only the ID and are unable to read any part of the message itself. If your organization has strict privacy or compliance needs, the :ref:`ID-Only Push Notification ` setting offers a high level of privacy while still allowing your team members to benefit from mobile push notifications. +External entities, such as APNS and FCM, handle only the ID and are unable to read any part of the message itself. If your organization has strict privacy or compliance needs, the :ref:`ID-Only Push Notification ` setting offers a high level of privacy while still allowing your team members to benefit from mobile push notifications. The following payload shows an example of the json that is transmitted to the push notification service when using the ID-Only setting: @@ -163,7 +163,7 @@ The following options are available for securing your push notification service: 1. Protecting notification contents - - You can :ref:`choose what type of information to include in push notifications `, such as excluding the message contents if your compliance policies require it. Default server settings have message contents turned off. + - You can :ref:`choose what type of information to include in push notifications `, such as excluding the message contents if your compliance policies require it. Default server settings have message contents turned off. 2. Disabling push notifications @@ -179,7 +179,7 @@ The following options are available for securing your push notification service: 4. Securing apps installed through the Apple App Store and Google Play: - - When using Mattermost mobile apps from the App Store and Google Play, purchase an annual subscription to Mattermost Enterprise or Professional to use Mattermost's :ref:`Hosted Push Notification Service (HPNS) `. + - When using Mattermost mobile apps from the App Store and Google Play, purchase an annual subscription to Mattermost Enterprise or Professional to use Mattermost's :ref:`Hosted Push Notification Service (HPNS) `. .. note:: @@ -209,7 +209,7 @@ Mattermost enables customers with high privacy and custom security requirements How do I host the Mattermost push notification service? ------------------------------------------------------- -First, you can use the :ref:`Mattermost Hosted Push Notification Service (HPNS) `. Organizations can also :doc:`host their own push proxy server ` instead. This is applicable when you want to: +First, you can use the :ref:`Mattermost Hosted Push Notification Service (HPNS) `. Organizations can also :doc:`host their own push proxy server ` instead. This is applicable when you want to: 1. Customize the Mattermost mobile apps; 2. Deploy your own push notification service, or @@ -299,7 +299,7 @@ How do I connect users across internal and external networks? By setting up global network traffic management, you can send a user to an internal or external network when connecting with a mobile app. Moreover, you can have two separate layers of restrictions on internal and external traffic, such as: - In the internal network, deploy on a private network via per device VPN. - - In the external network, deploy with :doc:`TLS mutual auth ` with an NGINX proxy, and :doc:`client-side certificates ` for desktop and iOS. + - In the external network, deploy with :doc:`TLS mutual auth ` with an NGINX proxy, and :doc:`client-side certificates ` for desktop and iOS. Many services such as Microsoft Azure provide options for `managing network traffic `_, or you can engage a services partner to assist. @@ -353,7 +353,7 @@ You will need to `whitelist one subdomain and one port from Apple `__ or `Google Play Store `__ and connect with the :ref:`Mattermost Hosted Push Notification Service (HPNS) ` through your corporate proxy. +You can use the mobile applications hosted by Mattermost in the `Apple App Store `__ or `Google Play Store `__ and connect with the :ref:`Mattermost Hosted Push Notification Service (HPNS) ` through your corporate proxy. .. note:: @@ -388,7 +388,7 @@ Since the ``deviceId`` relates to the application, connections through the web b Where can I find mobile message notification logs? ------------------------------------------------------------- Notification messages are logged to the ``notifications.log`` file. -System admins must enable notification logs in the ``config.json`` file by setting ``EnableFile`` to ``true``, and specifying an optional file location via ``FileLocation``. When no location is configured, the ``notifications.log`` file is stored in the default Mattermost directory. See the :ref:`logging configuration settings ` documentation for details. +System admins must enable notification logs in the ``config.json`` file by setting ``EnableFile`` to ``true``, and specifying an optional file location via ``FileLocation``. When no location is configured, the ``notifications.log`` file is stored in the default Mattermost directory. See the :ref:`logging configuration settings ` documentation for details. The team members / users can access their notification logs based on their device platform. Android users can view the logs using ``logcat``. diff --git a/source/deployment-guide/mobile/mobile-security-features.rst b/source/deployment-guide/mobile/mobile-security-features.rst index 83034ffe4ca..fa0dde76e0a 100644 --- a/source/deployment-guide/mobile/mobile-security-features.rst +++ b/source/deployment-guide/mobile/mobile-security-features.rst @@ -14,7 +14,7 @@ Mattermost leverages built-in checks from the Expo framework to identify jailbro - On **Android**, the app looks for the presence of known jailbreak/root binaries, such as the ``su`` binary in ``/system/xbin/su``, which is a common indicator that the device has been rooted to allow unauthorized elevated access. - On **iOS**, the detection process involves checking for unusual apps (e.g., Cydia), modified system paths, and testing whether the app can alter protected system files—all signs that the device may be jailbroken. -See the :ref:`jailbreak/root protection configuration setting ` documentation for details on enabling this feature. +See the :ref:`jailbreak/root protection configuration setting ` documentation for details on enabling this feature. .. note:: @@ -25,7 +25,7 @@ Biometric authentication Mattermost integrates with iOS Face ID/Touch ID and Android’s Biometric API. When enabled by the server administrator, biometric checks are required before accessing specific servers, and the Mattermost mobile app mandates that a device PIN or biometric lock is active. -See the :ref:`biometric authentication configuration setting ` documentation for details on enabling this feature and the user workflows in which users must authenticate. +See the :ref:`biometric authentication configuration setting ` documentation for details on enabling this feature and the user workflows in which users must authenticate. .. note:: @@ -40,7 +40,7 @@ Preventing screenshots and screen recordings protects sensitive information from - On **Android**, the app utilizes the FLAG_SECURE flag to block screen captures and recordings. -See the :ref:`prevent screen capture configuration setting ` documentation for details on enabling this feature. +See the :ref:`prevent screen capture configuration setting ` documentation for details on enabling this feature. .. note:: @@ -51,7 +51,11 @@ Secure file previews Preventing file downloads protects sensitive information from being inadvertently or maliciously shared. This control is essential in ensuring that confidential documents and media remain within the secure confines of the app. By enabling in-app previews for supported file types and restricting downloads, Mattermost significantly reduces the risk of data leakage while maintaining essential file-viewing capabilities. +<<<<<<< HEAD +See the :ref:`secure file preview ` and :ref:`managing PDF link navigation ` configuration settings documentation for details on enabling these features. +======= See the :ref:`secure file preview ` and :ref:`managing PDF link navigation ` configuration settings documentation for details on enabling these features. +>>>>>>> master Mobile data isolation ------------------------ diff --git a/source/deployment-guide/mobile/mobile-troubleshooting.rst b/source/deployment-guide/mobile/mobile-troubleshooting.rst index 2f7d659ead8..d2220872624 100644 --- a/source/deployment-guide/mobile/mobile-troubleshooting.rst +++ b/source/deployment-guide/mobile/mobile-troubleshooting.rst @@ -75,7 +75,7 @@ For example: [...] } -See our :ref:`Configuration Settings ` documentation for details on configuring the connection string to the master database. +See our :ref:`Configuration Settings ` documentation for details on configuring the connection string to the master database. Testing mobile push notifications ---------------------------------- diff --git a/source/deployment-guide/mobile/secure-mobile-file-storage.rst b/source/deployment-guide/mobile/secure-mobile-file-storage.rst index e65b137cf14..38a8db03856 100644 --- a/source/deployment-guide/mobile/secure-mobile-file-storage.rst +++ b/source/deployment-guide/mobile/secure-mobile-file-storage.rst @@ -24,7 +24,7 @@ iOS – app sandbox - Non-image and non-video files are rendered using secure frameworks such as QLPreviewController. This controller displays file previews within the app’s sandbox, ensuring that raw file data isn’t exposed to external processes. - Supported image and video files are previewed directly within the app, with the files downloaded to the app's cache folder located within its secure sandbox. For unsupported image and video formats, the Mattermost mobile app uses the QLPreviewController framework, just as it does for other file types. - - If the file format is also unsupported by QLPreviewController and :ref:`mobile downloads are enabled ` on the server, users can download the file to a location of their choosing. However, if mobile downloads are disabled, these files become unavailable to the user. + - If the file format is also unsupported by QLPreviewController and :ref:`mobile downloads are enabled ` on the server, users can download the file to a location of their choosing. However, if mobile downloads are disabled, these files become unavailable to the user. - **Official references:** @@ -42,7 +42,7 @@ Android – scoped storage - **Secure file viewing:** - When users attempt to view non-image/video files, Mattermost uses an ``Intent.ACTION_VIEW`` to open the file. This intent delegates rendering to an external app only if the user explicitly triggers the action, while the file remains securely stored within Mattermost’s cache folder. - - Viewing non-image/video files is available only if :ref:`mobile downloads are enabled ` on the server. + - Viewing non-image/video files is available only if :ref:`mobile downloads are enabled ` on the server. - Image and video files with supported formats are previewed directly within the app, with the files downloaded to the app's cache folder located within its secure sandbox. For unsupported image and video formats, the Mattermost mobile app uses ``Intent.ACTION_VIEW`` to open the file with an external application, just as it does for other file types. - **Official reference:** @@ -56,7 +56,7 @@ Differentiating file handling to external applications - **Previewing files:** - File previewing follows the secure viewing practices described above in the “Secure File Viewing” sections for iOS and Android. All files prior to being previewed are stored in the cache folder of the Mattermost app sandbox. Images and videos with supported formats are previewed directly within the Mattermost mobile app. Non‑image and non‑video files are also previewed in-app in iOS but are handed off to an external application in Android while the raw data remains securely stored in the app’s cache. Previewing non-image/non-video files is possible only if :ref:`mobile downloads are enabled ` on the server side. + File previewing follows the secure viewing practices described above in the “Secure File Viewing” sections for iOS and Android. All files prior to being previewed are stored in the cache folder of the Mattermost app sandbox. Images and videos with supported formats are previewed directly within the Mattermost mobile app. Non‑image and non‑video files are also previewed in-app in iOS but are handed off to an external application in Android while the raw data remains securely stored in the app’s cache. Previewing non-image/non-video files is possible only if :ref:`mobile downloads are enabled ` on the server side. - **Downloading files:** @@ -88,7 +88,7 @@ Core defense pillars - **Robust authentication:** Mattermost requires user authentication through SSO (e.g., SAML, LDAP, OpenID Connect) or traditional username/password logins. This authentication is managed by server-side identity controls, ensuring that only verified users can access the app and its data. For more details, see the `Mattermost Security Overview `_. -- **Server-side access controls:** Administrators can enforce policies through the System Console to restrict file downloads, sharing, and public link generation. Currently, policies are applied at the server level. For more details, see `Configuration Settings - File Sharing and Downloads `_. +- **Server-side access controls:** Administrators can enforce policies through the System Console to restrict file downloads, sharing, and public link generation. Currently, policies are applied at the server level. For more details, see `Configuration Settings - File Sharing and Downloads `_. - **Sandbox isolation:** As discussed earlier, Mattermost’s mobile apps store files in a sandboxed environment. This isolation ensures that even if a device is shared or compromised, other apps cannot access the cached files without explicit user action. diff --git a/source/deployment-guide/postgres-migration-assist-tool.rst b/source/deployment-guide/postgres-migration-assist-tool.rst index b7a6c04a745..506e01087c3 100644 --- a/source/deployment-guide/postgres-migration-assist-tool.rst +++ b/source/deployment-guide/postgres-migration-assist-tool.rst @@ -158,7 +158,7 @@ In your ``config.json`` or via environment variables, update: "DataSource": "postgres://mmuser:pass@db:5432/mattermost?sslmode=disable" } -If your config was stored in the database, update ``MM_CONFIG`` accordingly. See the :ref:`environment configuration settings ` documentation for details. +If your config was stored in the database, update ``MM_CONFIG`` accordingly. See the :ref:`environment configuration settings ` documentation for details. .. note:: If your Mattermost deployment was initially configured with MySQL, there's a good chance your systemd service file has a ``BindsTo=mysql.service`` directive in it. This will cause the Mattermost server to be shut down if you deactivate your MySQL service. To fix this, update all references to ``mysql.service`` in your service file to use ``postgresql.service`` instead. This is only an issue if your Database and Mattermost are running on the same system. diff --git a/source/deployment-guide/server/air-gapped-deployment.rst b/source/deployment-guide/server/air-gapped-deployment.rst index 593c37c1ed6..2e7b6b0fb8d 100644 --- a/source/deployment-guide/server/air-gapped-deployment.rst +++ b/source/deployment-guide/server/air-gapped-deployment.rst @@ -377,12 +377,12 @@ When deploying Mattermost in an air-gapped environment, there are configuration Mobile push notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Mattermost can use mobile push notifications to notify users of new messages and activity. These notifications require a server component to be deployed to send the notifications to the mobile devices. By default, Mattermost will use the public push notification service which is not available in an air-gapped environment. We recommend :ref:`disabling push notifications ` in **System Console > Environment > Push Notification Server**. +Mattermost can use mobile push notifications to notify users of new messages and activity. These notifications require a server component to be deployed to send the notifications to the mobile devices. By default, Mattermost will use the public push notification service which is not available in an air-gapped environment. We recommend :ref:`disabling push notifications ` in **System Console > Environment > Push Notification Server**. Website link previews ~~~~~~~~~~~~~~~~~~~~~~~ -Website link previews require a connection to the internet to fetch the content of the links. We recommend :ref:`disabling website link previews ` in **System Console > Site Configuration > Posts**. +Website link previews require a connection to the internet to fetch the content of the links. We recommend :ref:`disabling website link previews ` in **System Console > Site Configuration > Posts**. Additional considerations --------------------------- diff --git a/source/deployment-guide/server/containers/install-aws-beanstalk.rst b/source/deployment-guide/server/containers/install-aws-beanstalk.rst index d2d00bf41c2..8510466442a 100644 --- a/source/deployment-guide/server/containers/install-aws-beanstalk.rst +++ b/source/deployment-guide/server/containers/install-aws-beanstalk.rst @@ -26,6 +26,6 @@ The Elastic Beanstalk application creation process below combines Application an Enable Email (Recommended) ----------------------------- -The default Docker instance for Mattermost is designed for product evaluation, and sets ``SendEmailNotifications=false`` so the product can function without enabling email. To see the product's full functionality, we recommend :doc:`enabling SMTP email `. +The default Docker instance for Mattermost is designed for product evaluation, and sets ``SendEmailNotifications=false`` so the product can function without enabling email. To see the product's full functionality, we recommend :doc:`enabling SMTP email `. -See :doc:`Configuration Settings ` documentation for more configuration and customization options for your deployment. \ No newline at end of file +See :doc:`Configuration Settings ` documentation for more configuration and customization options for your deployment. \ No newline at end of file diff --git a/source/deployment-guide/server/containers/install-docker.rst b/source/deployment-guide/server/containers/install-docker.rst index be328f2de77..c9645833bed 100644 --- a/source/deployment-guide/server/containers/install-docker.rst +++ b/source/deployment-guide/server/containers/install-docker.rst @@ -200,9 +200,9 @@ Looking for a way to evaluate Mattermost on a single local machine using Docker? .. important:: - - This local image is self-contained (i.e., it has an internal database and works out of the box). Dropping a container using this image removes data and configuration as expected. You can see the :doc:`configuration settings ` documentation to learn more about customizing your trial deployment. + - This local image is self-contained (i.e., it has an internal database and works out of the box). Dropping a container using this image removes data and configuration as expected. You can see the :doc:`configuration settings ` documentation to learn more about customizing your trial deployment. - **Preview Mode** shouldn't be used in a production environment, as it uses a known password string, contains other non-production configuration settings, has email disabled, keeps no persistent data (all data lives inside the container), and doesn't support upgrades. - - If you are planning to use the calling functionality in **Preview Mode** on a non-local environment, you should ensure that the server is running on a secure (HTTPs) connection and that the :ref:`network requirements ` to run calls are met. + - If you are planning to use the calling functionality in **Preview Mode** on a non-local environment, you should ensure that the server is running on a secure (HTTPs) connection and that the :ref:`network requirements ` to run calls are met. 1. Install `Docker `__. @@ -213,13 +213,13 @@ Looking for a way to evaluate Mattermost on a single local machine using Docker? docker run --name mattermost-preview -d --publish 8065:8065 --publish 8443:8443 mattermost/mattermost-preview 3. When Docker is done fetching the image, navigate to ``http://localhost:8065/`` in your browser to preview Mattermost. -4. Select **Don't have an account** in the top right corner of the screen to create an account for your preview instance. If you don't see this option, ensure that the :ref:`Enable open server ` configuration setting is enabled. This setting is disabled for self-hosted Mattermost deployments by default. +4. Select **Don't have an account** in the top right corner of the screen to create an account for your preview instance. If you don't see this option, ensure that the :ref:`Enable open server ` configuration setting is enabled. This setting is disabled for self-hosted Mattermost deployments by default. 5. Log in to your preview instance with your user credentials. Troubleshooting your preview deployment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The **Preview Mode** Docker instance for Mattermost is designed for product evaluation, and sets ``SendEmailNotifications=false`` so the product can function without enabling email. See the :doc:`Configuration Settings ` documentation to customize your deployment. +The **Preview Mode** Docker instance for Mattermost is designed for product evaluation, and sets ``SendEmailNotifications=false`` so the product can function without enabling email. See the :doc:`Configuration Settings ` documentation to customize your deployment. To update your Mattermost preview image and container, you must first stop and delete your existing **mattermost-preview** container by running the following commands: diff --git a/source/deployment-guide/server/deploy-kubernetes.rst b/source/deployment-guide/server/deploy-kubernetes.rst index 4cc24161b4e..069e0725bd6 100644 --- a/source/deployment-guide/server/deploy-kubernetes.rst +++ b/source/deployment-guide/server/deploy-kubernetes.rst @@ -8,7 +8,7 @@ Mattermost server can be deployed on various Kubernetes platforms, providing a s .. tip:: - To learn how to safely upgrade your deployment in Kubernetes for High Availability with Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. + To learn how to safely upgrade your deployment in Kubernetes for High Availability with Active/Active support, see the :doc:`Upgrading Mattermost in Kubernetes and High Availability Environments ` documenation. Platform -------- diff --git a/source/deployment-guide/server/image-proxy.rst b/source/deployment-guide/server/image-proxy.rst index 653c0d4847a..23ec0cd1b17 100644 --- a/source/deployment-guide/server/image-proxy.rst +++ b/source/deployment-guide/server/image-proxy.rst @@ -17,7 +17,7 @@ The local image proxy is available as part of the Mattermost server deployment. .. note:: - With the local image proxy enabled, requests for images hosted on the local network are now affected by the ``AllowUntrustedInternalConnections`` setting. See :ref:`documentation ` for more information or if you are seeing unintentionally blocked images. + With the local image proxy enabled, requests for images hosted on the local network are now affected by the ``AllowUntrustedInternalConnections`` setting. See :ref:`documentation ` for more information or if you are seeing unintentionally blocked images. .. _atmos-camo: diff --git a/source/deployment-guide/server/kubernetes/deploy-k8s.rst b/source/deployment-guide/server/kubernetes/deploy-k8s.rst index 85d76d66aa5..24b00552742 100644 --- a/source/deployment-guide/server/kubernetes/deploy-k8s.rst +++ b/source/deployment-guide/server/kubernetes/deploy-k8s.rst @@ -11,7 +11,7 @@ Before you begin, ensure you have the following: * A functioning Kubernetes cluster (see the `Kubernetes setup guide `__). Your cluster should be running a `supported Kubernetes version `__. * The `kubectl` command-line tool installed on your local machine (see the `kubectl installation guide `__). * A fundamental understanding of Kubernetes concepts, such as deployments, pods, and applying manifests. -* Sufficient Kubernetes resources allocated based on your expected user load. Consult the :ref:`scaling for Enterprise ` documentation for resource requirements at different scales. +* Sufficient Kubernetes resources allocated based on your expected user load. Consult the :ref:`scaling for Enterprise ` documentation for resource requirements at different scales. Installation steps ~~~~~~~~~~~~~~~~~~ @@ -68,7 +68,7 @@ Step 3: Deploy Mattermost .. note:: - A Mattermost Enterprise license is required for multi-server deployments. - - For single-server deployments without an Enterprise license, add ``Replicas: 1`` to the ``spec`` section in step 2 below. See the :doc:`high availability documentation ` for more on highly-available deployments. + - For single-server deployments without an Enterprise license, add ``Replicas: 1`` to the ``spec`` section in step 2 below. See the :doc:`high availability documentation ` for more on highly-available deployments. 1. **(Mattermost Enterprise only)** Create a Mattermost license secret. Create a file named ``mattermost-license-secret.yaml`` with the following content, replacing ``[LICENSE_FILE_CONTENTS]`` with your actual license: @@ -249,7 +249,7 @@ This command can be used to review the Mattermost Operator or Mattermost server - If you're new to Kubernetes or prefer a managed solution, consider using a service like `Amazon EKS `_, `Azure Kubernetes Service `_, `Google Kubernetes Engine `_, or `DigitalOcean Kubernetes `_.- While this guidance focuses on using external, managed services for your database and file storage, the Mattermost Operator *does* offer the flexibility to use other solutions. For example, you could choose to deploy a PostgreSQL database within your Kubernetes cluster using the CloudNative PG operator (or externally however you wish), or use a self-hosted MinIO instance for object storage. - While using managed cloud services is generally simpler to maintain and our recommended approach for production deployments, using self-managed services like MinIO for storage and CloudNative PG for PostgreSQL are also valid options if you have the expertise to manage them. - If you choose to use self-managed components, you'll need to adapt the instructions accordingly, pointing to your internal services instead. - - To customize your production deployment, refer to the :doc:`configuration settings documentation `. + - To customize your production deployment, refer to the :doc:`configuration settings documentation `. - If you encounter issues during deployment, consult the :doc:`deployment troubleshooting guide `. Frequently Asked Questions diff --git a/source/deployment-guide/server/linux/deploy-rhel.rst b/source/deployment-guide/server/linux/deploy-rhel.rst index ce752f337d2..b1a9f6f3c8a 100644 --- a/source/deployment-guide/server/linux/deploy-rhel.rst +++ b/source/deployment-guide/server/linux/deploy-rhel.rst @@ -237,7 +237,7 @@ The final step, depending on your requirements, is to run sudo ``systemctl enabl Step 6: Update the server ~~~~~~~~~~~~~~~~~~~~~~~~~ -Updating your Mattermost Server installation when using the tarball requires several manual steps. See the :doc:`upgrade Mattermost Server ` documentation for details. +Updating your Mattermost Server installation when using the tarball requires several manual steps. See the :doc:`upgrade Mattermost Server ` documentation for details. Remove Mattermost ----------------- diff --git a/source/deployment-guide/server/linux/deploy-tar.rst b/source/deployment-guide/server/linux/deploy-tar.rst index 4af9af37134..d4c50584e97 100644 --- a/source/deployment-guide/server/linux/deploy-tar.rst +++ b/source/deployment-guide/server/linux/deploy-tar.rst @@ -173,7 +173,7 @@ The final step, depending on your requirements, is to run sudo ``systemctl enabl Step 6: Update the server ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Updating your Mattermost Server installation when using the tarball requires several manual steps. See the :doc:`upgrade Mattermost Server ` documentation for details. +Updating your Mattermost Server installation when using the tarball requires several manual steps. See the :doc:`upgrade Mattermost Server ` documentation for details. Remove Mattermost ----------------- diff --git a/source/deployment-guide/server/orchestration.rst b/source/deployment-guide/server/orchestration.rst index f835e60967b..e6eaf589ee2 100644 --- a/source/deployment-guide/server/orchestration.rst +++ b/source/deployment-guide/server/orchestration.rst @@ -65,7 +65,7 @@ Documentation Following automated deployment, the following steps are required to make your system production-ready: - [Configure SSL for Mattermost](https://docs.mattermost.com/deployment-guide/server/setup-nginx-proxy.html#configure-nginx-with-ssl-and-http-2) - - [Configure SMTP email for Mattermost](https://docs.mattermost.com/administration-guide/configure/smtp-email.html) + - [Configure SMTP email for Mattermost](https://docs.mattermost.com/administration-guide/configuration-reference/smtp-email.html) 2. **Unofficial deployment options should be documented**. Unofficial deployment configurations, such as use of Linux operating systems that are not officially supported, should be documented in the README. diff --git a/source/deployment-guide/server/preparations.rst b/source/deployment-guide/server/preparations.rst index 7d88ad2a742..16da605534f 100644 --- a/source/deployment-guide/server/preparations.rst +++ b/source/deployment-guide/server/preparations.rst @@ -10,7 +10,7 @@ This guide outlines the key preparation steps required before installing the Mat Review software and hardware requirements Set up an NGINX proxy - Configure Mattermost Calls + Configure Mattermost Calls Set up TLS Use an image proxy @@ -18,7 +18,7 @@ Before installing Mattermost Server, review the following preparation requiremen * :doc:`Review software and hardware requirements ` - Ensure your system meets the minimum requirements for Mattermost deployment. * :doc:`Set up an NGINX proxy ` - Configure NGINX as a reverse proxy for enhanced security and performance. -* :doc:`Configure Mattermost Calls ` - Set up real-time communication capabilities for voice and video calls. +* :doc:`Configure Mattermost Calls ` - Set up real-time communication capabilities for voice and video calls. * :doc:`Set up TLS ` - Enable secure communication with SSL/TLS encryption. * :doc:`Use an image proxy ` - Configure image proxy for enhanced privacy and security. diff --git a/source/deployment-guide/server/prepare-mattermost-mysql-database.rst b/source/deployment-guide/server/prepare-mattermost-mysql-database.rst index 82e8ba939a9..628db13af97 100644 --- a/source/deployment-guide/server/prepare-mattermost-mysql-database.rst +++ b/source/deployment-guide/server/prepare-mattermost-mysql-database.rst @@ -67,7 +67,7 @@ Upgrade Mattermost .. tab:: Upgrade to v7.0 :parse-titles: - Self-hosted Mattermost customers using MySQL databases may notice the migration to release v7.0 taking longer than usual when there are a large number of rows in the ``FileInfo`` table. See the :doc:`important upgrade notes ` documentation for details. + Self-hosted Mattermost customers using MySQL databases may notice the migration to release v7.0 taking longer than usual when there are a large number of rows in the ``FileInfo`` table. See the :doc:`important upgrade notes ` documentation for details. .. tab:: Upgrade to v6.7 :parse-titles: @@ -247,14 +247,14 @@ By default, Mattermost uses full text search support included in MySQL. Select t Perform searches in Chinese, Korean, and Japanese ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The best experience for searching in Chinese, Korean, and Japanese is to use MySQL 5.7.6 or later with special configuration. See the :doc:`Chinese, Japanese and Korean Search documentation ` for details. +The best experience for searching in Chinese, Korean, and Japanese is to use MySQL 5.7.6 or later with special configuration. See the :doc:`Chinese, Japanese and Korean Search documentation ` for details. You can perform searches without this configuration by adding wildcards ``*`` to the end of search terms. Migrate from Bitnami to a self-hosted Mattermost deployment ------------------------------------------------------------ -If you're planning a migration from Bitnami to a self-hosted Mattermost installation with a MySQL database, read these notes in our migration guide: :ref:`Migrating from Bitnami `. +If you're planning a migration from Bitnami to a self-hosted Mattermost installation with a MySQL database, read these notes in our migration guide: :ref:`Migrating from Bitnami `. Downgrade Mattermost v6.0 to v5.38 ----------------------------------- diff --git a/source/deployment-guide/server/server-architecture.rst b/source/deployment-guide/server/server-architecture.rst index 83c291b085c..ed5ad48cfef 100644 --- a/source/deployment-guide/server/server-architecture.rst +++ b/source/deployment-guide/server/server-architecture.rst @@ -1,7 +1,7 @@ Reference Architecture for Mattermost Server ============================================= -The following diagrams detail suggested architecture configurations of :ref:`high availability Mattermost deployments ` at different scales. Hardware and infrastructure requirements will vary significantly based on usage and policies. See the :doc:`scaling for enterprise ` documentation for reference architecture guidance at scale, including hardware and infrastructure requirements. +The following diagrams detail suggested architecture configurations of :ref:`high availability Mattermost deployments ` at different scales. Hardware and infrastructure requirements will vary significantly based on usage and policies. See the :doc:`scaling for enterprise ` documentation for reference architecture guidance at scale, including hardware and infrastructure requirements. High availability in Mattermost consists of running redundant Mattermost application servers, redundant database servers, and redundant load balancers so that failure of any one of these components does not interrupt operation of the system. Upon failure of one component, the remaining application servers, database servers, and load balancers must be sized and configured to carry the full load of the system. If this requirement is not met, an outage of one component can result in an overload of the remaining components, causing a complete system outage. @@ -14,12 +14,12 @@ You can apply most configuration changes and dot release security updates withou Designed for scale ------------------ -Mattermost is designed to be able to handle a large number of concurrent users, and the architecture can be scaled up or down as needed. The architecture is also designed to be flexible, allowing for the addition of new components or services as needed. The following diagrams show the recommended architecture for Mattermost deployments at 5,000, 10,000, 25,000, and 50,000 users. The diagrams are organized by user count and include a general diagram and AWS and Azure versions of each diagram. See the :doc:`scaling for enterprise ` documentation for more information on scaling Mattermost deployments. +Mattermost is designed to be able to handle a large number of concurrent users, and the architecture can be scaled up or down as needed. The architecture is also designed to be flexible, allowing for the addition of new components or services as needed. The following diagrams show the recommended architecture for Mattermost deployments at 5,000, 10,000, 25,000, and 50,000 users. The diagrams are organized by user count and include a general diagram and AWS and Azure versions of each diagram. See the :doc:`scaling for enterprise ` documentation for more information on scaling Mattermost deployments. - Each generalized diagram represents a full High Availability deployment across all critical components. The proxy, database, file storage, and Elasticsearch layers can be replaced by cloud services. - Each AWS diagram represents a full High Availability deployment on Amazon Web Services making full use of the available services. - Each Azure diagram represents a full High Availability deployment on Microsoft Azure making full use of the available services. -- Push proxy can be replaced by the Mattermost :ref:`hosted push notification service `. +- Push proxy can be replaced by the Mattermost :ref:`hosted push notification service `. .. tab:: AWS diff --git a/source/deployment-guide/server/server-deployment-planning.rst b/source/deployment-guide/server/server-deployment-planning.rst index 3992a8cb5f7..c4c34a5a74f 100644 --- a/source/deployment-guide/server/server-deployment-planning.rst +++ b/source/deployment-guide/server/server-deployment-planning.rst @@ -17,7 +17,7 @@ This section provides comprehensive guidance on deploying and managing your Matt Pre-authentication secrets Reference Architecture Deployment Solution Programs - Scale for Enterprise + Scale for Enterprise * :doc:`Preparations ` - Software and hardware requirements, proxy setup, TLS configuration, and other pre-deployment tasks. * :doc:`Deploy with Kubernetes ` - Scalable deployment on various Kubernetes platforms with high availability support. @@ -28,7 +28,7 @@ This section provides comprehensive guidance on deploying and managing your Matt * :doc:`Pre-authentication secrets ` - Configure reverse proxy validation for mobile and desktop applications using pre-authentication headers. * :doc:`Reference Architecture ` - Recommended architecture patterns and infrastructure design. * :doc:`Deployment Solution Programs ` - Automated deployment tools and orchestration solutions. -* :doc:`Scale for Enterprise ` - High availability, clustering, and enterprise-scale deployment guidance. +* :doc:`Scale for Enterprise ` - High availability, clustering, and enterprise-scale deployment guidance. Core technology stack diff --git a/source/deployment-guide/server/setup-nginx-proxy.rst b/source/deployment-guide/server/setup-nginx-proxy.rst index a7a5e633974..dd60428ea71 100644 --- a/source/deployment-guide/server/setup-nginx-proxy.rst +++ b/source/deployment-guide/server/setup-nginx-proxy.rst @@ -225,7 +225,7 @@ You can use any certificate that you want, but these instructions show you how t .. note:: - If Let’s Encrypt is enabled, forward port 80 through a firewall, with :ref:`Forward80To443 ` ``config.json`` setting set to ``true`` to complete the Let’s Encrypt certification. See the `Let's Encrypt/Certbot documentation `_ for additional assistance. + If Let’s Encrypt is enabled, forward port 80 through a firewall, with :ref:`Forward80To443 ` ``config.json`` setting set to ``true`` to complete the Let’s Encrypt certification. See the `Let's Encrypt/Certbot documentation `_ for additional assistance. 1. Log in to the server that hosts NGINX and open a terminal window. diff --git a/source/deployment-guide/server/setup-tls.rst b/source/deployment-guide/server/setup-tls.rst index 3cafc9fb0ed..25ae8157817 100644 --- a/source/deployment-guide/server/setup-tls.rst +++ b/source/deployment-guide/server/setup-tls.rst @@ -38,7 +38,7 @@ The certificate is retrieved the first time that a client tries to connect to th .. note:: - - If Let's Encrypt is enabled, forward port 80 through a firewall, with :ref:`Forward80To443 ` ``config.json`` setting set to ``true`` to complete the Let's Encrypt certification. + - If Let's Encrypt is enabled, forward port 80 through a firewall, with :ref:`Forward80To443 ` ``config.json`` setting set to ``true`` to complete the Let's Encrypt certification. - Your Mattermost server must be accessible from the Let's Encrypt CA in order to verify your domain name and issue the certificate. Be sure to open your firewall and configure any reverse proxies to forward traffic to ports 80 and 443. More information can be found `at Let's Encrypt `_. Use your own certificate diff --git a/source/deployment-guide/server/trouble_mysql.rst b/source/deployment-guide/server/trouble_mysql.rst index 2a506583bf2..161e8ddb575 100644 --- a/source/deployment-guide/server/trouble_mysql.rst +++ b/source/deployment-guide/server/trouble_mysql.rst @@ -5,8 +5,8 @@ Before you can run the Mattermost server, you must first install and configure a .. note:: - - Additional database tuning guidance is available for specific Mattermost releases. See the :doc:`important upgrade notes ` documentation for more details. - - See the :ref:`database configuration settings ` documentation for details on configuration options specific to MySQL databases. + - Additional database tuning guidance is available for specific Mattermost releases. See the :doc:`important upgrade notes ` documentation for more details. + - See the :ref:`database configuration settings ` documentation for details on configuration options specific to MySQL databases. How you install MySQL varies depending upon which Linux distribution you use. However, once MySQL is installed, the configuration instructions are the same. For all distributions you must create a ``mattermost`` database and a ``mattermost`` database user. Failure to create these database diff --git a/source/deployment-guide/server/troubleshooting.rst b/source/deployment-guide/server/troubleshooting.rst index c65d17e96e6..a0c74cd3128 100644 --- a/source/deployment-guide/server/troubleshooting.rst +++ b/source/deployment-guide/server/troubleshooting.rst @@ -45,7 +45,7 @@ The resulting server log file is called ``mattermost.log`` and can be opened wit If filesystem access is not possible, navigate to **System Console > Reporting > Server Logs** to locate the current system logs which can be copied to a file. -You can find more on logging settings :ref:`here `. +You can find more on logging settings :ref:`here `. Mattermost Desktop App logs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -214,7 +214,7 @@ How to access logs **Mattermost** -Make sure :ref:`debug logging is enabled ` so that we can get the most information from the logs. To do this, go to **System Console > Environment > Logging**, then set both **Console File Level** and **File Log Level** to **DEBUG**. Remember to save your changes. +Make sure :ref:`debug logging is enabled ` so that we can get the most information from the logs. To do this, go to **System Console > Environment > Logging**, then set both **Console File Level** and **File Log Level** to **DEBUG**. Remember to save your changes. If the behavior started at a known time or date, use ``journalctl`` to get the logs like this: diff --git a/source/deployment-guide/software-hardware-requirements.rst b/source/deployment-guide/software-hardware-requirements.rst index bad5d187bbe..b67f4d98d9b 100644 --- a/source/deployment-guide/software-hardware-requirements.rst +++ b/source/deployment-guide/software-hardware-requirements.rst @@ -149,7 +149,7 @@ Search limitations on PostgreSQL: - One of them is: ``The length of a tsvector (lexemes + positions) must be less than 1 megabyte``, which means that, based on the file content, even files with content less than 1 MB won't be searchable if they hit the ``tsvector`` limit of 1 MB. -- If any of the above is an issue, you can :doc:`set up and enable enterprise search `. +- If any of the above is an issue, you can :doc:`set up and enable enterprise search `. MySQL Support :::::::::::::::::::: @@ -188,7 +188,7 @@ Hardware requirements Usage of CPU, RAM, and storage space can vary significantly based on user behavior. These hardware recommendations are based on traditional deployments and may grow or shrink depending on how active your users are. -Moreover, memory requirements can be driven by peak file sharing activity. Recommendation is based on default 50 MB maximum file size, which can be :ref:`adjusted from the System Console `. Changing this number may change memory requirements. +Moreover, memory requirements can be driven by peak file sharing activity. Recommendation is based on default 50 MB maximum file size, which can be :ref:`adjusted from the System Console `. Changing this number may change memory requirements. For deployments larger than 2,000 users, it is recommended to use the Mattermost open source load testing framework to simulate usage of your system at full scale: `https://github.com/mattermost/mattermost-load-test-ng `__. @@ -210,18 +210,18 @@ Hardware requirements for enterprise deployments (multi-server) Scale requirements ^^^^^^^^^^^^^^^^^^ -For Enterprise Edition deployments with a multi-server setup, see :doc:`our scaling guide `. +For Enterprise Edition deployments with a multi-server setup, see :doc:`our scaling guide `. It is highly recommended that pilots are run before enterprise-wide deployments in order to estimate full scale usage based on your specific organizational needs. You can use the Mattermost open source load testing framework to simulate usage of your system: `https://github.com/mattermost/mattermost-load-test-ng `__. -Mattermost's :doc:`performance monitoring ` tools can be used for detailed performance measurements and to inspect the running system to ensure sizing and installation is correct. +Mattermost's :doc:`performance monitoring ` tools can be used for detailed performance measurements and to inspect the running system to ensure sizing and installation is correct. System requirements ^^^^^^^^^^^^^^^^^^^ For Enterprise Edition deployments with a multi-server setup, we highly recommend the following systems to support your Mattermost deployment: -- Prometheus to track system health of your Mattermost deployment, through :doc:`performance monitoring feature ` available in Mattermost Enterprise. -- Grafana to visualize the system health metrics collected by Prometheus with the :doc:`performance monitoring feature `. Grafana 5.0.0 and later is recommended. -- Elasticsearch to support highly efficient database searches in a cluster environment. Elasticsearch v7.17+ is supported, and Elasticsearch v8.x or AWS OpenSearch is recommended from Mattermost v9.11. :doc:`Learn more `. -- MinIO or AWS S3. Mattermost is compatible with object storage systems which implement the S3 API. Other S3-compatible systems may work, but are not officially supported. Learn more about file storage configuration options :ref:`in our documentation `. +- Prometheus to track system health of your Mattermost deployment, through :doc:`performance monitoring feature ` available in Mattermost Enterprise. +- Grafana to visualize the system health metrics collected by Prometheus with the :doc:`performance monitoring feature `. Grafana 5.0.0 and later is recommended. +- Elasticsearch to support highly efficient database searches in a cluster environment. Elasticsearch v7.17+ is supported, and Elasticsearch v8.x or AWS OpenSearch is recommended from Mattermost v9.11. :doc:`Learn more `. +- MinIO or AWS S3. Mattermost is compatible with object storage systems which implement the S3 API. Other S3-compatible systems may work, but are not officially supported. Learn more about file storage configuration options :ref:`in our documentation `. diff --git a/source/end-user-guide/collaborate/access-your-workspace.rst b/source/end-user-guide/collaborate/access-your-workspace.rst index 827ffffc5d4..6dfe54dbd15 100644 --- a/source/end-user-guide/collaborate/access-your-workspace.rst +++ b/source/end-user-guide/collaborate/access-your-workspace.rst @@ -57,7 +57,7 @@ If you've forgotten your password, you can reset it on the login screen by selec Email address or username -------------------------- -When :ref:`account creation with email ` is enabled by your system admin, you can log in with the username or email address used to create a Mattermost account. +When :ref:`account creation with email ` is enabled by your system admin, you can log in with the username or email address used to create a Mattermost account. .. image:: ../../images/login-email-username.png :alt: Log in to Mattermost with your username or email address, or reset your password. @@ -100,7 +100,7 @@ When enabled by your system admin, you may log in using your GitLab, Google, Ent When enabled by your system admin, you can log in with your SAML credentials. This lets you use the same username and password for Mattermost that you use for various other company services. - Mattermost officially supports :doc:`Okta `, :doc:`OneLogin `, and Microsoft ADFS as an identity provider (IDP) for SAML, but you may use other SAML IDPs as well. See our :doc:`SAML Single Sign-On documentation ` to learn more about configuring SAML for Mattermost. + Mattermost officially supports :doc:`Okta `, :doc:`OneLogin `, and Microsoft ADFS as an identity provider (IDP) for SAML, but you may use other SAML IDPs as well. See our :doc:`SAML Single Sign-On documentation ` to learn more about configuring SAML for Mattermost. .. image:: ../../images/login-onelogin.png :alt: Log in to Mattermost with SAML credentials, such as OneLogin. diff --git a/source/end-user-guide/collaborate/archive-unarchive-channels.rst b/source/end-user-guide/collaborate/archive-unarchive-channels.rst index ff2a2f232a3..9374eb6d43b 100644 --- a/source/end-user-guide/collaborate/archive-unarchive-channels.rst +++ b/source/end-user-guide/collaborate/archive-unarchive-channels.rst @@ -11,7 +11,7 @@ Delete :ref:`public channels ` your ability to do so. + You can continue to access archived channels, unless your system admin has :ref:`disabled ` your ability to do so. .. tab:: Web/Desktop @@ -62,7 +62,7 @@ Delete :ref:`public channels `. +System admins and Team admins can restore archived channels. When a channel is unarchived, channel membership and all its content is restored, unless messages and files have been deleted based on a :ref:`data retention policy `. .. tab:: Web/Desktop @@ -107,4 +107,4 @@ System admins and Team admins can restore archived channels. When a channel is u .. tip:: - Alternatively, system admins can unarchive channels :ref:`via the mmctl `, and Team admins can unarchive channels `via the API `__. + Alternatively, system admins can unarchive channels :ref:`via the mmctl `, and Team admins can unarchive channels `via the API `__. diff --git a/source/end-user-guide/collaborate/audio-and-screensharing.rst b/source/end-user-guide/collaborate/audio-and-screensharing.rst index 361ef7fffdf..f5c2dd0d9dd 100644 --- a/source/end-user-guide/collaborate/audio-and-screensharing.rst +++ b/source/end-user-guide/collaborate/audio-and-screensharing.rst @@ -1,7 +1,7 @@ Audio and Screensharing ======================= -Mattermost Calls offers native real-time chat, self-hosted audio calls, and screen sharing within your own network, enabling secure, effective team communication and collaboration. Learn more about :doc:`deploying Mattermost Calls ` in a self-hosted environment and :doc:`making calls ` with Mattermost. +Mattermost Calls offers native real-time chat, self-hosted audio calls, and screen sharing within your own network, enabling secure, effective team communication and collaboration. Learn more about :doc:`deploying Mattermost Calls ` in a self-hosted environment and :doc:`making calls ` with Mattermost. With calls and screen sharing, Mattermost ensures that communications remain uninterrupted, even during maintenance or outages, and scales effortlessly to meet your team’s growing needs, safeguarding the integrity of mission-critical operations. diff --git a/source/end-user-guide/collaborate/channel-types.rst b/source/end-user-guide/collaborate/channel-types.rst index aae1ccb609e..be769f5fee7 100644 --- a/source/end-user-guide/collaborate/channel-types.rst +++ b/source/end-user-guide/collaborate/channel-types.rst @@ -40,7 +40,7 @@ Direct message channels Direct message channels are for conversations between 2 people. Only members of the conversation can see direct messages and channel heading information, including the last active status of the other user. -You can start a direct message with people on other teams :ref:`unless the system admin has disabled your ability to do so `. +You can start a direct message with people on other teams :ref:`unless the system admin has disabled your ability to do so `. Direct messages update the numbered badge count and trigger a notification unless the direct message is muted, or your notifications are disabled. See the :doc:`notification documentation ` for details on customizing notifications based on your preferences. @@ -58,13 +58,13 @@ Want to have a group conversation with more than 7 people? :doc:`Create a privat .. note:: - - You can start a group message with people on other teams when :ref:`unless the system admin has disabled your ability to do so `. + - You can start a group message with people on other teams when :ref:`unless the system admin has disabled your ability to do so `. - From Mattermost v9.1, group messages increase the numbered badge count and trigger a notification unless the direct message is muted, or your notifications are disabled. Control how you're notified about group message conversations by going to **Settings > Notifications**. See the :doc:`notification documentation ` to learn more. - - Any group message history you have with a deactivated user remains available :ref:`unless your system admin disables your ability to do so `. + - Any group message history you have with a deactivated user remains available :ref:`unless your system admin disables your ability to do so `. Archived channels ----------------- Archived channels are deactivated public, private, direct message, or group message channels that are no longer used. Archived channels are identified with a **File Box** |file-box| icon. -:ref:`Archiving a channel ` marks it read-only to prevent new messages from being sent and preserve channel history. You can continue to access archived channels, unless your system admin has :ref:`disabled ` your ability to do so. \ No newline at end of file +:ref:`Archiving a channel ` marks it read-only to prevent new messages from being sent and preserve channel history. You can continue to access archived channels, unless your system admin has :ref:`disabled ` your ability to do so. \ No newline at end of file diff --git a/source/end-user-guide/collaborate/client-availability.rst b/source/end-user-guide/collaborate/client-availability.rst index b5c62689f80..39790580495 100644 --- a/source/end-user-guide/collaborate/client-availability.rst +++ b/source/end-user-guide/collaborate/client-availability.rst @@ -32,7 +32,7 @@ Messages | :ref:`Preview image links ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------------------------+-------------+-------------+-----------------+ | :ref:`Preview websites | | | | -| ` | |checkmark| | |checkmark| | |checkmark| | +| ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------------------------+-------------+-------------+-----------------+ | :doc:`Notifications ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------------------------+-------------+-------------+-----------------+ @@ -63,7 +63,7 @@ Channels | :doc:`Rename channels ` | |checkmark| | |checkmark| | |checkmark| | +----------------------------------------------------------------------------------------------------------+-------------+-------------+-------------+ | :ref:`Deactivate members | | | | -| ` | |checkmark| | |checkmark| | | +| ` | |checkmark| | |checkmark| | | +----------------------------------------------------------------------------------------------------------+-------------+-------------+-------------+ Teams @@ -164,15 +164,15 @@ Authentication | :ref:`Email password login | | | | | ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ -| :doc:`AD/LDAP ` | |checkmark| | |checkmark| | |checkmark| | +| :doc:`AD/LDAP ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ -| :doc:`SAML SSO ` | |checkmark| | |checkmark| | |checkmark| | +| :doc:`SAML SSO ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ -| :doc:`GitLab SSO ` | |checkmark| | |checkmark| | |checkmark| | +| :doc:`GitLab SSO ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ -| :doc:`Entra ID SSO ` | |checkmark| | |checkmark| | |checkmark| | +| :doc:`Entra ID SSO ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ -| :doc:`Google SSO ` | |checkmark| | |checkmark| | |checkmark| | +| :doc:`Google SSO ` | |checkmark| | |checkmark| | |checkmark| | +-------------------------------------------------------------------------------------------+-------------+-------------+-------------+ Other @@ -199,6 +199,6 @@ What feature quality levels does Mattermost have? We strive to release viable features. This means that we put in a significant amount of effort to ensure we solve a use case with a high bar for quality. A feature that's viable and meets our criteria for our production quality levels will be released to production. -However, when working on large and complex features or new products, we may need to test them with a high volume of customers and users. For these scenarios, we'll release them as :ref:`Experimental ` or :ref:`Beta `, and implement feature flags and/or A/B testing to validate the effectiveness of features prior to production-level release. Additionally, we `dogfood our features `_ on our community server, and provide many configuration options that ensure customers can opt-in when trying experimental or beta features. +However, when working on large and complex features or new products, we may need to test them with a high volume of customers and users. For these scenarios, we'll release them as :ref:`Experimental ` or :ref:`Beta `, and implement feature flags and/or A/B testing to validate the effectiveness of features prior to production-level release. Additionally, we `dogfood our features `_ on our community server, and provide many configuration options that ensure customers can opt-in when trying experimental or beta features. -See the :doc:`Mattermost feature labels ` documentation for details on the status, maturity, and support level of each feature, and what you can expect at each level. +See the :doc:`Mattermost feature labels ` documentation for details on the status, maturity, and support level of each feature, and what you can expect at each level. diff --git a/source/end-user-guide/collaborate/collaborate-within-connected-microsoft-teams.rst b/source/end-user-guide/collaborate/collaborate-within-connected-microsoft-teams.rst index 4cb668f1cca..9adf44c5ed9 100644 --- a/source/end-user-guide/collaborate/collaborate-within-connected-microsoft-teams.rst +++ b/source/end-user-guide/collaborate/collaborate-within-connected-microsoft-teams.rst @@ -17,7 +17,7 @@ Connect your Mattermost account to your Microsoft Teams account --------------------------------------------------------------- .. note:: - Your System Administrator must install and enable the :doc:`Mattermost for Microsoft Teams integration ` and ensure :ref:`support for notifications is enabled ` in order for you to connect your account and recieve chat notifications. + Your System Administrator must install and enable the :doc:`Mattermost for Microsoft Teams integration ` and ensure :ref:`support for notifications is enabled ` in order for you to connect your account and recieve chat notifications. Once the integration is installed and configured by a System Administrator, you can connect your Mattermost user account to your Microsoft Teams account. You only need to complete this step once. diff --git a/source/end-user-guide/collaborate/convert-public-channels.rst b/source/end-user-guide/collaborate/convert-public-channels.rst index a467b4304f2..b518a762c7b 100644 --- a/source/end-user-guide/collaborate/convert-public-channels.rst +++ b/source/end-user-guide/collaborate/convert-public-channels.rst @@ -57,7 +57,7 @@ Due to potential security concerns with sharing private channel history, only sy .. note:: - - The ability to convert private channels to public channels using the `API `_ or :ref:`mmctl channel modify command ` is limited to system admins, team admins, and users with specific granular admin roles. Team admins have this permission by default, but system admins can restrict it or assign it to other roles. + - The ability to convert private channels to public channels using the `API `_ or :ref:`mmctl channel modify command ` is limited to system admins, team admins, and users with specific granular admin roles. Team admins have this permission by default, but system admins can restrict it or assign it to other roles. - Granular roles require permissions for managing User Management Channels and Groups, including ``sysconsole_write_user_management_channels`` and ``sysconsole_write_user_management_groups``. Manage permissions through the :ref:`permission scheme `. - If :ref:`Sync Group channel management ` is enabled, private channels can't be converted to public channels. diff --git a/source/end-user-guide/collaborate/create-channels.rst b/source/end-user-guide/collaborate/create-channels.rst index 4facc5e7f99..345f5e93a06 100644 --- a/source/end-user-guide/collaborate/create-channels.rst +++ b/source/end-user-guide/collaborate/create-channels.rst @@ -21,7 +21,7 @@ Anyone can create public channels, private channels, direct messages, and group 2. Enter a channel name. 3. Choose whether this is a public or private channel. See the :doc:`channel types ` documentation to learn more about public and private channels. 4. (Optional) Describe the channel's focus or purpose. This text is visible to all channel members in the channel header. - 5. (Optional) Assign the channel to a category. If your system admin has enabled :ref:`channel category sorting `, you can assign the new channel to a new or existing channel category. If this option isn't available, you can `customize your channel sidebar `. + 5. (Optional) Assign the channel to a category. If your system admin has enabled :ref:`channel category sorting `, you can assign the new channel to a new or existing channel category. If this option isn't available, you can `customize your channel sidebar `. Start a direct or group message -------------------------------- @@ -31,7 +31,7 @@ Anyone can create public channels, private channels, direct messages, and group .. image:: ../../images/write-dm.png :alt: Access recent direct messages and group messages. - 2. Select up to seven users by searching or browsing. If your organization uses :doc:`connected workspaces `, you can also select remote users from shared channels for direct and group messages. + 2. Select up to seven users by searching or browsing. If your organization uses :doc:`connected workspaces `, you can also select remote users from shared channels for direct and group messages. .. tip:: @@ -60,7 +60,7 @@ Anyone can create public channels, private channels, direct messages, and group Start a direct or group message -------------------------------- - Tap |plus| in the top right corner of the app, then select **Open a Direct Message**. You can select one person for a direct message or up to seven people for a group message. If your organization uses :doc:`connected workspaces `, remote users from shared channels are also available to select. Tap **Start** to start the conversation. + Tap |plus| in the top right corner of the app, then select **Open a Direct Message**. You can select one person for a direct message or up to seven people for a group message. If your organization uses :doc:`connected workspaces `, remote users from shared channels are also available to select. Tap **Start** to start the conversation. .. image:: ../../images/create-channel-or-open-direct-message-on-mobile.jpg :alt: You can start a direct or group message by tapping the plus in the top right corner. @@ -81,4 +81,4 @@ Automatic actions include: - Automatically adding the channel to a :doc:`category in the user's channel sidebar `. - Prompting to run a playbook based on the contents of a message. -The :ref:`collaborative playbooks must be enabled ` for channel admins to use channel actions. \ No newline at end of file +The :ref:`collaborative playbooks must be enabled ` for channel admins to use channel actions. \ No newline at end of file diff --git a/source/end-user-guide/collaborate/extend-mattermost-with-integrations.rst b/source/end-user-guide/collaborate/extend-mattermost-with-integrations.rst index e87534db39d..4fae45d564b 100644 --- a/source/end-user-guide/collaborate/extend-mattermost-with-integrations.rst +++ b/source/end-user-guide/collaborate/extend-mattermost-with-integrations.rst @@ -12,9 +12,9 @@ Mattermost features ~~~~~~~~~~~~~~~~~~~~ - :ref:`AI Agents ` -- :ref:`Export Mattermost channel data ` -- :ref:`Monitor performance metrics ` -- :doc:`Perform legal holds ` +- :ref:`Export Mattermost channel data ` +- :ref:`Monitor performance metrics ` +- :doc:`Perform legal holds ` Mattermost interoperability ~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/collaborate/format-messages.rst b/source/end-user-guide/collaborate/format-messages.rst index 2b167a7f211..060e561ec2a 100644 --- a/source/end-user-guide/collaborate/format-messages.rst +++ b/source/end-user-guide/collaborate/format-messages.rst @@ -659,7 +659,7 @@ Math Formulas .. note:: - This feature is :ref:`disabled by default `. Contact your system admin to enable this setting in **System Console > Site Configuration > Posts** to use this feature. + This feature is :ref:`disabled by default `. Contact your system admin to enable this setting in **System Console > Site Configuration > Posts** to use this feature. .. code-block:: text @@ -676,7 +676,7 @@ Math Formulas .. note:: - This feature is :ref:`disabled by default `. Contact your system admin to enable this setting in **System Console > Site Configuration > Posts** to use this feature. + This feature is :ref:`disabled by default `. Contact your system admin to enable this setting in **System Console > Site Configuration > Posts** to use this feature. .. code-block:: text diff --git a/source/end-user-guide/collaborate/install-android-app.rst b/source/end-user-guide/collaborate/install-android-app.rst index 1c7e26ebdad..c30e1ba2c6b 100644 --- a/source/end-user-guide/collaborate/install-android-app.rst +++ b/source/end-user-guide/collaborate/install-android-app.rst @@ -12,7 +12,7 @@ Take Mattermost wherever you go by `installing the Mattermost mobile app `. See the :doc:`manage security preferences ` documentation for details. + You can set up multi-factor authentication for Mattermost if your system admin has :ref:`enabled your ability to do so `. See the :doc:`manage security preferences ` documentation for details. Mattermost on Chromebooks -------------------------- diff --git a/source/end-user-guide/collaborate/install-ios-app.rst b/source/end-user-guide/collaborate/install-ios-app.rst index c2f91e7e5df..18d285a18bc 100644 --- a/source/end-user-guide/collaborate/install-ios-app.rst +++ b/source/end-user-guide/collaborate/install-ios-app.rst @@ -17,4 +17,4 @@ Take Mattermost wherever you go by `installing the Mattermost mobile app ` documentation for additional details. - - You can set up multi-factor authentication for Mattermost if your system admin has :ref:`enabled your ability to do so `. See the :doc:`manage security preferences ` documentation for details. \ No newline at end of file + - You can set up multi-factor authentication for Mattermost if your system admin has :ref:`enabled your ability to do so `. See the :doc:`manage security preferences ` documentation for details. \ No newline at end of file diff --git a/source/end-user-guide/collaborate/invite-people.rst b/source/end-user-guide/collaborate/invite-people.rst index df5891c3872..ab2d548bc17 100644 --- a/source/end-user-guide/collaborate/invite-people.rst +++ b/source/end-user-guide/collaborate/invite-people.rst @@ -49,8 +49,8 @@ Anyone can invite people to Mattermost teams and channels, unless your system ad .. note:: - - Can't share invitation links? Contact your Mattermost system admin for assistance. An :doc:`SSL certificate (or a self-signed certificate) ` may be required for link-based invitations to work. + - Can't share invitation links? Contact your Mattermost system admin for assistance. An :doc:`SSL certificate (or a self-signed certificate) ` may be required for link-based invitations to work. - An invite link can be used by anyone and doesn’t change unless it’s re-generated by a system admin or team admin via **Team Settings > Access > Invite Code**. - - Your system admin must :ref:`enable email invitations ` and configure :ref:`email ` for Mattermost to send email-based invitations. + - Your system admin must :ref:`enable email invitations ` and configure :ref:`email ` for Mattermost to send email-based invitations. - Invitation links sent by email expire after 48 hours and can only be used once. - - Your system admin can :ref:`cancel all email invitations ` that haven't yet been accepted within the System Console. \ No newline at end of file + - Your system admin can :ref:`cancel all email invitations ` that haven't yet been accepted within the System Console. \ No newline at end of file diff --git a/source/end-user-guide/collaborate/learn-about-roles.rst b/source/end-user-guide/collaborate/learn-about-roles.rst index 6e99dfbae9a..8514384aff4 100644 --- a/source/end-user-guide/collaborate/learn-about-roles.rst +++ b/source/end-user-guide/collaborate/learn-about-roles.rst @@ -71,7 +71,7 @@ A guest is a role with restricted permissions. Guests enable organizations to co Deactivated ----------- -A system admin can deactivate user accounts via **System Console > Users**. A list of all users on the server can be searched and filtered to make finding users easier. Select the user's role and in the menu that opens, then select **Deactivate**. See the :ref:`deactivate user accounts admin ` documentation for details. +A system admin can deactivate user accounts via **System Console > Users**. A list of all users on the server can be searched and filtered to make finding users easier. Select the user's role and in the menu that opens, then select **Deactivate**. See the :ref:`deactivate user accounts admin ` documentation for details. When **Deactivate** is selected, the user is logged out of the system, and receives an error message if they try to log back in. The user no longer appears in channel member lists, and they are removed from the team members list. A deactivated account can also be reactivated from the System Console, in which case the user rejoins channels and teams that they previously belonged to. diff --git a/source/end-user-guide/collaborate/make-calls.rst b/source/end-user-guide/collaborate/make-calls.rst index 710427f7dc1..92f64564b76 100644 --- a/source/end-user-guide/collaborate/make-calls.rst +++ b/source/end-user-guide/collaborate/make-calls.rst @@ -10,8 +10,8 @@ Using a web browser, the desktop app, or the mobile app, you can `join a call <# - All Mattermost customers can start, join, and participate in 1:1 audio calls with optional screen sharing. - For group calls up to 50 concurrent users, Mattermost Enterprise, Professional, or Mattermost Cloud is required. - - Enterprise customers can also `record calls <#record-a-call>`__, enable :ref:`live text captions ` during calls, and `transcribe recorded calls <#transcribe-recorded-calls>`__. We recommend that Enterprise self-hosted customers looking for group calls beyond 50 concurrent users consider using the :ref:`dedicated rtcd service `. - - Mattermost Cloud users can start calling right out of the box. For Mattermost self-hosted deployments, System admins need to enable and configure the plugin :ref:`using the System Console `. + - Enterprise customers can also `record calls <#record-a-call>`__, enable :ref:`live text captions ` during calls, and `transcribe recorded calls <#transcribe-recorded-calls>`__. We recommend that Enterprise self-hosted customers looking for group calls beyond 50 concurrent users consider using the :ref:`dedicated rtcd service `. + - Mattermost Cloud users can start calling right out of the box. For Mattermost self-hosted deployments, System admins need to enable and configure the plugin :ref:`using the System Console `. .. include:: ../../_static/badges/academy-calls.rst :start-after: :nosearch: @@ -101,7 +101,7 @@ From Mattermost v10.2 and mobile v2.19, call hosts who choose to leave a call ar Share your screen ----------------- -During a call, call participants can share their screen with other call participants, unless your system admin has :ref:`disabled your ability to do so `. +During a call, call participants can share their screen with other call participants, unless your system admin has :ref:`disabled your ability to do so `. .. note:: @@ -172,11 +172,11 @@ Record a call .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -From Mattermost v7.7, if you're the host of a meeting, you can record the call, unless your system admin has :ref:`disabled the host's ability to do so `. +From Mattermost v7.7, if you're the host of a meeting, you can record the call, unless your system admin has :ref:`disabled the host's ability to do so `. -Call recordings include audio, any screen sharing during the call, and text transcriptions, when :ref:`enabled `. +Call recordings include audio, any screen sharing during the call, and text transcriptions, when :ref:`enabled `. -The default setting for a recording is 60 minutes, but your system admin may :ref:`change the recording duration ` as needed. You'll receive a reminder 10 minutes before the recording limit is reached. If your call is going to continue beyond the recording limit, allow the first recording to complete, then start a new recording immediately after. +The default setting for a recording is 60 minutes, but your system admin may :ref:`change the recording duration ` as needed. You'll receive a reminder 10 minutes before the recording limit is reached. If your call is going to continue beyond the recording limit, allow the first recording to complete, then start a new recording immediately after. When you stop recording, the recording file is posted in the call thread as an MP4 file attachment. It's available to all users in the channel both during the call, and after the call has ended. @@ -217,14 +217,14 @@ Live captions during calls .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -From Mattermost v9.7, and Mattermost mobile app v.2.16, all call participants can display real-time text captions by selecting the **More** |more-icon| icon and **Show live captions** when the call is being recorded, and when :ref:`live captions are enabled `. Live captions can be helpful in cases where noise is preventing you from hearing the audio of participants clearly. +From Mattermost v9.7, and Mattermost mobile app v.2.16, all call participants can display real-time text captions by selecting the **More** |more-icon| icon and **Show live captions** when the call is being recorded, and when :ref:`live captions are enabled `. Live captions can be helpful in cases where noise is preventing you from hearing the audio of participants clearly. -By default, live captions display in English. Your Mattermost system admin can :ref:`specify a different language for live captions ` in the System Console. +By default, live captions display in English. Your Mattermost system admin can :ref:`specify a different language for live captions ` in the System Console. .. note:: - - The ability to enable live captions during Mattermost calls is currently in :ref:`Beta `. - - Your system admin must enable :ref:`call recordings ` to enable live captions. + - The ability to enable live captions during Mattermost calls is currently in :ref:`Beta `. + - Your system admin must enable :ref:`call recordings ` to enable live captions. Transcribe recorded calls -------------------------------- @@ -232,14 +232,14 @@ Transcribe recorded calls .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -From Mattermost v9.4, and Mattermost mobile app v.2.13, call recordings can include text captions, and a transcription text file can be generated, unless your system admin has :ref:`disabled the ability to transcribe call recordings `. +From Mattermost v9.4, and Mattermost mobile app v.2.13, call recordings can include text captions, and a transcription text file can be generated, unless your system admin has :ref:`disabled the ability to transcribe call recordings `. When call recording stops, the transcription file is posted in the call thread as a TXT file attachment. It's available to all users in the channel both during the call, and after the call has ended. Additionally, users viewing the call recording can show or hide text captions using the Closed Captioning option in the video player. .. note:: - - The ability to enable recorded call transcriptions is currently in :ref:`Beta `. - - Your system admin must enable :ref:`call recordings ` to enable recorded call transcriptions. + - The ability to enable recorded call transcriptions is currently in :ref:`Beta `. + - Your system admin must enable :ref:`call recordings ` to enable recorded call transcriptions. Frequently asked questions -------------------------- @@ -247,7 +247,7 @@ Frequently asked questions Can I set a ring tone for incoming calls? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Yes! From Mattermost v8.0 and Calls v0.17.0, desktop app and web users can go to **Settings > Notifications > Desktop Notifications** to enable Mattermost to alert you to incoming calls through direct or group messages with a specific ring tone and a desktop notification, unless the system admin has :ref:`disabled your ability to do so `. +Yes! From Mattermost v8.0 and Calls v0.17.0, desktop app and web users can go to **Settings > Notifications > Desktop Notifications** to enable Mattermost to alert you to incoming calls through direct or group messages with a specific ring tone and a desktop notification, unless the system admin has :ref:`disabled your ability to do so `. Is video supported? ~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/collaborate/manage-channel-bookmarks.rst b/source/end-user-guide/collaborate/manage-channel-bookmarks.rst index ca4e8b2ebf8..d7fcdc86e21 100644 --- a/source/end-user-guide/collaborate/manage-channel-bookmarks.rst +++ b/source/end-user-guide/collaborate/manage-channel-bookmarks.rst @@ -104,7 +104,7 @@ Using the mobile app, long-press on a bookmark and select **Share**. Copy bookmark links ^^^^^^^^^^^^^^^^^^^^ -You can copy bookmark links when your system admin has :ref:`enabled your ability to do so `. +You can copy bookmark links when your system admin has :ref:`enabled your ability to do so `. .. tab:: Web/Desktop diff --git a/source/end-user-guide/collaborate/mention-people.rst b/source/end-user-guide/collaborate/mention-people.rst index 962c937b5f2..cc17f232c22 100644 --- a/source/end-user-guide/collaborate/mention-people.rst +++ b/source/end-user-guide/collaborate/mention-people.rst @@ -69,7 +69,7 @@ You can ignore channel-wide mentions in specific channels by enabling the **Chan .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -This feature enables system admins to configure custom mentions for :doc:`LDAP synced groups ` via the Group Configuration page. This functionality is also supported on the mobile app (from v1.34) if the AD/LDAP groups feature is enabled. The mobile app supports auto-suggesting groups, highlights group member mentions, and also provides a warning dialog when a mention will notify more than five users. +This feature enables system admins to configure custom mentions for :doc:`LDAP synced groups ` via the Group Configuration page. This functionality is also supported on the mobile app (from v1.34) if the AD/LDAP groups feature is enabled. The mobile app supports auto-suggesting groups, highlights group member mentions, and also provides a warning dialog when a mention will notify more than five users. Once enabled for a specific group, users can mention and notify the entire group in a channel (similar to ``@channel`` or ``@all``). Members of the group in that channel will receive a notification. If members of the group mentioned aren't members of the channel, the user who posted the mention is prompted to invite them. @@ -121,7 +121,7 @@ Confirmation dialog warnings When your system admin has configured Mattermost to require confirmations for @mentions, you must confirm any mention that will trigger notifications for more than five users before sending the notification. -This confirmation dialog only appears when your system admin has configured this setting in the System Console. See our :ref:`configuration settings ` product documentation for details. This configuration setting is supported on the Mattermost Mobile App (from v1.34) if the :doc:`AD/LDAP groups ` feature is enabled. +This confirmation dialog only appears when your system admin has configured this setting in the System Console. See our :ref:`configuration settings ` product documentation for details. This configuration setting is supported on the Mattermost Mobile App (from v1.34) if the :doc:`AD/LDAP groups ` feature is enabled. Mention highlights ------------------ diff --git a/source/end-user-guide/collaborate/message-priority.rst b/source/end-user-guide/collaborate/message-priority.rst index 5cc4a858fdb..49ab54f78ce 100644 --- a/source/end-user-guide/collaborate/message-priority.rst +++ b/source/end-user-guide/collaborate/message-priority.rst @@ -37,7 +37,7 @@ To enable persistent notifications for a message: .. note:: - @channel, @all and @here mentions don't send persistent notifications. - - System admins can customize the maximum number of @mentions permitted, how frequently and how many persistent notifications are sent, as well as disable persistent notifications for all users, if preferred. By default, users are notified every 5 minutes for a total of 30 minutes. See the :ref:`configuration ` documentation for details. + - System admins can customize the maximum number of @mentions permitted, how frequently and how many persistent notifications are sent, as well as disable persistent notifications for all users, if preferred. By default, users are notified every 5 minutes for a total of 30 minutes. See the :ref:`configuration ` documentation for details. Receive persistent notifications -------------------------------- diff --git a/source/end-user-guide/collaborate/organize-conversations.rst b/source/end-user-guide/collaborate/organize-conversations.rst index e32a0c8e579..6fa03a572f0 100644 --- a/source/end-user-guide/collaborate/organize-conversations.rst +++ b/source/end-user-guide/collaborate/organize-conversations.rst @@ -8,11 +8,11 @@ Threads are a key part of the messaging experience in Mattermost. They're used t Threaded discussions offers an enhanced experience for users communicating in threads and replying to messages that includes a unified threads inbox to read all conversations in one view. Threads improve the ability to process channel content, find, follow, and resume conversations more easily, and keep threaded conversations focused. -From Mattermost v7.0, threaded discussions are enabled by default for all new Mattermost deployments. All Mattermost users can create new threads, unless the system admin has :ref:`disabled the ability to do so `. +From Mattermost v7.0, threaded discussions are enabled by default for all new Mattermost deployments. All Mattermost users can create new threads, unless the system admin has :ref:`disabled the ability to do so `. .. note:: - System admins can :ref:`configure default availability and user opt-in ` of threaded discussions. + System admins can :ref:`configure default availability and user opt-in ` of threaded discussions. .. image:: ../../images/collapsed-reply-threads.gif :alt: Organize conversations using threaded discussions. @@ -117,4 +117,4 @@ Tutorial video Known issues ------------ -Threaded discussions were released as generally available in Mattermost v7.0, including significant server performance improvements and more flexible configuration options for system admins to enable the feature by default. We highly recommended :doc:`upgrading Mattermost ` to take advantage of configuration and performance enhancements. +Threaded discussions were released as generally available in Mattermost v7.0, including significant server performance improvements and more flexible configuration options for system admins to enable the feature by default. We highly recommended :doc:`upgrading Mattermost ` to take advantage of configuration and performance enhancements. diff --git a/source/end-user-guide/collaborate/organize-using-custom-user-groups.rst b/source/end-user-guide/collaborate/organize-using-custom-user-groups.rst index a16898ec98f..8b8e75b2d09 100644 --- a/source/end-user-guide/collaborate/organize-using-custom-user-groups.rst +++ b/source/end-user-guide/collaborate/organize-using-custom-user-groups.rst @@ -14,7 +14,7 @@ Once a custom user group has been created, you can mention that group the same w .. note:: - - System admins need to enable this feature. See our :ref:`Mattermost Configuration Settings ` documentation for details. + - System admins need to enable this feature. See our :ref:`Mattermost Configuration Settings ` documentation for details. - From Mattermost v7.2, system admins can limit who can manage custom user groups through the Custom Group Manager system admin role. See the :doc:`delegated granular administration ` documentation for details. - The ability to create custom user groups on mobile will be available in a future release. @mentions for custom user groups on mobile work the same as :ref:`LDAP-synced groups `. diff --git a/source/end-user-guide/collaborate/organize-using-teams.rst b/source/end-user-guide/collaborate/organize-using-teams.rst index ed754f19452..a0e2177f1e3 100644 --- a/source/end-user-guide/collaborate/organize-using-teams.rst +++ b/source/end-user-guide/collaborate/organize-using-teams.rst @@ -12,7 +12,7 @@ Organize using teams Team settings Team keyboard shortcuts -A team is a digital :doc:`workspace ` where you and your teammates can collaborate in Mattermost. Depending on how Mattermost is :ref:`set up ` in your organization, you can belong to one team or multiple teams, and :ref:`access to the team ` can be open or restricted. +A team is a digital :doc:`workspace ` where you and your teammates can collaborate in Mattermost. Depending on how Mattermost is :ref:`set up ` in your organization, you can belong to one team or multiple teams, and :ref:`access to the team ` can be open or restricted. Users with the **Create Teams** permission can `create new teams <#create-a-team>`__ and :doc:`manage team settings ` for existing teams. System admins can grant the **Create Team** permission to roles via the :ref:`System scheme ` or the :ref:`Team override scheme `. diff --git a/source/end-user-guide/collaborate/react-with-emojis-gifs.rst b/source/end-user-guide/collaborate/react-with-emojis-gifs.rst index 16bc3fa529f..f1058f1cd9f 100644 --- a/source/end-user-guide/collaborate/react-with-emojis-gifs.rst +++ b/source/end-user-guide/collaborate/react-with-emojis-gifs.rst @@ -66,7 +66,7 @@ Select the **Skin tone** icon in the top right corner of the emoji picker to spe Upload custom emojis -------------------- -Using Mattermost in a web browser or the desktop app, you can upload new emojis that everyone in your Mattermost :doc:`workspace ` can access to react to messages, unless your system admin has :ref:`disabled your ability to do so `. +Using Mattermost in a web browser or the desktop app, you can upload new emojis that everyone in your Mattermost :doc:`workspace ` can access to react to messages, unless your system admin has :ref:`disabled your ability to do so `. 1. From the emoji picker, select **Custom Emoji**. diff --git a/source/end-user-guide/collaborate/rename-channels.rst b/source/end-user-guide/collaborate/rename-channels.rst index 81f4a4fc25f..1301420d39e 100644 --- a/source/end-user-guide/collaborate/rename-channels.rst +++ b/source/end-user-guide/collaborate/rename-channels.rst @@ -13,7 +13,7 @@ Anyone can rename the channels they belong to, unless the system admin has :doc: - **Channel name:** The channel name that displays in the Mattermost user interface for all users. Enter a different channel name if needed or preferred. - **Channel URL:** The web URL used to access the channel in a web browser. Select **Edit** to change the URL, and select **Done** to save your changes. - If your system admin has enabled :ref:`channel category sorting `, you can assign the renamed channel to a new or existing channel category. + If your system admin has enabled :ref:`channel category sorting `, you can assign the renamed channel to a new or existing channel category. For example, a channel could be named ``UX Design`` and have a URL of ``https://community.mattermost.com/core/channels/ux-design``. diff --git a/source/end-user-guide/collaborate/search-for-messages.rst b/source/end-user-guide/collaborate/search-for-messages.rst index dfbc21678c4..692d02584e3 100644 --- a/source/end-user-guide/collaborate/search-for-messages.rst +++ b/source/end-user-guide/collaborate/search-for-messages.rst @@ -91,9 +91,9 @@ File contents that match on file name, or contain matching text content within s System admins can extend file content search support for self-hosted deployments to include: - - :ref:`files shared before upgrading to Mattermost Server v5.35 `. - - :ref:`DOC and RTF file formats `. - - :ref:`documents within ZIP files `. + - :ref:`files shared before upgrading to Mattermost Server v5.35 `. + - :ref:`DOC and RTF file formats `. + - :ref:`documents within ZIP files `. Filter results by file type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/collaborate/send-messages.rst b/source/end-user-guide/collaborate/send-messages.rst index 7a51f3683e5..b881581712e 100644 --- a/source/end-user-guide/collaborate/send-messages.rst +++ b/source/end-user-guide/collaborate/send-messages.rst @@ -36,7 +36,7 @@ Mattermost may notify you when a recipient's availability is set to :ref:`Do Not Draft messages -------------- -From Mattermost v7.7, when composing new messages, it's easy to return to a message in progress later, unless your system admin has :ref:`disabled global drafts ` in the System Console. +From Mattermost v7.7, when composing new messages, it's easy to return to a message in progress later, unless your system admin has :ref:`disabled global drafts ` in the System Console. By default, message drafts are synchronized on the Mattermost server and are accessible everywhere you access Mattermost, including a web browser or the desktop app. Limit drafts to your current Mattermost client only by going to **Settings > Advanced > Allow message drafts to sync with the server** to disable draft synchronization. diff --git a/source/end-user-guide/collaborate/share-files-in-messages.rst b/source/end-user-guide/collaborate/share-files-in-messages.rst index 97189b5cacc..7aad971f0e1 100644 --- a/source/end-user-guide/collaborate/share-files-in-messages.rst +++ b/source/end-user-guide/collaborate/share-files-in-messages.rst @@ -79,9 +79,9 @@ With file attachments, you can share additional information that helps your team Attachment limits and sizes --------------------------- -Up to 10 files can be attached per post. The default maximum file size is 100 MB, but this can be changed by the system admin. See our :ref:`Configuration Settings ` product documentation for details. +Up to 10 files can be attached per post. The default maximum file size is 100 MB, but this can be changed by the system admin. See our :ref:`Configuration Settings ` product documentation for details. -Image files can be a maximum size of 7680 pixels x 4320 pixels, with a maximum image resolution of 33 MP (mega pixels) or 8K resolution, and a maximum raw image file size of approximately 253 MB. System admins can customize the maximum image resolution size within the ``config.json`` file. See our :ref:`Configuration Settings ` product documentation for details. +Image files can be a maximum size of 7680 pixels x 4320 pixels, with a maximum image resolution of 33 MP (mega pixels) or 8K resolution, and a maximum raw image file size of approximately 253 MB. System admins can customize the maximum image resolution size within the ``config.json`` file. See our :ref:`Configuration Settings ` product documentation for details. Preview file attachments ------------------------ diff --git a/source/end-user-guide/collaborate/share-links.rst b/source/end-user-guide/collaborate/share-links.rst index bd9c8f6d160..f6a3f03267f 100644 --- a/source/end-user-guide/collaborate/share-links.rst +++ b/source/end-user-guide/collaborate/share-links.rst @@ -49,7 +49,7 @@ Share message links .. note:: - Message previews respect channel membership permissions, so they’re only visible to users who have access to the original message. If the link is to a message in a public channel, any member of the team can see the message preview. If the link is to a message in a private channel or direct message, only members in that channel can see the message preview. - - If you're unable to share links, contact your Mattermost system admin for assistance. An :doc:`SSL certificate (or a self-signed certificate) ` may be required for this functionality to work. + - If you're unable to share links, contact your Mattermost system admin for assistance. An :doc:`SSL certificate (or a self-signed certificate) ` may be required for this functionality to work. Deep links ----------- diff --git a/source/end-user-guide/collaborate/team-settings.rst b/source/end-user-guide/collaborate/team-settings.rst index 94606877a4c..27411439dcc 100644 --- a/source/end-user-guide/collaborate/team-settings.rst +++ b/source/end-user-guide/collaborate/team-settings.rst @@ -72,7 +72,7 @@ When enabled, only users that have an email domain from the approved domain list .. important:: - Mattermost deployments using :ref:`email authentication ` must also enable the :ref:`require email verification configuration setting ` for domain restrictions to be effective. + Mattermost deployments using :ref:`email authentication ` must also enable the :ref:`require email verification configuration setting ` for domain restrictions to be effective. Users on this server ~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/collaborate/view-system-information.rst b/source/end-user-guide/collaborate/view-system-information.rst index 5857a9dc882..ea9e16fdbc9 100644 --- a/source/end-user-guide/collaborate/view-system-information.rst +++ b/source/end-user-guide/collaborate/view-system-information.rst @@ -25,4 +25,4 @@ The About dialog displays key information about your Mattermost instance, includ - **Database Schema Version**: The version of the database schema in use - **License**: Information about your Mattermost license (if applicable) - **Build Information**: Details about the server build -- **Load Metric**: Monthly active users relative to licensed users (:ref:`learn more `) \ No newline at end of file +- **Load Metric**: Monthly active users relative to licensed users (:ref:`learn more `) \ No newline at end of file diff --git a/source/end-user-guide/preferences/customize-your-channel-sidebar.rst b/source/end-user-guide/preferences/customize-your-channel-sidebar.rst index 802bf086bcd..44c218215d9 100644 --- a/source/end-user-guide/preferences/customize-your-channel-sidebar.rst +++ b/source/end-user-guide/preferences/customize-your-channel-sidebar.rst @@ -36,7 +36,7 @@ Create custom categories to group channels together for quicker and easier navig To create categories, select the **+** symbol at the top of the sidebar. Or, select the **More options** |more-icon| icon in the sidebar on any category header, then select **Create New Category**. .. note:: - If your system admin has enabled :ref:`channel category sorting `, you can assign channels to new or existing channel categories when :doc:`creating channels ` and :doc:`renaming channels `. + If your system admin has enabled :ref:`channel category sorting `, you can assign channels to new or existing channel categories when :doc:`creating channels ` and :doc:`renaming channels `. Next, type a category name, select **Create**, then drag any channels or direct messages into this new category. You can also multi-select channels and direct messages to drag them together as a group by pressing :kbd:`Ctrl` or :kbd:`Shift` and selecting on Windows or Linux, or :kbd:`⌘` or :kbd:`⇧` and selecting on Mac. See the section `drag and drop selections <#drag-and-drop-selections>`__ below for details. diff --git a/source/end-user-guide/preferences/manage-advanced-options.rst b/source/end-user-guide/preferences/manage-advanced-options.rst index ee10f9398ac..b3096f725f9 100644 --- a/source/end-user-guide/preferences/manage-advanced-options.rst +++ b/source/end-user-guide/preferences/manage-advanced-options.rst @@ -56,7 +56,7 @@ By default, Mattermost shows you system messages when users join or leave channe Deactivate account ------------------ -You can deactivate your account if you access Mattermost using an email address and password, and when your system admin has :ref:`enabled your ability to do so `. Deactivating your account removes your ability to access Mattermost, and disables all email and mobile notifications. +You can deactivate your account if you access Mattermost using an email address and password, and when your system admin has :ref:`enabled your ability to do so `. Deactivating your account removes your ability to access Mattermost, and disables all email and mobile notifications. .. important:: @@ -74,7 +74,7 @@ You can deactivate your account if you access Mattermost using an email address Delete account -------------- -From Mattermost v10.11, you can permanently delete your account if you access Mattermost using an email address and password, and when your system admin has :ref:`enabled your ability to do so `. Deleting your account permanently removes your user account and profile information from Mattermost. This action cannot be undone. +From Mattermost v10.11, you can permanently delete your account if you access Mattermost using an email address and password, and when your system admin has :ref:`enabled your ability to do so `. Deleting your account permanently removes your user account and profile information from Mattermost. This action cannot be undone. .. important:: @@ -94,7 +94,7 @@ From Mattermost v10.11, you can permanently delete your account if you access Ma Performance debugging --------------------- -You can disable key Mattermost features temporarily to help isolate issues while debugging Mattermost, if your system admin :ref:`enables your ability to do so `. We don't recommend leaving these settings enabled for an extended period of time as they can negatively impact your user experience. +You can disable key Mattermost features temporarily to help isolate issues while debugging Mattermost, if your system admin :ref:`enables your ability to do so `. We don't recommend leaving these settings enabled for an extended period of time as they can negatively impact your user experience. .. tab:: Web/Desktop diff --git a/source/end-user-guide/preferences/manage-your-desktop-notifications.rst b/source/end-user-guide/preferences/manage-your-desktop-notifications.rst index bbd1bec3e18..240ef937d6d 100644 --- a/source/end-user-guide/preferences/manage-your-desktop-notifications.rst +++ b/source/end-user-guide/preferences/manage-your-desktop-notifications.rst @@ -66,7 +66,7 @@ You can change or disable notification sounds by going to **Desktop notification Incoming Call notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Want to hear a sound when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, you can choose the sound that plays when a call is started within a direct or group message by going to **Desktop notification sounds > Incoming call sound**. +Want to hear a sound when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, you can choose the sound that plays when a call is started within a direct or group message by going to **Desktop notification sounds > Incoming call sound**. Disable all desktop notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/preferences/manage-your-display-options.rst b/source/end-user-guide/preferences/manage-your-display-options.rst index f8be96db59f..5d4d6bc5bc4 100644 --- a/source/end-user-guide/preferences/manage-your-display-options.rst +++ b/source/end-user-guide/preferences/manage-your-display-options.rst @@ -33,7 +33,7 @@ Threaded discussions Threaded discussions offers an enhanced experience for users communicating in threads and replying to messages. Threaded discussions are generally available in Mattermost Cloud and from self-hosted Mattermost v7.0, and are enabled by default for all new Mattermost deployments. -Depending on how your system admin has :ref:`configured threaded discussions ` for your :doc:`workspace `, it may already be enabled for you, or you may be able to enable this feature for your account. See our :doc:`organize conversations using threaded discussions ` documentation to learn more about working with threaded discussions. +Depending on how your system admin has :ref:`configured threaded discussions ` for your :doc:`workspace `, it may already be enabled for you, or you may be able to enable this feature for your account. See our :doc:`organize conversations using threaded discussions ` documentation to learn more about working with threaded discussions. .. tab:: Web/Desktop @@ -59,7 +59,7 @@ You can customize how time is displayed in Mattermost. Teammate name display --------------------- -You can customize how names are displayed in Mattermost unless your system admin has :ref:`disabled your ability to do so `. +You can customize how names are displayed in Mattermost unless your system admin has :ref:`disabled your ability to do so `. .. tab:: Web/Desktop @@ -85,7 +85,7 @@ You can show or hide :ref:`availability `. +By default, Mattermost shows when you were last online in your profile and in direct message channel headers, unless your system admin has :ref:`disabled this option `. .. tab:: Web/Desktop @@ -117,7 +117,7 @@ You can control whether website link previews in Mattermost show a preview of th .. note:: - Your system admin must :ref:`enable this feature `. It's disabled by default. Once enabled, only the first web link in a message creates a preview of the website. + Your system admin must :ref:`enable this feature `. It's disabled by default. Once enabled, only the first web link in a message creates a preview of the website. .. tab:: Web/Desktop diff --git a/source/end-user-guide/preferences/manage-your-mobile-notifications.rst b/source/end-user-guide/preferences/manage-your-mobile-notifications.rst index c3c22eccd2b..318ea6687ba 100644 --- a/source/end-user-guide/preferences/manage-your-mobile-notifications.rst +++ b/source/end-user-guide/preferences/manage-your-mobile-notifications.rst @@ -66,7 +66,7 @@ You can manage your mobile notifications in both the desktop app and the mobile Incoming Call notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Want to hear a sound on your mobile device when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, select **Call Notifications** to choose the sound that plays when a call is started within a direct or group message you're participating in. +Want to hear a sound on your mobile device when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, select **Call Notifications** to choose the sound that plays when a call is started within a direct or group message you're participating in. .. tip:: diff --git a/source/end-user-guide/preferences/manage-your-notifications.rst b/source/end-user-guide/preferences/manage-your-notifications.rst index d699d139e67..2101f5580a1 100644 --- a/source/end-user-guide/preferences/manage-your-notifications.rst +++ b/source/end-user-guide/preferences/manage-your-notifications.rst @@ -82,11 +82,11 @@ The table below lists the types of notifications you can expect to see and hear Email notifications ~~~~~~~~~~~~~~~~~~~~ -When your admin :ref:`enables email notifications `, Mattermost notifications are sent to you via email for :doc:`@mentions ` and :ref:`direct messages ` as soon as you're away from Mattermost for 5 minutes. +When your admin :ref:`enables email notifications `, Mattermost notifications are sent to you via email for :doc:`@mentions ` and :ref:`direct messages ` as soon as you're away from Mattermost for 5 minutes. You can also opt in to be notified by email about thread replies you're following. -Additionally, if your admin :ref:`enables email batching `, email-based notifications are batched, and you can customize how frequenly you receive batched notifications by going to **Settings > Notifications > Email notifications**. The default frequency is 15 minutes. Choosing every 15 minutes or every hour will reduce the number of emails you receive. +Additionally, if your admin :ref:`enables email batching `, email-based notifications are batched, and you can customize how frequenly you receive batched notifications by going to **Settings > Notifications > Email notifications**. The default frequency is 15 minutes. Choosing every 15 minutes or every hour will reduce the number of emails you receive. Disable email notifications by going to **Settings > Notifications > Email notifications** and changing **On** to **Off**. diff --git a/source/end-user-guide/preferences/manage-your-profile.rst b/source/end-user-guide/preferences/manage-your-profile.rst index 38d65fc239d..97ad0a9a5f6 100644 --- a/source/end-user-guide/preferences/manage-your-profile.rst +++ b/source/end-user-guide/preferences/manage-your-profile.rst @@ -6,7 +6,7 @@ Manage your Mattermost profile Select your profile picture and select **Profile** to manage the details of your Mattermost profile, including your name, username, nickname, email, and profile picture. -Your Mattermost system admin may :doc:`define custom user profile fields ` that you can personalize. Additionally, some of your profile information may be pulled from another source, which means you won't be able to modify it in Mattermost. Contact your Mattermost system admin for assistance. +Your Mattermost system admin may :doc:`define custom user profile fields ` that you can personalize. Additionally, some of your profile information may be pulled from another source, which means you won't be able to modify it in Mattermost. Contact your Mattermost system admin for assistance. +---------------------+----------------------------------------------------------------------------------------------------------------+ | **Profile setting** | **Description** | diff --git a/source/end-user-guide/preferences/manage-your-security-preferences.rst b/source/end-user-guide/preferences/manage-your-security-preferences.rst index 77b47487776..cacccc5a631 100644 --- a/source/end-user-guide/preferences/manage-your-security-preferences.rst +++ b/source/end-user-guide/preferences/manage-your-security-preferences.rst @@ -18,7 +18,7 @@ Select your profile picture, select **Profile**, and then select **Security** to | | your SSO service account. | +----------------------+------------------------------------------------------------------------------------------------------------+ | Multi-factor | If your system admin has enabled :ref:`multi-factor authentication | -| authentication (MFA) | ` | +| authentication (MFA) | ` | | | (MFA), you can require a passcode in addition to your password to log-in to your Mattermost account. | | | | | | You'll need to download a MFA passcode generation app, such as Google Authenticator or a similar app, | diff --git a/source/end-user-guide/preferences/manage-your-sidebar-options.rst b/source/end-user-guide/preferences/manage-your-sidebar-options.rst index 9fcbc09f35e..d7fc7927b2d 100644 --- a/source/end-user-guide/preferences/manage-your-sidebar-options.rst +++ b/source/end-user-guide/preferences/manage-your-sidebar-options.rst @@ -17,7 +17,7 @@ Your channel sidebar includes :doc:`enhanced sidebar features `. +You can control whether unread channels are grouped together separately in the channel sidebar, unless your system admin has :ref:`disabled your ability to do so `. Select **Sidebar Settings > Group unread channels separately > Edit** to group unread channels at the top of the channel sidebar in an **Unreads** category. diff --git a/source/end-user-guide/preferences/manage-your-thread-reply-notifications.rst b/source/end-user-guide/preferences/manage-your-thread-reply-notifications.rst index ba2d7d86596..cc9dbac416b 100644 --- a/source/end-user-guide/preferences/manage-your-thread-reply-notifications.rst +++ b/source/end-user-guide/preferences/manage-your-thread-reply-notifications.rst @@ -35,7 +35,7 @@ If your organization doesn't use threaded discussions, or you have :ref:`opted o Send automatic replies to direct messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Want to automatically reply to direct messages when you're out of office? When your system admin :ref:`enables the ability for you to do so `, you can configure Mattermost to send custom replies to direct messages by going to **Settings > Notifications > Automatic Direct Message Replies**, selecting **Enable**, and composing your automatic reply message. +Want to automatically reply to direct messages when you're out of office? When your system admin :ref:`enables the ability for you to do so `, you can configure Mattermost to send custom replies to direct messages by going to **Settings > Notifications > Automatic Direct Message Replies**, selecting **Enable**, and composing your automatic reply message. Frequently asked questions -------------------------- diff --git a/source/end-user-guide/preferences/manage-your-web-notifications.rst b/source/end-user-guide/preferences/manage-your-web-notifications.rst index df68c12c6e2..ce8f795757b 100644 --- a/source/end-user-guide/preferences/manage-your-web-notifications.rst +++ b/source/end-user-guide/preferences/manage-your-web-notifications.rst @@ -62,7 +62,7 @@ You can change or disable notification sounds by going to **Desktop notification Incoming Call notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Want to hear a sound when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, you can choose the sound that plays when a call is started within a direct or group message by going to **Desktop notification sounds > Incoming call sound**. +Want to hear a sound when a Mattermost call starts? If your Mattermost admin :ref:`enables this Beta feature `, you can choose the sound that plays when a call is started within a direct or group message by going to **Desktop notification sounds > Incoming call sound**. Disable all web notifications ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/end-user-guide/preferences/set-your-status-availability.rst b/source/end-user-guide/preferences/set-your-status-availability.rst index 21480e497a2..6766e1700d4 100644 --- a/source/end-user-guide/preferences/set-your-status-availability.rst +++ b/source/end-user-guide/preferences/set-your-status-availability.rst @@ -55,7 +55,7 @@ To set your availability, select your profile picture, then specify your availab | | | | | - Set automatically for you when you've been inactive for more than 5 minutes. System admins can change this | | | value using an experimental configuation setting called | -| | :ref:`user status away timeout `. | +| | :ref:`user status away timeout `. | | | | | | - You're inactive in Mattermost when you're not: typing in or navigating between channels, switching to | | | another browser tab, or when you've minimized or moved the browser window to the background. | diff --git a/source/end-user-guide/preferences/troubleshoot-notifications.rst b/source/end-user-guide/preferences/troubleshoot-notifications.rst index eebbf35e069..3bb02434c8d 100644 --- a/source/end-user-guide/preferences/troubleshoot-notifications.rst +++ b/source/end-user-guide/preferences/troubleshoot-notifications.rst @@ -207,6 +207,6 @@ TPNS, hosted at `https://push-test.mattermost.com `_, which enables you to use a production-level Hosted Push Notification Service (HPNS) at ``https://push.mattermost.com``. -Learn more about :ref:`our push notification service `. +Learn more about :ref:`our push notification service `. `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. \ No newline at end of file diff --git a/source/end-user-guide/project-task-management.rst b/source/end-user-guide/project-task-management.rst index e0ee5f92863..1480e628c22 100644 --- a/source/end-user-guide/project-task-management.rst +++ b/source/end-user-guide/project-task-management.rst @@ -31,7 +31,7 @@ With Boards you can: Install Boards --------------- -Your system admin may need to install and enable Mattermost Boards before you can use it. See the :doc:`install Mattermost Boards ` documentation to learn how to install and configure the Boards plugin for your Mattermost instance. +Your system admin may need to install and enable Mattermost Boards before you can use it. See the :doc:`install Mattermost Boards ` documentation to learn how to install and configure the Boards plugin for your Mattermost instance. What's a board? --------------- diff --git a/source/end-user-guide/workflow-automation/metrics-and-goals.rst b/source/end-user-guide/workflow-automation/metrics-and-goals.rst index 4cc527a38f8..1132cb2fb5b 100644 --- a/source/end-user-guide/workflow-automation/metrics-and-goals.rst +++ b/source/end-user-guide/workflow-automation/metrics-and-goals.rst @@ -57,4 +57,4 @@ Export channel data .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -See the :doc:`export channel data ` documentation for details on working with channel export functionality. \ No newline at end of file +See the :doc:`export channel data ` documentation for details on working with channel export functionality. \ No newline at end of file diff --git a/source/end-user-guide/workflow-automation/share-and-collaborate.rst b/source/end-user-guide/workflow-automation/share-and-collaborate.rst index e9b60d9d9e0..a73c6b7abed 100644 --- a/source/end-user-guide/workflow-automation/share-and-collaborate.rst +++ b/source/end-user-guide/workflow-automation/share-and-collaborate.rst @@ -105,4 +105,4 @@ Export channel data .. include:: ../../_static/badges/ent-only.rst :start-after: :nosearch: -See the :doc:`export channel data ` documentation for details on working with channel export functionality. \ No newline at end of file +See the :doc:`export channel data ` documentation for details on working with channel export functionality. \ No newline at end of file diff --git a/source/end-user-guide/workflow-automation/work-with-runs.rst b/source/end-user-guide/workflow-automation/work-with-runs.rst index e7ac71f1609..35c312fa935 100644 --- a/source/end-user-guide/workflow-automation/work-with-runs.rst +++ b/source/end-user-guide/workflow-automation/work-with-runs.rst @@ -37,8 +37,8 @@ If you decide to run a playbook in a new channel, you can do this when you start .. tip:: - When deciding whether to reuse a channel for multiple runs, or create new channels for each playbook run, multiple runs in a single channel can help avoid too many channels being created, which can lead to channel overload. - - Playbook run channels aren't automatically archived when runs are marked as complete; however, you can :ref:`archive channels ` you no longer need, and system admins can :ref:`allow user access to archived channels ` if needed. See the :ref:`multiple runs in a channel ` documentation for additional considerations. - - In contrast, using a dedicated channel for each playbook run can be helpful particularly in cases where strict :doc:`compliance ` and :doc:`channel data export ` is required. + - Playbook run channels aren't automatically archived when runs are marked as complete; however, you can :ref:`archive channels ` you no longer need, and system admins can :ref:`allow user access to archived channels ` if needed. See the :ref:`multiple runs in a channel ` documentation for additional considerations. + - In contrast, using a dedicated channel for each playbook run can be helpful particularly in cases where strict :doc:`compliance ` and :doc:`channel data export ` is required. Send outgoing webhooks ---------------------- diff --git a/source/integrations-guide/github.rst b/source/integrations-guide/github.rst index 83ef6cda2d6..dc76b3a960f 100644 --- a/source/integrations-guide/github.rst +++ b/source/integrations-guide/github.rst @@ -74,8 +74,8 @@ A Mattermost system admin must perform the following steps in Mattermost. 1. Confirm whether your Mattermost deployment has a ``github`` user account. If it exists, that account posts GitHub messages in channels by default, and the messages won't include a BOT tag. You can change this account behavior to include a BOT tag by using one of the following methods: - - Convert the user account to a bot using :ref:`mmctl user convert `. - - Change the existing ``github`` username to something else. A new bot account called ``github`` is created the Mattermost server is restarted when the :ref:`enable bot account creation ` configuration setting is enabled. + - Convert the user account to a bot using :ref:`mmctl user convert `. + - Change the existing ``github`` username to something else. A new bot account called ``github`` is created the Mattermost server is restarted when the :ref:`enable bot account creation ` configuration setting is enabled. 2. Install the GitHub integration from the in-product App Marketplace: diff --git a/source/integrations-guide/incoming-webhooks.rst b/source/integrations-guide/incoming-webhooks.rst index 4c95d3b9ccd..3bed970c4e6 100644 --- a/source/integrations-guide/incoming-webhooks.rst +++ b/source/integrations-guide/incoming-webhooks.rst @@ -94,13 +94,13 @@ The JSON payload can contain the following parameters: - Overrides the default channel. Use the channel's name (e.g., ``town-square``), not the display name. Use ``@`` to send a Direct Message. The webhook can post to any public channel, and any private channel the creator is a member of. * - ``username`` - No - - Overrides the default username. The :ref:`Enable integrations to override usernames ` setting must be enabled. + - Overrides the default username. The :ref:`Enable integrations to override usernames ` setting must be enabled. * - ``icon_url`` - No - - Overrides the default profile picture URL. The :ref:`Enable integrations to override profile picture icons ` setting must be enabled. + - Overrides the default profile picture URL. The :ref:`Enable integrations to override profile picture icons ` setting must be enabled. * - ``icon_emoji`` - No - - Overrides the ``icon_url`` with an emoji. Use the emoji name (e.g., ``:tada:``). The :ref:`Enable integrations to override profile picture icons ` setting must be enabled. + - Overrides the ``icon_url`` with an emoji. Use the emoji name (e.g., ``:tada:``). The :ref:`Enable integrations to override profile picture icons ` setting must be enabled. * - ``attachments`` - Yes (if ``text`` is not set) - An array of `message attachment `_ objects for richer formatting. diff --git a/source/integrations-guide/jira.rst b/source/integrations-guide/jira.rst index ef3b4c77f5d..f3469726af2 100644 --- a/source/integrations-guide/jira.rst +++ b/source/integrations-guide/jira.rst @@ -225,7 +225,7 @@ Why isn't the Jira integration posting messages to Mattermost? Try the following troubleshooting steps: -1. Confirm that your :ref:`Mattermost Site URL ` is configured, and that the webhook created in Jira is pointing to this URL. To ensure the URL is correct, run the ``/jira webhook`` slash command, then copy the output and paste it into Jira's webhook setup page. +1. Confirm that your :ref:`Mattermost Site URL ` is configured, and that the webhook created in Jira is pointing to this URL. To ensure the URL is correct, run the ``/jira webhook`` slash command, then copy the output and paste it into Jira's webhook setup page. 2. If you specified a JQL query in your Jira webhook setup, paste the JQL to Jira issue search and make sure it returns results. If it doesn't, the query may be incorrect. Refer to the `Atlassian documentation `__ for help. A JQL query isn't required when setting up the webhook. @@ -263,7 +263,7 @@ Users will need to temporarily enable third-party cookies in their browser durin What does the error message ``'/(name)' not found`` mean? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -If you see the error ``'/(name)' not found`` in Mattermost, disable the Jira integration, check the log file looking for messages that refer to plugins and health check fail, such as ``ExecuteCommand``, etc. And consider :ref:`enabling debug logging ` to log more verbose error events in the Mattermost system log. Then try re-enabling Jira interoperability and review the log file for clues. +If you see the error ``'/(name)' not found`` in Mattermost, disable the Jira integration, check the log file looking for messages that refer to plugins and health check fail, such as ``ExecuteCommand``, etc. And consider :ref:`enabling debug logging ` to log more verbose error events in the Mattermost system log. Then try re-enabling Jira interoperability and review the log file for clues. Debug logging can cause log files to expand substantially, and may adversely impact the server performance. Keep an eye on your server logs, or only enable it temporarily or in development environments, and not production enviornments. diff --git a/source/integrations-guide/mattermost-mission-collaboration-for-m365.rst b/source/integrations-guide/mattermost-mission-collaboration-for-m365.rst index 30ffaf85279..7023044da5a 100644 --- a/source/integrations-guide/mattermost-mission-collaboration-for-m365.rst +++ b/source/integrations-guide/mattermost-mission-collaboration-for-m365.rst @@ -6,7 +6,7 @@ Connect Microsoft 365, Teams, and Outlook with Mattermost Mattermost Mission Collaboration for Microsoft extends Microsoft for mission-critical coordination, command and control, incident response, and DevSecOps workflows in demanding environments, including air-gapped and classified networks by embedding Mattermost inside Teams. Use data-sovereign tools like secure chat, Playbooks, and Calls directly within M365, Teams, and Outlook. -This app is designed to work with Microsoft 365, Teams, and Outlook and is currently in :ref:`Beta `. From Mattermost v10.9, this integration supports third-party Single Sign-On (SSO). See the :doc:`user provisioning ` product documentation for details on setting up SSO. +This app is designed to work with Microsoft 365, Teams, and Outlook and is currently in :ref:`Beta `. From Mattermost v10.9, this integration supports third-party Single Sign-On (SSO). See the :doc:`user provisioning ` product documentation for details on setting up SSO. Deploy ------- diff --git a/source/integrations-guide/microsoft-calendar.rst b/source/integrations-guide/microsoft-calendar.rst index f0db78731d7..253c822e8a0 100644 --- a/source/integrations-guide/microsoft-calendar.rst +++ b/source/integrations-guide/microsoft-calendar.rst @@ -101,7 +101,7 @@ Enable and configure the Microsoft Calendar Integration in Mattermost 4. In Mattermost, enter the following values in the fields provided. Select **Save** to apply the configuration: - - **Admin User IDs** - A comma-separated list of :ref:`user IDs ` for authorized users who can manage this integration. + - **Admin User IDs** - A comma-separated list of :ref:`user IDs ` for authorized users who can manage this integration. - **Copy plugin logs to admins, as bot messages** - Select the log level for logs. - **Display full context for each admin log message** - Show or hide full context for all log entries. - **Azure - Directory (tenant) ID** - Paste the **Directory (tenant) ID** from the Azure portal. diff --git a/source/integrations-guide/microsoft-teams-sync.rst b/source/integrations-guide/microsoft-teams-sync.rst index 0ef1ed5be53..da9e1ad75e3 100644 --- a/source/integrations-guide/microsoft-teams-sync.rst +++ b/source/integrations-guide/microsoft-teams-sync.rst @@ -100,7 +100,7 @@ Install and configure the Microsoft Teams integration in Mattermost 4. Once installed, select **Configure**. You're taken to the System Console. 5. Configure the **Tenant ID**, **Client ID**, and **Client Secret** with the values obtained from setting up the OAuth App in Azure above. -See the :ref:`Microsoft Teams plugin configuration settings ` documentation for additional configuration options. +See the :ref:`Microsoft Teams plugin configuration settings ` documentation for additional configuration options. .. note:: @@ -110,7 +110,7 @@ See the :ref:`Microsoft Teams plugin configuration settings ` and :doc:`performance alerting ` for this plugin using Prometheus and Grafana. +You can set up :doc:`performance monitoring ` and :doc:`performance alerting ` for this plugin using Prometheus and Grafana. - Monitoring enables you to proactively review the overall health of the plugin, including database calls, HTTP requests, and API latency. - Alerting enables you to detect and take action as issues come up, such as the integration being offline. diff --git a/source/integrations-guide/outgoing-webhooks.rst b/source/integrations-guide/outgoing-webhooks.rst index de5ff046c16..bc498d876ad 100644 --- a/source/integrations-guide/outgoing-webhooks.rst +++ b/source/integrations-guide/outgoing-webhooks.rst @@ -123,9 +123,9 @@ The JSON response can contain the following parameters: * - ``response_type`` - Set to ``comment`` to reply to the message that triggered the webhook. Defaults to ``post``, which creates a new message. * - ``username`` - - Overrides the default username. Requires :ref:`Enable integrations to override usernames ` to be enabled. + - Overrides the default username. Requires :ref:`Enable integrations to override usernames ` to be enabled. * - ``icon_url`` - - Overrides the default profile picture. Requires :ref:`Enable integrations to override profile picture icons ` to be enabled. + - Overrides the default profile picture. Requires :ref:`Enable integrations to override profile picture icons ` to be enabled. * - ``attachments`` - (Required if ``text`` is not set) An array of `message attachment `_ objects. * - ``type`` diff --git a/source/integrations-guide/popular-integrations.rst b/source/integrations-guide/popular-integrations.rst index 84bdcdfb233..18c96d8c977 100644 --- a/source/integrations-guide/popular-integrations.rst +++ b/source/integrations-guide/popular-integrations.rst @@ -11,9 +11,9 @@ Popular Pre-Built Integrations Jira ServiceNow Zoom - Mattermost Channel Export - Mattermost Metrics - Mattermost User Survey + Mattermost Channel Export + Mattermost Metrics + Mattermost User Survey Mattermost Embedded for M365, Teams, and Outlook Microsoft Calendar Microsoft Teams Sync @@ -27,25 +27,25 @@ Mattermost Integrations Designed for teams that need reliability, auditability, and ownership of their collaboration stack, the following Mattermost collaboration integrations keep your data all inside your secure Mattermost ecosystem. Reduce tool sprawl, strengthen security, improve compliance posture, all with a seamless user experience. -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| **Mattermost Integration** | **How to Get It** | **What It Does** | -+================================================================================================+===================================================================+============================================================================================================+ -| :doc:`Mattermost Agents ` | **System Console > Plugins > Plugin Management** | Runs small automated tasks inside Mattermost, like summarizing converations, or answering questions. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Boards ` | `Mattermost Marketplace `_ | Helps teams plan and track project tasks with cards and boards. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Calls ` | **System Console > Plugins > Plugin Management** | Lets people collaborate by voice or video inside Mattermost. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Channel Export ` | |product-list| > **App Marketplace** | Exports channel history and data for compliance purposes. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Legal Hold ` | `Mattermost Marketplace `_ | Keeps a copy of messages and files so they cannot be deleted for legal or compliance needs. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Metrics ` | |product-list| > **App Marketplace** | Shows numbers about system performance when people use Mattermost. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost Playbooks ` | **System Console > Plugins > Plugin Management** | Guides teams through repeatable steps for important work, like incident response. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ -| :doc:`Mattermost User Survey ` | |product-list| > **App Marketplace** | Collects feedback by asking questions directly in Mattermost channels. | -+------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| **Mattermost Integration** | **How to Get It** | **What It Does** | ++======================================================================================================================+===================================================================+============================================================================================================+ +| :doc:`Mattermost Agents ` | **System Console > Plugins > Plugin Management** | Runs small automated tasks inside Mattermost, like summarizing converations, or answering questions. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Boards ` | `Mattermost Marketplace `_ | Helps teams plan and track project tasks with cards and boards. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Calls ` | **System Console > Plugins > Plugin Management** | Lets people collaborate by voice or video inside Mattermost. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Channel Export ` | |product-list| > **App Marketplace** | Exports channel history and data for compliance purposes. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Legal Hold ` | `Mattermost Marketplace `_ | Keeps a copy of messages and files so they cannot be deleted for legal or compliance needs. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Metrics ` | |product-list| > **App Marketplace** | Shows numbers about system performance when people use Mattermost. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost Playbooks ` | **System Console > Plugins > Plugin Management** | Guides teams through repeatable steps for important work, like incident response. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ +| :doc:`Mattermost User Survey ` | |product-list| > **App Marketplace** | Collects feedback by asking questions directly in Mattermost channels. | ++----------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------+ Microsoft Integrations diff --git a/source/product-overview/certifications-and-compliance.rst b/source/product-overview/certifications-and-compliance.rst index 34ddd141227..745c243d429 100644 --- a/source/product-overview/certifications-and-compliance.rst +++ b/source/product-overview/certifications-and-compliance.rst @@ -54,15 +54,15 @@ Mattermost supports features that ensure data management and data portability. Data management ^^^^^^^^^^^^^^^^ -- **Data Retention:** Use :doc:`data retention ` to automatically erase data after a set period of time, a feature that meets the Right to Erasure principle. In Team Edition, you can use database scripts to achieve the same result. -- **Profile Deletion:** Delete a user’s personal information via :ref:`mmctl user delete `. This permanently deletes all user information including messages created by the user. +- **Data Retention:** Use :doc:`data retention ` to automatically erase data after a set period of time, a feature that meets the Right to Erasure principle. In Team Edition, you can use database scripts to achieve the same result. +- **Profile Deletion:** Delete a user’s personal information via :ref:`mmctl user delete `. This permanently deletes all user information including messages created by the user. - **Self-Hosted Push Notification Service:** Self-host your own push notification service, or deploy mobile apps with any EMM provider that supports `AppConfig `_ to meet security and compliance policies. See :doc:`our Mobile App deployment documentation ` to learn more. Data portability ^^^^^^^^^^^^^^^^^ -- **Data Import:** Use the :doc:`bulk loading tool ` to migrate data from an existing messaging system, or for pre-populating a new installation with data. :ref:`Review this guide ` which summarizes the different approaches and meets the `Right to Data Portability `_ principle. -- **Data Export:** Use :doc:`compliance exports ` to export conversations from public, private and direct message channels in XML or EML format. Those in Team Edition can export conversations directly from the database, both in PostgreSQL and in MySQL. +- **Data Import:** Use the :doc:`bulk loading tool ` to migrate data from an existing messaging system, or for pre-populating a new installation with data. :ref:`Review this guide ` which summarizes the different approaches and meets the `Right to Data Portability `_ principle. +- **Data Export:** Use :doc:`compliance exports ` to export conversations from public, private and direct message channels in XML or EML format. Those in Team Edition can export conversations directly from the database, both in PostgreSQL and in MySQL. Accessibility compliance ------------------------- @@ -190,8 +190,8 @@ To be compliant with GDPR, do I need to remove message contents of email notific Based on our interpretation of GDPR, it is not required to hide message contents in email notifications to remain compliant for the following reasons: 1. Every user has the ability to disable email notifications in **Settings**. Therefore, every user has the ultimate control over whether or not they want information sent via email. This option aligns with most other products, but we will follow updates on interpretations of GDPR closely to see if we need to make changes in this area. -2. Mattermost offers :ref:`TLS encryption ` to protect communication between the Mattermost server and the SMTP email server. -3. If you're uncertain whether the first two points cover GDPR compliance, you can :ref:`disable notifications completely ` on your Mattermost server. To use Mattermost in production with no email notifications, you also need to :ref:`disable a "preview mode" notice banner `. +2. Mattermost offers :ref:`TLS encryption ` to protect communication between the Mattermost server and the SMTP email server. +3. If you're uncertain whether the first two points cover GDPR compliance, you can :ref:`disable notifications completely ` on your Mattermost server. To use Mattermost in production with no email notifications, you also need to :ref:`disable a "preview mode" notice banner `. What information is shared when I select **Contact us** on a Mattermost Admin Advisor notification? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -199,7 +199,7 @@ What information is shared when I select **Contact us** on a Mattermost Admin Ad Selecting **Contact us** in the Mattermost Admin Advisor will send some information to us. This may include the email address and name associated with your Mattermost account as well as the number of registered users on your system, the site URL, and a Mattermost diagnostic server ID number. This information is used to contact you as requested and to help us better understand your needs. .. note:: - :doc:`Mattermost Admin Advisor notices are disabled ` in v5.35 and later. + :doc:`Mattermost Admin Advisor notices are disabled ` in v5.35 and later. Are the server access logs containing IP addresses a GDPR compliance issue? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -231,7 +231,7 @@ Are you IPv6 compliant? Yes, the Mattermost platform is compliant with IPv6 when Audio & Screen Sharing is disabled, both for our :doc:`self-hosted and Cloud offerings `. -We plan to add IPv6 compliance for :doc:`Audio & Screen Sharing ` in future. +We plan to add IPv6 compliance for :doc:`Audio & Screen Sharing ` in future. Are you 508 compliant? ~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/product-overview/cloud-dedicated.rst b/source/product-overview/cloud-dedicated.rst index dee21f7b0ac..cc0ed700ab8 100644 --- a/source/product-overview/cloud-dedicated.rst +++ b/source/product-overview/cloud-dedicated.rst @@ -47,19 +47,19 @@ Mattermost maintains control over network and security policies, including `encr Authentication and authorization ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Mattermost offers advanced security and authentication options for integrating with corporate directories, including :doc:`Active Directory/LDAP `, :doc:`Okta `, :doc:`OneLogin `, :doc:`SAML `, :doc:`Google `, :doc:`EntraID `, and :doc:`OpenID `. +Mattermost offers advanced security and authentication options for integrating with corporate directories, including :doc:`Active Directory/LDAP `, :doc:`Okta `, :doc:`OneLogin `, :doc:`SAML `, :doc:`Google `, :doc:`EntraID `, and :doc:`OpenID `. Secure networking ~~~~~~~~~~~~~~~~~~ -Mattermost Cloud Dedicated supports :doc:`IP filtering ` through CIDR-based IP ranges, providing flexibility for system administrators to include various authorized IPs or IP ranges for seamless access control. Users attempting to access their :doc:`workspace ` from IPs outside defined ranges are restricted from entry. Cloud system admins can :ref:`configure IP filtering ` through their Mattermost System Console. +Mattermost Cloud Dedicated supports :doc:`IP filtering ` through CIDR-based IP ranges, providing flexibility for system administrators to include various authorized IPs or IP ranges for seamless access control. Users attempting to access their :doc:`workspace ` from IPs outside defined ranges are restricted from entry. Cloud system admins can :ref:`configure IP filtering ` through their Mattermost System Console. Encryption ~~~~~~~~~~~ Mattermost provides encryption-in-transit and encryption-at-rest capabilities. Mattermost supports :doc:`TLS encryption `, including AES-256 with 2048-bit RSA on all data transmissions, between Mattermost client applications and the Mattermost server. You may either set up TLS on the Mattermost Server or :doc:`install a proxy such as NGINX `, and set up TLS on the proxy. -Connections to :doc:`Active Directory/LDAP ` can :ref:`optionally be secured with TLS or stunnel `. +Connections to :doc:`Active Directory/LDAP ` can :ref:`optionally be secured with TLS or stunnel `. Connections to calls are secured with a combination of: @@ -70,7 +70,7 @@ Connections to calls are secured with a combination of: Cloud native exports ~~~~~~~~~~~~~~~~~~~~ -Mattermost supports optional :ref:`filestore configuration settings ` to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as admins who manage a given Mattermost deployment. The exports can also be accessed by generating unique download links as needed. +Mattermost supports optional :ref:`filestore configuration settings ` to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as admins who manage a given Mattermost deployment. The exports can also be accessed by generating unique download links as needed. The following diagram provides a high-level view of how this functionality works: @@ -85,7 +85,7 @@ Email sent from Mattermost Cloud Dedicated uses SendGrid, and the connection to Audit and observability ~~~~~~~~~~~~~~~~~~~~~~~ -Mattermost Cloud Dedicated provides access to :doc:`audit and system logs ` generated by the application. +Mattermost Cloud Dedicated provides access to :doc:`audit and system logs ` generated by the application. Customization ~~~~~~~~~~~~~~ @@ -98,4 +98,4 @@ The following Mattermost plugins are available for cloud-based deployments: Migrate from a self-hosted instance ------------------------------------ -See our :ref:`self-hosted to cloud migration ` documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance. +See our :ref:`self-hosted to cloud migration ` documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance. diff --git a/source/product-overview/cloud-shared.rst b/source/product-overview/cloud-shared.rst index 2871d3e0f7f..9f524f5b35c 100644 --- a/source/product-overview/cloud-shared.rst +++ b/source/product-overview/cloud-shared.rst @@ -47,19 +47,19 @@ Mattermost maintains control over network and security policies, including `encr Authentication and authorization ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Mattermost offers advanced security and authentication options for integrating with corporate directories, including :doc:`Active Directory/LDAP `, :doc:`Okta `, :doc:`OneLogin `, :doc:`SAML `, :doc:`Google `, :doc:`EntraID `, and :doc:`OpenID `. +Mattermost offers advanced security and authentication options for integrating with corporate directories, including :doc:`Active Directory/LDAP `, :doc:`Okta `, :doc:`OneLogin `, :doc:`SAML `, :doc:`Google `, :doc:`EntraID `, and :doc:`OpenID `. Secure networking ~~~~~~~~~~~~~~~~~~ -Enterprise customers with a Mattermost Cloud Shared deployment can :ref:`configure IP filtering ` through CIDR-based IP ranges, within the Mattermost System Console to specify authorized IPs or IP ranges for seamless access control. Users attempting to access their :doc:`workspace ` from IPs outside defined ranges are restricted from entry. +Enterprise customers with a Mattermost Cloud Shared deployment can :ref:`configure IP filtering ` through CIDR-based IP ranges, within the Mattermost System Console to specify authorized IPs or IP ranges for seamless access control. Users attempting to access their :doc:`workspace ` from IPs outside defined ranges are restricted from entry. Encryption ~~~~~~~~~~~ Mattermost provides encryption-in-transit and encryption-at-rest capabilities. Mattermost supports :doc:`TLS encryption `, including AES-256 with 2048-bit RSA on all data transmissions, between Mattermost client applications and the Mattermost server. You may either set up TLS on the Mattermost Server or :doc:`install a proxy such as NGINX `, and set up TLS on the proxy. -Connections to :doc:`Active Directory/LDAP ` can :ref:`optionally be secured with TLS or stunnel `. +Connections to :doc:`Active Directory/LDAP ` can :ref:`optionally be secured with TLS or stunnel `. Connections to calls are secured with a combination of: @@ -70,7 +70,7 @@ Connections to calls are secured with a combination of: Cloud native exports ~~~~~~~~~~~~~~~~~~~~ -Mattermost supports optional :ref:`filestore configuration settings ` to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as deployment admins who manage a given installation. The exports can also be accessed by generating unique download links as needed. +Mattermost supports optional :ref:`filestore configuration settings ` to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as deployment admins who manage a given installation. The exports can also be accessed by generating unique download links as needed. The following diagram provides a high-level view of how this functionality works: @@ -85,7 +85,7 @@ Email sent from Mattermost Cloud Dedicated uses SendGrid, and the connection to Audit and observability ~~~~~~~~~~~~~~~~~~~~~~~ -Mattermost Cloud Dedicated provides access to :doc:`audit and system logs ` generated by the application. +Mattermost Cloud Dedicated provides access to :doc:`audit and system logs ` generated by the application. Customization ~~~~~~~~~~~~~~ @@ -100,4 +100,4 @@ Custom plugins and integrations outside of Mattermost Marketplace aren’t curre Migrate from a self-hosted instance ------------------------------------ -See our :ref:`self-hosted to cloud migration ` documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance. \ No newline at end of file +See our :ref:`self-hosted to cloud migration ` documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance. \ No newline at end of file diff --git a/source/product-overview/cloud-supported-integrations.rst b/source/product-overview/cloud-supported-integrations.rst index 5bfa96caa97..23080167da4 100644 --- a/source/product-overview/cloud-supported-integrations.rst +++ b/source/product-overview/cloud-supported-integrations.rst @@ -8,5 +8,5 @@ - :doc:`GitLab ` - :doc:`Jira ` - :doc:`ServiceNow ` -- :doc:`User Survey ` +- :doc:`User Survey ` - :doc:`Zoom ` \ No newline at end of file diff --git a/source/product-overview/corporate-directory-integration.rst b/source/product-overview/corporate-directory-integration.rst index a2ba7a33c69..a5ed7718f90 100644 --- a/source/product-overview/corporate-directory-integration.rst +++ b/source/product-overview/corporate-directory-integration.rst @@ -18,7 +18,7 @@ Security features for authentication A core set of features is available with all authentication options to help increase security: -- Ability to :ref:`set session length ` to define how long a user can use Mattermost before needing to re-enter credentials. +- Ability to :ref:`set session length ` to define how long a user can use Mattermost before needing to re-enter credentials. - Ability for users to remotely sign out of devices. - Ability for IT admin to force sign out of a user from devices. - Ability to set rate limits on authentication API calls to deter password-guessing attacks. @@ -28,7 +28,7 @@ A core set of features is available with all authentication options to help incr AD/LDAP authentication ------------------------ -:doc:`AD/LDAP ` is the most popular corporate directory integration option for deploying Mattermost behind a corporate firewall. Features include: +:doc:`AD/LDAP ` is the most popular corporate directory integration option for deploying Mattermost behind a corporate firewall. Features include: - Account creation using AD/LDAP credentials. - AD/LDAP user filters to define which users get access to Mattermost in the form of a query. @@ -38,8 +38,8 @@ AD/LDAP authentication - Synchronization with AD/LDAP to disable, enable, and update Mattermost users based on AD/LDAP. .. note:: - - New user accounts are created when new users log in with their AD/LDAP credentials. You can optionally pre-create user accounts using the :doc:`bulk loading ` tool. - - If you're using email or username and password authentication :ref:`users can switch to AD/LDAP manually `, and the conversion to AD/LDAP can also be done using the :ref:`mmctl user migrate auth ` command by an IT admin. + - New user accounts are created when new users log in with their AD/LDAP credentials. You can optionally pre-create user accounts using the :doc:`bulk loading ` tool. + - If you're using email or username and password authentication :ref:`users can switch to AD/LDAP manually `, and the conversion to AD/LDAP can also be done using the :ref:`mmctl user migrate auth ` command by an IT admin. For very large AD/LDAP instances you can also configure max page size to divide a Mattermost AD/LDAP query into several pieces to not overtax the authentication server when synchronizing. @@ -48,13 +48,13 @@ Authentication options outside of a private network When deploying Mattermost to a DMZ location outside the security of a private network, additional authentication options include: -- :doc:`Okta integration via SAML ` -- :doc:`OneLogin integration via SAML ` -- :doc:`Active Directory Federation Services via SAML ` -- :doc:`SAML 2.0 authentication ` -- :doc:`Google Apps ` -- :doc:`Entra ID ` -- :doc:`OpenID Connect ` +- :doc:`Okta integration via SAML ` +- :doc:`OneLogin integration via SAML ` +- :doc:`Active Directory Federation Services via SAML ` +- :doc:`SAML 2.0 authentication ` +- :doc:`Google Apps ` +- :doc:`Entra ID ` +- :doc:`OpenID Connect ` Generic OAuth is not currently supported. diff --git a/source/product-overview/deprecated-features.rst b/source/product-overview/deprecated-features.rst index 333b266afea..e6c80fc7f88 100644 --- a/source/product-overview/deprecated-features.rst +++ b/source/product-overview/deprecated-features.rst @@ -132,7 +132,7 @@ Mattermost Server v8.0.0 - Removed ``ExperimentalSettings.PatchPluginsReactDOM``. If this setting was previously enabled, confirm that: - All Mattermost-supported plugins are updated to the latest versions. - - Any other plugins have been updated to support React 17. See the :doc:`Important Upgrade Notes ` for v7.7 for more information. + - Any other plugins have been updated to support React 17. See the :doc:`Important Upgrade Notes ` for v7.7 for more information. - Deprecated Insights for all new instances and for existing servers that upgrade to Mattermost v8.0. - Removed deprecated ``PermissionUseSlashCommands``. - Removed deprecated ``model.CommandArgs.Session``. @@ -142,24 +142,24 @@ Mattermost Server v8.0.0 Mattermost Server v6.0.0 ~~~~~~~~~~~~~~~~~~~~~~~~ -- :doc:`Legacy Command Line Tools `. Most commands have been replaced by :doc:`mmctl ` and new commands have been added over the last few months, making this tool a full and robust replacement. +- :doc:`Legacy Command Line Tools `. Most commands have been replaced by :doc:`mmctl ` and new commands have been added over the last few months, making this tool a full and robust replacement. - Slack Import via the web app. The Slack import tool accessible via the Team Setting menu is being replaced by the mmetl tool that is much more comprehensive for the types of data it can assist in uploading. - MySQL versions below 5.7.12. Minimum support will now be for 5.7.12. This version introduced a native JSON data type that lets us improve performance and scalability of several database fields (most notably Users and Posts props). Additionally, version 5.6 (our current minimum version) reached `EOL in February 2021 `_. - Elasticsearch 5 and 6. `Versions 5.x reached EOL in March of 2019, and versions 6.x reached EOL in November 2020 `_. Our minimal supported version with Mattermost v6.0 will be Elasticsearch version 7.0. - Windows 7 reached `EOL in January 2020 `_. We will no longer provide support for the desktop app issues on Windows 7. -- :ref:`DisableLegacyMFAEndpoint ` configuration setting. -- :ref:`Experimental Timezone ` configuration setting. +- :ref:`DisableLegacyMFAEndpoint ` configuration setting. +- :ref:`Experimental Timezone ` configuration setting. - All legacy channel sidebar experimental configuration settings. We encourage customers using these settings to upgrade to v5.32 or later to access custom, collapsible channel categories among many other channel organization features. The settings being deprecated include: - - :ref:`EnableLegacySidebar ` - - :ref:`ExperimentalTownSquareIsReadOnly ` - - :ref:`ExperimentalHideTownSquareinLHS ` -- :ref:`Enhanced compliance controls and granular audit logs with data export `. -- :doc:`Advanced collaboration with connected workspaces across Mattermost instances `. -- :doc:`High availability support with multi-node database deployment `. -- :doc:`Horizontal scaling through cluster-based deployment `. -- :doc:`Advanced performance monitoring `. -- :doc:`Server health checks `. +- :doc:`Channel export ` +- :ref:`Enhanced compliance controls and granular audit logs with data export `. +- :doc:`Advanced collaboration with connected workspaces across Mattermost instances `. +- :doc:`High availability support with multi-node database deployment `. +- :doc:`Horizontal scaling through cluster-based deployment `. +- :doc:`Advanced performance monitoring `. +- :doc:`Server health checks `. - `Eligibility for Premier Support add-on `__. - Contextual AI-based :ref:`summarization `, real-time :ref:`channel briefing `, and :ref:`composition ` -- Private, air-gapped & DDIL :doc:`AI operations ` +- Private, air-gapped & DDIL :doc:`AI operations ` - PQ&A with :doc:`access-controlled backend systems ` - 99.99% uptime SLA guarantee (Cloud only, via dedicated virtual secure Cloud add-on option). @@ -105,16 +105,16 @@ Mattermost Professional is the set of collaboration features that enables you to This offering includes all the features of `Mattermost Free <#mattermost-free>`__, plus: - :doc:`Guest access ` and :doc:`custom user groups `. -- :doc:`Active Directory/LDAP Single Sign-on and user synchronization `. -- Single Sign-on with :doc:`GitLab ` using the OpenID Connect standard, :doc:`Google `, :doc:`OpenID Connect `, :doc:`SAML ` or :doc:`Entra ID `. +- :doc:`Active Directory/LDAP Single Sign-on and user synchronization `. +- Single Sign-on with :doc:`GitLab ` using the OpenID Connect standard, :doc:`Google `, :doc:`OpenID Connect `, :doc:`SAML ` or :doc:`Entra ID `. - :ref:`MFA enforcement `. - :ref:`Advanced team permissions `. - :ref:`Read-only announcement channels `. -- :doc:`System-wide announcement banners `. +- :doc:`System-wide announcement banners `. - O365 integration with `Microsoft Teams Meetings `_ and `Jira multi-server `_. - `Next business day support via online ticketing system `_. - :ref:`Interactive AI bot support ` -- Flexible :doc:`bring-your-own-LLM integration ` +- Flexible :doc:`bring-your-own-LLM integration ` See a `complete list of Mattermost features `_. @@ -141,11 +141,11 @@ Features include: - Teams and channels for one-to-one and group messaging, file sharing, and unlimited search history with threaded messaging, emoji, and custom emoji. - Native apps for iOS, Android, Windows, macOS, and Linux. - Pre-packaged integrations with most common developer tools, including Jira, GitHub, GitLab, Zoom, and more. -- Tools for :doc:`custom branding ` and :doc:`themes `. -- :doc:`Multi-factor authentication `. -- Single Sign-on with :doc:`GitLab ` using the OAuth 2.0 standard. +- Tools for :doc:`custom branding ` and :doc:`themes `. +- :doc:`Multi-factor authentication `. +- Single Sign-on with :doc:`GitLab ` using the OAuth 2.0 standard. - :doc:`Granular system permissions `. -- Highly customizable `third-party bots, integrations `_, and :doc:`command line tools `. +- Highly customizable `third-party bots, integrations `_, and :doc:`command line tools `. - Extensive integration support via `webhooks, APIs, drivers `_, and `third-party extensions `_. - Multiple languages including English (Australian, US), Bulgarian, Chinese (Simplified and Traditional), Dutch, French, German, Hungarian, Italian, Japanese, Korean, Persian, Polish, Portuguese (Brazil), Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian, and Vietnamese. - `Community support `_. diff --git a/source/product-overview/faq-enterprise.rst b/source/product-overview/faq-enterprise.rst index a683bc2f627..da3179253e8 100644 --- a/source/product-overview/faq-enterprise.rst +++ b/source/product-overview/faq-enterprise.rst @@ -73,7 +73,7 @@ Growing your Mattermost installation from supporting a team to supporting an ent **Functional Scaling:** Scaling from a team to an enterprise is like going from a "virtual office" to a "virtual campus". Advanced features like enterprise authentication, granular permissions, compliance and auditing, and advanced reporting become increasingly important as organizations grow beyond teams. Organizations needing this flexibility can easily upgrade from Mattermost Team Edition to Mattermost Enterprise Edition as well as downgrade without data loss, should their needs change. -For more information on how Mattermost scales, technically, and functionally, talk to a `Mattermost Expert `_, and :doc:`read about scaling for Enterprise `. +For more information on how Mattermost scales, technically, and functionally, talk to a `Mattermost Expert `_, and :doc:`read about scaling for Enterprise `. What does it take to manage a Mattermost deployment? ---------------------------------------------------- diff --git a/source/product-overview/faq-federal-procurement.rst b/source/product-overview/faq-federal-procurement.rst index bef9e3bd6fa..9319339be35 100644 --- a/source/product-overview/faq-federal-procurement.rst +++ b/source/product-overview/faq-federal-procurement.rst @@ -39,7 +39,7 @@ Yes. Mattermost can be deployed on-premises, in private clouds, or air-gapped ne Is CAC/SAML/LDAP integration available? --------------------------------------- -Yes. Mattermost supports :ref:`SAML 2.0 ` (compatible with Okta, ADFS, OneLogin, Azure AD, PingFederate, etc.), CAC via SAML integration (configuration details may vary), and :doc:`AD/LDAP integration ` for centralized identity, user provisioning, and group sync in Enterprise editions. +Yes. Mattermost supports :ref:`SAML 2.0 ` (compatible with Okta, ADFS, OneLogin, Azure AD, PingFederate, etc.), CAC via SAML integration (configuration details may vary), and :doc:`AD/LDAP integration ` for centralized identity, user provisioning, and group sync in Enterprise editions. Can it be used securely on BYOD mobile? --------------------------------------- diff --git a/source/product-overview/faq-license.rst b/source/product-overview/faq-license.rst index 3cc3023045c..382885a0536 100644 --- a/source/product-overview/faq-license.rst +++ b/source/product-overview/faq-license.rst @@ -104,7 +104,7 @@ In contrast, Mattermost, as the copyright holder to the collection of the Matter How can I create an open source derivative work of Mattermost? -------------------------------------------------------------- -If you're looking to customize the look and feel of Mattermost, see the :doc:`customization ` documentation. For advanced customization, the system's user experience is available in different repositories for web, mobile apps, and desktop apps and custom experiences can be developed and integrated via the system APIs and custom plugins. +If you're looking to customize the look and feel of Mattermost, see the :doc:`customization ` documentation. For advanced customization, the system's user experience is available in different repositories for web, mobile apps, and desktop apps and custom experiences can be developed and integrated via the system APIs and custom plugins. If, instead of using Mattermost Team Edition or Mattermost Enterprise Edition, you choose to compile your own version of the system using the open source code from ``/mattermost``, there are a number of factors to consider: @@ -117,7 +117,7 @@ Rebranding ~~~~~~~~~~ - When you create a derivative version of Mattermost and share it with others as a product, you need to replace the Mattermost name and logo from the system, among other requirements, per the `Mattermost trademark policy `_. -- You can rebrand your system using :doc:`custom branding tools `. +- You can rebrand your system using :doc:`custom branding tools `. - For advanced whitelabelling, you can manually update files on the Mattermost server `per product documentation. `_ This can also be done without forking. Copyright and Licensing of ``/mattermost`` open source code @@ -128,7 +128,7 @@ Copyright and Licensing of ``/mattermost`` open source code Other considerations ~~~~~~~~~~~~~~~~~~~~ -- Mattermost has a default :ref:`Terms of Use ` agreement for the Terms of Use link at the bottom of login screen that should be incorporated into any additional Terms of Use you may add. +- Mattermost has a default :ref:`Terms of Use ` agreement for the Terms of Use link at the bottom of login screen that should be incorporated into any additional Terms of Use you may add. - The Mattermost copyright notices on the user interface should remain. - There may be additional legal and regulatory issues to consider and we recommend you employ legal counsel to fully understand what's involved in creating and selling a derivative work. diff --git a/source/product-overview/mattermost-server-releases.md b/source/product-overview/mattermost-server-releases.md index 27ca18532d2..3ea85dd8f01 100644 --- a/source/product-overview/mattermost-server-releases.md +++ b/source/product-overview/mattermost-server-releases.md @@ -14,7 +14,7 @@ ``` ## Frequency -Mattermost releases a new server version on the 16th of each month in [binary form](https://docs.mattermost.com/administration-guide/upgrade/upgrading-mattermost-server.html). +Mattermost releases a new server version on the 16th of each month in [binary form](https://docs.mattermost.com/administration-guide/operations-scaling/upgrading-mattermost-server.html). - See the [v10 changelog](https://docs.mattermost.com/product-overview/mattermost-v10-changelog.html) for details on what's coming and changing in the next major release. - See the [unsupported Mattermost legacy releases](https://docs.mattermost.com/product-overview/unsupported-legacy-releases.html) documentation for details on older, unsupported Mattermost releases. diff --git a/source/product-overview/mattermost-v10-changelog.md b/source/product-overview/mattermost-v10-changelog.md index d34604712be..7fb0899f891 100644 --- a/source/product-overview/mattermost-v10-changelog.md +++ b/source/product-overview/mattermost-v10-changelog.md @@ -15,7 +15,7 @@ **Release day: 2025-09-16** ```{Important} -If you upgrade from a release earlier than v10.10, please read the other [Important Upgrade Notes](https://docs.mattermost.com/administration-guide/upgrade/important-upgrade-notes.html). +If you upgrade from a release earlier than v10.10, please read the other [Important Upgrade Notes](https://docs.mattermost.com/administration-guide/operations-scaling/important-upgrade-notes.html). ``` ### Compatibility @@ -65,7 +65,7 @@ If you upgrade from a release earlier than v10.10, please read the other [Import - Original 10.11.0 release. ```{Important} -If you upgrade from a release earlier than v10.10, please read the other [Important Upgrade Notes](https://docs.mattermost.com/administration-guide/upgrade/important-upgrade-notes.html). +If you upgrade from a release earlier than v10.10, please read the other [Important Upgrade Notes](https://docs.mattermost.com/administration-guide/operations-scaling/important-upgrade-notes.html). ``` ### Highlights diff --git a/source/product-overview/product-overview-index.rst b/source/product-overview/product-overview-index.rst index 6c60fa2696c..64ac2f3f503 100644 --- a/source/product-overview/product-overview-index.rst +++ b/source/product-overview/product-overview-index.rst @@ -47,7 +47,7 @@ Messaging collaboration :doc:`Mattermost Channels ` enables secure, real-time and asynchronous communication across web, desktop, and mobile—powering mission-critical collaboration and Chat Operations (ChatOps) workflows across connected, hybrid, and air-gapped environments. Channels feature the following capabilities: - :ref:`Public ` and :ref:`private ` channels, :ref:`direct messages `, and :doc:`threaded conversations ` for structured operational coordination. -- :doc:`Role-based access controls ` and :ref:`audit logs ` to support need-to-know enforcement. +- :doc:`Role-based access controls ` and :ref:`audit logs ` to support need-to-know enforcement. - Configurable :doc:`notifications ` (e.g., :ref:`alerts `, :doc:`keyword triggers `, :doc:`muting `) to surface high-priority activity. - Integrated ChatOps capabilities via :doc:`slash commands `, `bots `_, and :doc:`webhooks ` for real-time automation and system alerts. - :ref:`Pinning `, :doc:`bookmarking `, and :doc:`advanced search ` to maintain continuity and context in high-volume environments. @@ -79,7 +79,7 @@ Audio and screenshare - Enables :ref:`1:1 and group audio calls ` directly within channels and direct messages, maintaining contextual awareness and access control based on channel membership. - Supports secure :ref:`screen sharing ` for visual coordination and analysis. -- Operates in :doc:`sovereign, air-gapped, or sensitive network ` environments. +- Operates in :doc:`sovereign, air-gapped, or sensitive network ` environments. - Offers optional :ref:`AI-based transcription ` and :ref:`summarization ` for meeting capture and follow ups. - Works across web, desktop, and mobile for flexible, secure access. @@ -108,7 +108,7 @@ AI Agents and open APIs - Provides configurable AI assistants that :ref:`summarize threads `, :ref:`extract action items and answer questions ` with contextual insight and operational awareness. - Supports :ref:`direct interactions with AI agents ` in dedicated threads or channels. - Enables :ref:`semantic search ` using natural language to surface relevant content across Mattermost data. -- Supports Retrieval-Augmented Generation (RAG), :ref:`custom instructions `, and responsible :ref:`AI guardrails ` for secure automation. +- Supports Retrieval-Augmented Generation (RAG), :ref:`custom instructions `, and responsible :ref:`AI guardrails ` for secure automation. - Integrates with :doc:`local models ` (e.g., Ollama, vLLM) and cloud LLMs via OpenAI-compatible APIs for flexible deployment. .. image:: /images/agents-meeting-summary.png @@ -142,10 +142,10 @@ Multi-Agent, Multi-LLM integration A secure, extensible foundation for integrating multiple large language models (LLMs) and autonomous agents within a sovereign control plane enables organizations to operationalize AI within sovereign infrastructure—fusing data across systems, accelerating decisions, and maintaining full control over AI model access and performance. Organizations can leverage the following capabilities to operationalize AI: - :doc:`Sovereign AI ` model support: Integrate with :doc:`OpenAI, Anthropic, Meta Llama, and other LLMs ` via secure APIs. -- :ref:`Custom instructions ` and Retrieval-Augmented Generation (RAG): Adapt agent behavior to domain-specific tasks using internal data and policies. +- :ref:`Custom instructions ` and Retrieval-Augmented Generation (RAG): Adapt agent behavior to domain-specific tasks using internal data and policies. - :ref:`Semantic search ` and natural language interaction: Provide operational teams with intuitive ways to retrieve and act on information. - :ref:`Responsible AI control plane `: Define model access policies, enforce guardrails, and monitor agent activity with feedback loops. -- Multi-agent orchestration: Use the :ref:`Mission Control Plane (MCP) ` and agent-to-agent protocols to coordinate actions across multiple autonomous agents. * +- Multi-agent orchestration: Use the :ref:`Mission Control Plane (MCP) ` and agent-to-agent protocols to coordinate actions across multiple autonomous agents. * Sovereign & cyber-resilient deployment flexibility -------------------------------------------------- @@ -168,8 +168,8 @@ Private Cloud & sovereign datacenter For high-security environments requiring full infrastructure control, IME supports scalable, highly available deployment within sovereign datacenters. - :doc:`Kubernetes-native architecture ` enables containerized services, self-healing workloads, and zero-downtime updates. -- :doc:`High availability ` through clustering across application, database, and proxy layers. -- :doc:`Horizontal scalability ` to tens of thousands of users per instance. +- :doc:`High availability ` through clustering across application, database, and proxy layers. +- :doc:`Horizontal scalability ` to tens of thousands of users per instance. - Complies with Security Technical Implementation Guide (STIG), Federal Information Processing Standard 140-3 (FIPS 140-3), and Federal Risk and Authorization Management Program (FedRAMP)-aligned security standards. Hyperscaler & sovereign Cloud support diff --git a/source/product-overview/release-policy.md b/source/product-overview/release-policy.md index b41440e5f31..9de558bf5a8 100644 --- a/source/product-overview/release-policy.md +++ b/source/product-overview/release-policy.md @@ -39,10 +39,10 @@ We strongly recommend planning ahead for upgrades before the end of an ESR's lif ESRs don’t include changes to product functionality or new features. ESRs are intended for organizations who value stability over having the newest features and improvements, or who have a long internal testing and certification process to undergo when upgrading. Consider using ESRs for more stable and long-term deployments, especially in environments where frequent updates are challenging. If your organization prefers to have the newest features and improvements, Extended Support Releases may not be the best fit for you. -To install extended support releases, follow our [install and upgrade](/administration-guide/upgrade/enterprise-install-upgrade) documentation. To restore a previous ESR, restore the database and previous version if you need to revert an upgrade. Previous ESR versions continue remain subject to a [life cycle end date](/product-overview/mattermost-server-releases). +To install extended support releases, follow our [install and upgrade](/administration-guide/operations-scaling/enterprise-install-upgrade) documentation. To restore a previous ESR, restore the database and previous version if you need to revert an upgrade. Previous ESR versions continue remain subject to a [life cycle end date](/product-overview/mattermost-server-releases). ```{Important} -- We strongly recommend reviewing [upgrade best practices](https://docs.mattermost.com/administration-guide/upgrade/prepare-to-upgrade-mattermost.html#upgrade-best-practices) for upgrading, and [important upgrade notes](/upgrade/important-upgrade-notes) for all the versions beyond the current ESR version you have currently installed. See the [Mattermost v9 changelog](https://docs.mattermost.com/product-overview/mattermost-v9-changelog.html) for a list of database, API, and `config.json` updates for all v9.x releases. +- We strongly recommend reviewing [upgrade best practices](https://docs.mattermost.com/administration-guide/operations-scaling/prepare-to-upgrade-mattermost.html#upgrade-best-practices) for upgrading, and [important upgrade notes](/upgrade/important-upgrade-notes) for all the versions beyond the current ESR version you have currently installed. See the [Mattermost v9 changelog](https://docs.mattermost.com/product-overview/mattermost-v9-changelog.html) for a list of database, API, and `config.json` updates for all v9.x releases. - Your license key is decoupled from the Mattermost server version, so you can upgrade to the latest ESR using a legacy license. We highly recommend working with your Mattermost Account Team to plan for a migration to our new plans, and to access the latest features such as persistent notifications, advanced compliance features, call recordings, and more. ``` diff --git a/source/product-overview/self-hosted-subscriptions.rst b/source/product-overview/self-hosted-subscriptions.rst index fe1b32a7b90..7cd40d14f5f 100644 --- a/source/product-overview/self-hosted-subscriptions.rst +++ b/source/product-overview/self-hosted-subscriptions.rst @@ -24,12 +24,12 @@ Mattermost installed Check your email for a purchase confirmation from Mattermost. Download the attached license. In Mattermost, follow the steps provided in **System Console > About > Edition and License** to apply your license key. -You can also use the :ref:`mmctl ` to apply the license. +You can also use the :ref:`mmctl ` to apply the license. Mattermost not yet installed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -If you haven't yet installed and deployed a Mattermost instance, visit the :doc:`Deployment Guide ` to get started. For information on creating a system admin account, visit our :doc:`Administrator Tasks ` documentation. +If you haven't yet installed and deployed a Mattermost instance, visit the :doc:`Deployment Guide ` to get started. For information on creating a system admin account, visit our :doc:`Administrator Tasks ` documentation. Add more users to your subscription ----------------------------------- diff --git a/source/product-overview/subscription.rst b/source/product-overview/subscription.rst index e335650121a..ffd85014e56 100644 --- a/source/product-overview/subscription.rst +++ b/source/product-overview/subscription.rst @@ -89,7 +89,7 @@ How is a user defined for subscriptions? For the purpose of billing, a “user” is any account created in Mattermost that does not show as **Deactivated** in **System Console > User Management > Users**. Guests are also defined as users. -Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspace ` users aren't counted towards the total number of activated users. +Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspace ` users aren't counted towards the total number of activated users. You can review your user count, for billing purposes, by going to **System Console > Site Statistics**, under **Total Activated Users**. @@ -116,7 +116,7 @@ The affected features include, but are not limited to, the following: Mentions for AD/LDAP groups are not shown in the autocomplete menu. - Group mentions are no longer highlighted in text and do not trigger new notifications.", "Use :ref:`mmctl ` to modify group sync settings for the team/channel." + Group mentions are no longer highlighted in text and do not trigger new notifications.", "Use :ref:`mmctl ` to modify group sync settings for the team/channel." "High availability", "High availability is disabled. If all nodes in a cluster continue running, the nodes will stop communicating and caches will get out of sync. This is likely to cause delays in messages, notifications, etc.", "None needed." "Performance monitoring", "Monitoring is disabled and Grafana will no longer update with new data.", "None needed." "Compliance exports", "Jobs are no longer scheduled in the job server. Data is not exported.", "None needed." @@ -124,7 +124,7 @@ The affected features include, but are not limited to, the following: "Custom terms", "Custom terms no longer displayed to end users on login. Data is retained in the Terms of Service database table.", "None needed." "Custom announcement banners", "No longer visible and is replaced by the default announcement banner.", "None needed." "Multi-factor authentication (MFA)", "MFA is no longer enforced/required for new accounts but remains enabled for those who configured it.", "None needed." - "Permissions", "Permissions are retained in the database in a frozen state and cannot be modified in the System Console.", "Use :ref:`mmctl ` to reset permissions to default." + "Permissions", "Permissions are retained in the database in a frozen state and cannot be modified in the System Console.", "Use :ref:`mmctl ` to reset permissions to default." "Guest accounts", "Guests that are not actively logged in are prevented from logging in. Guests who are actively logged in are able to use Mattermost until their session expires or they log out.", "None needed." Is there a maximum number of users per subscription? diff --git a/source/product-overview/unsupported-legacy-releases.md b/source/product-overview/unsupported-legacy-releases.md index 84ecdc298ef..ebb7db596d2 100644 --- a/source/product-overview/unsupported-legacy-releases.md +++ b/source/product-overview/unsupported-legacy-releases.md @@ -2544,7 +2544,7 @@ If you upgrade from a release earlier than v7.4, please read the other [Importan #### Boards - Added additional standard [board templates](https://docs.mattermost.com/end-user-guide/project-management/work-with-boards.html#choose-a-board-template) to help users kick-off their next projects. - Filters now support all [text properties](https://docs.mattermost.com/end-user-guide/project-management/work-with-cards.html#work-with-property-types). - - Added two new tiles for System Console [Boards metrics](https://docs.mattermost.com/administration-guide/configure/reporting-configuration-settings.html#site-statistics) under **System Console > Site Statistics**. + - Added two new tiles for System Console [Boards metrics](https://docs.mattermost.com/administration-guide/configuration-reference/reporting-configuration-settings.html#site-statistics) under **System Console > Site Statistics**. #### Last active status - Added a [“Last active” status](https://docs.mattermost.com/end-user-guide/preferences/manage-your-display-options.html#share-last-active-time) to the profile popover and to the **Direct Message** channel header that indicates when a user was last online. This status only displays for users who are Away, Offline, or in do-not-disturb (DND). This can be disabled via **Settings > Display > Share last active time**. @@ -2686,7 +2686,7 @@ Mattermost v7.4.0 contains a medium severity level security fix. [Upgrading](htt ### Bug Fixes - Fixed an issue with a nil point exception error during imports. - - Fixed an issue where users were unable to download a [Support Packet](https://docs.mattermost.com/administration-guide/manage/admin/generating-support-packet.html) using the Desktop App. + - Fixed an issue where users were unable to download a [Support Packet](https://docs.mattermost.com/administration-guide/admin-tools/generating-support-packet.html) using the Desktop App. - Fixed an issue with the **Message forward** modal where the auto-complete in the comment box moved with the text cursor. - Fixed an issue where muted channels with an at-mention were displayed under the **Unreads** section of the channel switcher. - Fixed an issue where the Collapsed Reply Threads setting was displayed in the **System Console > Experimental Features** section. @@ -14233,7 +14233,7 @@ Release date: 2016-04-16 #### TPNS and EAS options -- [Enterprise App Store](https://docs.mattermost.com/administration-guide/configure/environment-configuration-settings.html#push-notification-server-location) (EAS) and [Test Push Notification Service](https://docs.mattermost.com/administration-guide/configure/environment-configuration-settings.html#test-push-notifications-service-tpns) (TPNS) option are now included in **System Console** > **Email Settings** > **Push Notification Settings** as built-in options. +- [Enterprise App Store](https://docs.mattermost.com/administration-guide/getting-started/environment-configuration-settings.html#push-notification-server-location) (EAS) and [Test Push Notification Service](https://docs.mattermost.com/administration-guide/getting-started/environment-configuration-settings.html#test-push-notifications-service-tpns) (TPNS) option are now included in **System Console** > **Email Settings** > **Push Notification Settings** as built-in options. ### Languages diff --git a/source/recipes/product-vulnerability-incident.rst b/source/recipes/product-vulnerability-incident.rst index fd3a5fbc3b7..ff8530922d1 100644 --- a/source/recipes/product-vulnerability-incident.rst +++ b/source/recipes/product-vulnerability-incident.rst @@ -18,7 +18,7 @@ This guide walks through the set up of a product security incident room using :d 1. Workspace setup ~~~~~~~~~~~~~~~~~~ -For Cloud customers, all the functionalities works out-of-the-box with no technical setup. Simply invite your team members to your workspace and move onto the next section. For self-hosted deployments, refer to the :ref:`calls configuration documentation ` to configure voice calling and screen sharing. +For Cloud customers, all the functionalities works out-of-the-box with no technical setup. Simply invite your team members to your workspace and move onto the next section. For self-hosted deployments, refer to the :ref:`calls configuration documentation ` to configure voice calling and screen sharing. 2. Playbooks setup ~~~~~~~~~~~~~~~~~~ diff --git a/source/redirects.py b/source/redirects.py index 46b6487bb42..1541c178f60 100644 --- a/source/redirects.py +++ b/source/redirects.py @@ -302,6 +302,229 @@ # Administration redirects "administration/announcement-banner.html": "https://docs.mattermost.com/administration-guide/manage/system-wide-notifications.html", + +# Administration guide restructuring (2025-09) +# Comply → Compliance, Security & Auditing +"administration-guide/comply/compliance-export.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/compliance-export.html", +"administration-guide/comply/compliance-monitoring.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/compliance-monitoring.html", +"administration-guide/comply/custom-terms-of-service.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/custom-terms-of-service.html", +"administration-guide/comply/data-retention-policy.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/data-retention-policy.html", +"administration-guide/comply/electronic-discovery.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/electronic-discovery.html", +"administration-guide/comply/embedded-json-audit-log-schema.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/embedded-json-audit-log-schema.html", +"administration-guide/comply/export-mattermost-channel-data.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/export-mattermost-channel-data.html", +"administration-guide/comply/legal-hold.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/legal-hold.html", +"administration-guide/compliance-with-mattermost.html": + "https://docs.mattermost.com/administration-guide/compliance-security-auditing/compliance-with-mattermost.html", + +# Onboard → Identity & Access / Getting Started +"administration-guide/onboard/ad-ldap.html": + "https://docs.mattermost.com/administration-guide/identity-access/ad-ldap.html", +"administration-guide/onboard/ad-ldap-groups-synchronization.html": + "https://docs.mattermost.com/administration-guide/identity-access/ad-ldap-groups-synchronization.html", +"administration-guide/onboard/managing-team-channel-membership-using-ad-ldap-sync-groups.html": + "https://docs.mattermost.com/administration-guide/identity-access/managing-team-channel-membership-using-ad-ldap-sync-groups.html", +"administration-guide/onboard/multi-factor-authentication.html": + "https://docs.mattermost.com/administration-guide/identity-access/multi-factor-authentication.html", +"administration-guide/onboard/certificate-based-authentication.html": + "https://docs.mattermost.com/administration-guide/identity-access/certificate-based-authentication.html", +"administration-guide/onboard/ssl-client-certificate.html": + "https://docs.mattermost.com/administration-guide/identity-access/ssl-client-certificate.html", +"administration-guide/onboard/sso-gitlab.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/sso/sso-gitlab.html", +"administration-guide/onboard/sso-openidconnect.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/sso/sso-openidconnect.html", +"administration-guide/onboard/sso-google.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/sso/sso-google.html", +"administration-guide/onboard/sso-entraid.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/sso/sso-entraid.html", +"administration-guide/onboard/convert-oauth20-service-providers-to-openidconnect.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/sso/convert-oauth20-service-providers-to-openidconnect.html", +"administration-guide/onboard/sso-saml.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml.html", +"administration-guide/onboard/sso-saml-adfs.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs.html", +"administration-guide/onboard/sso-saml-adfs-msws2016.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-adfs-msws2016.html", +"administration-guide/onboard/sso-saml-okta.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-okta.html", +"administration-guide/onboard/sso-saml-onelogin.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-onelogin.html", +"administration-guide/onboard/sso-saml-keycloak.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-keycloak.html", +"administration-guide/onboard/sso-saml-ldapsync.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-ldapsync.html", +"administration-guide/onboard/sso-saml-technical.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-technical.html", +"administration-guide/onboard/sso-saml-faq.html": + "https://docs.mattermost.com/administration-guide/identity-access/authentication-methods/saml-based-sso/sso-saml-faq.html", +"administration-guide/onboard/migrating-to-mattermost.html": + "https://docs.mattermost.com/administration-guide/getting-started/migrating-to-mattermost.html", +"administration-guide/onboard/migrate-from-slack.html": + "https://docs.mattermost.com/administration-guide/getting-started/migrate-from-slack.html", +"administration-guide/onboard/migrating-from-hipchat-to-mattermost.html": + "https://docs.mattermost.com/administration-guide/getting-started/migrating-from-hipchat-to-mattermost.html", +"administration-guide/onboard/connected-workspaces.html": + "https://docs.mattermost.com/administration-guide/getting-started/connected-workspaces.html", +"administration-guide/onboard/bulk-loading-data.html": + "https://docs.mattermost.com/administration-guide/getting-started/bulk-loading-data.html", + +# Upgrade/Scale → Operations & Scaling or Getting Started +"administration-guide/upgrade/upgrading-mattermost-server.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/upgrading-mattermost-server.html", +"administration-guide/upgrade/prepare-to-upgrade-mattermost.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/prepare-to-upgrade-mattermost.html", +"administration-guide/upgrade/important-upgrade-notes.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/important-upgrade-notes.html", +"administration-guide/upgrade/upgrade-mattermost-kubernetes-ha.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/upgrade-mattermost-kubernetes-ha.html", +"administration-guide/upgrade/downgrading-mattermost-server.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/downgrading-mattermost-server.html", +"administration-guide/upgrade/enterprise-roll-out-checklist.html": + "https://docs.mattermost.com/administration-guide/getting-started/roll-out-checklist.html", +"administration-guide/upgrade/admin-onboarding-tasks.html": + "https://docs.mattermost.com/administration-guide/getting-started/admin-onboarding-tasks.html", +"administration-guide/upgrade-mattermost.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/upgrade-mattermost.html", + +# Scale → Operations & Scaling +"administration-guide/scale/high-availability-cluster-based-deployment.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/high-availability-cluster-based-deployment.html", +"administration-guide/scale/scaling-for-enterprise.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scaling-for-enterprise.html", +"administration-guide/scale/redis.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/redis.html", +"administration-guide/scale/elasticsearch-setup.html": + "https://docs.mattermost.com/administration-guide/platform-features/elasticsearch-setup.html", +"administration-guide/scale/opensearch-setup.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/opensearch-setup.html", +"administration-guide/scale/ensuring-releases-perform-at-scale.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/ensuring-releases-perform-at-scale.html", +"administration-guide/scale/collect-performance-metrics.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/collect-performance-metrics.html", +"administration-guide/scale/estimated-storage-per-user-per-month.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/estimated-storage-per-user-per-month.html", +"administration-guide/scale/lifetime-storage.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/lifetime-storage.html", +"administration-guide/scale/performance-alerting.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/performance-alerting.html", +"administration-guide/scale/performance-monitoring-metrics.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/performance-monitoring-metrics.html", +"administration-guide/scale/additional-ha-considerations.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/additional-ha-considerations.html", +"administration-guide/scale/backing-storage-benchmarks.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/backing-storage-benchmarks.html", +"administration-guide/scale/common-configure-mattermost-for-enterprise-search.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/common-configure-mattermost-for-enterprise-search.html", +"administration-guide/scale/push-notification-health-targets.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/push-notification-health-targets.html", +"administration-guide/scale/scale-to-200000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-200000-users.html", +"administration-guide/scale/scale-to-100000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-100000-users.html", +"administration-guide/scale/scale-to-15000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-15000-users.html", +"administration-guide/scale/scale-to-200-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-200-users.html", +"administration-guide/scale/scale-to-2000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-2000-users.html", +"administration-guide/scale/scale-to-30000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-30000-users.html", +"administration-guide/scale/scale-to-50000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-50000-users.html", +"administration-guide/scale/scale-to-80000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-80000-users.html", +"administration-guide/scale/scale-to-90000-users.html": + "https://docs.mattermost.com/administration-guide/operations-scaling/scale-to-90000-users.html", + +# Manage → Admin Tools & Utilities (selected) +"administration-guide/manage/command-line-tools.html": + "https://docs.mattermost.com/administration-guide/admin-tools/command-line-tools.html", +"administration-guide/manage/mmctl-command-line-tool.html": + "https://docs.mattermost.com/administration-guide/admin-tools/mmctl-command-line-tool.html", +"administration-guide/manage/logging.html": + "https://docs.mattermost.com/administration-guide/admin-tools/logging.html", +"administration-guide/manage/in-product-notices.html": + "https://docs.mattermost.com/administration-guide/admin-tools/in-product-notices.html", +"administration-guide/manage/system-wide-notifications.html": + "https://docs.mattermost.com/administration-guide/admin-tools/system-wide-notifications.html", +"administration-guide/manage/feature-labels.html": + "https://docs.mattermost.com/administration-guide/admin-tools/feature-labels.html", +"administration-guide/manage/statistics.html": + "https://docs.mattermost.com/administration-guide/admin-tools/statistics.html", +"administration-guide/manage/request-server-health-check.html": + "https://docs.mattermost.com/administration-guide/admin-tools/request-server-health-check.html", +"administration-guide/manage/telemetry.html": + "https://docs.mattermost.com/administration-guide/admin-tools/telemetry.html", +"administration-guide/manage/bulk-export-tool.html": + "https://docs.mattermost.com/administration-guide/admin-tools/bulk-export-tool.html", +"administration-guide/manage/cloud-byok.html": + "https://docs.mattermost.com/administration-guide/admin-tools/cloud-byok.html", +"administration-guide/manage/cloud-data-residency.html": + "https://docs.mattermost.com/administration-guide/admin-tools/cloud-data-residency.html", +"administration-guide/manage/cloud-ip-filtering.html": + "https://docs.mattermost.com/administration-guide/admin-tools/cloud-ip-filtering.html", +"administration-guide/manage/cloud-data-export.html": + "https://docs.mattermost.com/administration-guide/admin-tools/cloud-data-export.html", + +# Cloud workspace & licensing +"administration-guide/cloud-workspace-management.html": + "https://docs.mattermost.com/administration-guide/licensing/cloud-workspace-management.html", +"administration-guide/manage/admin/self-hosted-billing.html": + "https://docs.mattermost.com/administration-guide/licensing/self-hosted-billing.html", +"administration-guide/manage/admin/installing-license-key.html": + "https://docs.mattermost.com/administration-guide/admin-tools/installing-license-key.html", + +# Configure → Configuration Settings (Reference) +"administration-guide/configure/configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/configuration-settings.html", +"administration-guide/configure/system-attributes.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/system-attributes.html", +"administration-guide/configure/environment-variables.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/environment-variables.html", +"administration-guide/configure/authentication-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/authentication-configuration-settings.html", +"administration-guide/configure/site-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/site-configuration-settings.html", +"administration-guide/configure/user-management-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/user-management-configuration-settings.html", +"administration-guide/configure/integrations-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/integrations-configuration-settings.html", +"administration-guide/configure/plugins-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/plugins-configuration-settings.html", +"administration-guide/configure/reporting-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/reporting-configuration-settings.html", +"administration-guide/configure/compliance-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/compliance-configuration-settings.html", +"administration-guide/configure/experimental-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/experimental-configuration-settings.html", +"administration-guide/configure/deprecated-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/deprecated-configuration-settings.html", +"administration-guide/configure/rate-limiting-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/rate-limiting-configuration-settings.html", +"administration-guide/configure/push-notification-server-configuration-settings.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/push-notification-server-configuration-settings.html", +"administration-guide/configure/configuration-in-your-database.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/configuration-in-your-database.html", +"administration-guide/configure/bleve-search.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/bleve-search.html", +"administration-guide/configure/enabling-chinese-japanese-korean-search.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/enabling-chinese-japanese-korean-search.html", +"administration-guide/configure/install-boards.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/install-boards.html", +"administration-guide/configure/manage-user-surveys.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/manage-user-surveys.html", +"administration-guide/configure/customize-mattermost.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/customize-mattermost.html", +"administration-guide/configure/custom-branding-tools.html": + "https://docs.mattermost.com/administration-guide/configuration-reference/custom-branding-tools.html", "administration/audit-log.html": "https://docs.mattermost.com/administration-guide/comply/audit-log.html", "administration/backup.html": @@ -2392,7 +2615,7 @@ "getting-started/admin-onboarding-tasks.html": "https://docs.mattermost.com/administration-guide/upgrade/admin-onboarding-tasks.html", "getting-started/enterprise-roll-out-checklist.html": - "https://docs.mattermost.com/administration-guide/upgrade/enterprise-roll-out-checklist.html", + "https://docs.mattermost.com/administration-guide/getting-started/roll-out-checklist.html", "getting-started/welcome-email-to-end-users.html": "https://docs.mattermost.com/administration-guide/upgrade/welcome-email-to-end-users.html", "getting-started/architecture-overview.html": @@ -4170,7 +4393,7 @@ "upgrade/enterprise-install-upgrade.html": "https://docs.mattermost.com/administration-guide/upgrade/enterprise-install-upgrade.html", "upgrade/enterprise-roll-out-checklist.html": - "https://docs.mattermost.com/administration-guide/upgrade/enterprise-roll-out-checklist.html", + "https://docs.mattermost.com/administration-guide/getting-started/roll-out-checklist.html", "upgrade/important-upgrade-notes.html": "https://docs.mattermost.com/administration-guide/upgrade/important-upgrade-notes.html", "upgrade/notify-admin.html": @@ -4389,7 +4612,7 @@ # End User Guide redirects "guides/use-mattermost.html": - "https://docs.mattermost.com/end-user-guide/end-user-guide-index.html", + "https://docs.mattermost.com/end-user-guide/end-user-guide-index.html" # End of redirects. The last redirect above should NOT end in a comma. diff --git a/source/security-guide/cmmc-compliance.rst b/source/security-guide/cmmc-compliance.rst index 6e1c2276b07..641ca25dc22 100644 --- a/source/security-guide/cmmc-compliance.rst +++ b/source/security-guide/cmmc-compliance.rst @@ -13,41 +13,41 @@ Access Control and Identity Management Mattermost supports robust identity and access management to ensure that only authorized users access the system and that they only see data permitted for their role. Key capabilities include: -:doc:`Single Sign-On (SSO) Integration `: Mattermost integrates with enterprise identity providers via :doc:`SAML 2.0 `, :doc:`OpenID Connect `, and :doc:`AD/LDAP `. This allows you to centrally manage user accounts and enforce enterprise authentication policies. Only users provisioned in your directory (and assigned to the Mattermost service) can log in. This helps satisfy access control requirements to “limit system access to authorized users” (AC 3.1.1) using vetted corporate identities. +:doc:`Single Sign-On (SSO) Integration `: Mattermost integrates with enterprise identity providers via :doc:`SAML 2.0 `, :doc:`OpenID Connect `, and :doc:`AD/LDAP `. This allows you to centrally manage user accounts and enforce enterprise authentication policies. Only users provisioned in your directory (and assigned to the Mattermost service) can log in. This helps satisfy access control requirements to “limit system access to authorized users” (AC 3.1.1) using vetted corporate identities. -:doc:`Role-Based Access Control (RBAC) `: Granular permissions in Mattermost ensure users can perform only the actions permitted for their role. For example, regular users cannot perform administrative functions, and :doc:`guest accounts ` have restricted access to specific channels. Administrators can configure :ref:`team-wide ` and :ref:`channel-specific roles/permissions ` so that users only access data and functions needed for their duties. This supports the principle of least privilege (AC 3.1.5) and limits users’ actions to authorized functions (AC 3.1.2, AC 3.1.7). +:doc:`Role-Based Access Control (RBAC) `: Granular permissions in Mattermost ensure users can perform only the actions permitted for their role. For example, regular users cannot perform administrative functions, and :doc:`guest accounts ` have restricted access to specific channels. Administrators can configure :ref:`team-wide ` and :ref:`channel-specific roles/permissions ` so that users only access data and functions needed for their duties. This supports the principle of least privilege (AC 3.1.5) and limits users’ actions to authorized functions (AC 3.1.2, AC 3.1.7). -:doc:`Group-Based Access Management `: Mattermost :doc:`AD/LDAP Group Sync ` automates user provisioning and de-provisioning. Users can be added or removed from Mattermost teams/channels based on their directory group membership. This ensures timely removal of access when personnel change roles or leave (addressing account management aspects of AC 3.1.1) and helps enforce separation of duties (AC 3.1.4) by aligning channel access with organizational roles. +:doc:`Group-Based Access Management `: Mattermost :doc:`AD/LDAP Group Sync ` automates user provisioning and de-provisioning. Users can be added or removed from Mattermost teams/channels based on their directory group membership. This ensures timely removal of access when personnel change roles or leave (addressing account management aspects of AC 3.1.1) and helps enforce separation of duties (AC 3.1.4) by aligning channel access with organizational roles. -:ref:`Session Management and Timeout `: Mattermost administrators can define session security settings, including session idle timeouts and session lifetime. Sessions can be automatically invalidated after a period of inactivity or on demand. By limiting session duration and requiring re-authentication, Mattermost reduces the risk of unauthorized access via unattended sessions (helps address AC 3.1.6 for session lock and IA 3.5.2 for session control). Failed login attempt thresholds can also be set (e.g. lock out after X failed attempts) to mitigate brute-force attacks, aligning with AC 3.1.8. +:ref:`Session Management and Timeout `: Mattermost administrators can define session security settings, including session idle timeouts and session lifetime. Sessions can be automatically invalidated after a period of inactivity or on demand. By limiting session duration and requiring re-authentication, Mattermost reduces the risk of unauthorized access via unattended sessions (helps address AC 3.1.6 for session lock and IA 3.5.2 for session control). Failed login attempt thresholds can also be set (e.g. lock out after X failed attempts) to mitigate brute-force attacks, aligning with AC 3.1.8. -**User Agreement and Access Approval**: Mattermost Enterprise supports a :doc:`Custom Terms of Service ` banner that users must accept upon first login. This can be used to remind users of acceptable use policies or consent to monitoring, indirectly supporting training/awareness requirements and ensuring users acknowledge security terms before accessing CUI. +**User Agreement and Access Approval**: Mattermost Enterprise supports a :doc:`Custom Terms of Service ` banner that users must accept upon first login. This can be used to remind users of acceptable use policies or consent to monitoring, indirectly supporting training/awareness requirements and ensuring users acknowledge security terms before accessing CUI. Authentication and Multi-Factor Authentication (MFA) ----------------------------------------------------- Secure authentication is critical for protecting Controlled Unclassified Information (CUI). Mattermost offers several features to strengthen user authentication in alignment with CMMC requirements: -**Unique User Identification**: Each Mattermost user has a unique account (username/email), satisfying the need for unique IDs (IA 3.5.1). Administrators can :ref:`deactivate accounts ` that are found to be generic or shared, and when integrated with enterprise SSO or LDAP, organizational policies can prevent shared account use. +**Unique User Identification**: Each Mattermost user has a unique account (username/email), satisfying the need for unique IDs (IA 3.5.1). Administrators can :ref:`deactivate accounts ` that are found to be generic or shared, and when integrated with enterprise SSO or LDAP, organizational policies can prevent shared account use. -**Password Policy Enforcement**: For built-in authentication, Mattermost administrators can :ref:`enforce strong password requirements ` (minimum length, complexity). This helps meet IA 3.5.2 by requiring robust passwords and reducing the risk of credential compromise. +**Password Policy Enforcement**: For built-in authentication, Mattermost administrators can :ref:`enforce strong password requirements ` (minimum length, complexity). This helps meet IA 3.5.2 by requiring robust passwords and reducing the risk of credential compromise. -:doc:`Multi-Factor Authentication `: Mattermost supports MFA for all user accounts. In self-hosted deployments, admins can enable and enforce TOTP-based MFA (e.g. requiring a one-time code from Google Authenticator during login). When Mattermost is integrated with SSO (SAML/OIDC), you can leverage the IdP’s MFA policies (e.g. CAC/PIV or OTP) for Mattermost logins. Requiring two factors for authentication aligns with CMMC practice IA 3.5.3, adding an extra layer of verification to protect accounts even if passwords are compromised. +:doc:`Multi-Factor Authentication `: Mattermost supports MFA for all user accounts. In self-hosted deployments, admins can enable and enforce TOTP-based MFA (e.g. requiring a one-time code from Google Authenticator during login). When Mattermost is integrated with SSO (SAML/OIDC), you can leverage the IdP’s MFA policies (e.g. CAC/PIV or OTP) for Mattermost logins. Requiring two factors for authentication aligns with CMMC practice IA 3.5.3, adding an extra layer of verification to protect accounts even if passwords are compromised. -**Account Lockout and Recovery**: Mattermost can limit failed login attempts and lock accounts after a specified number of failures, helping to thwart brute-force attacks (IA 3.5.3, additional aspect). It also provides options for :ref:`secure password reset ` or :ref:`administrator-issued password resets ` to support account recovery while maintaining security controls. +**Account Lockout and Recovery**: Mattermost can limit failed login attempts and lock accounts after a specified number of failures, helping to thwart brute-force attacks (IA 3.5.3, additional aspect). It also provides options for :ref:`secure password reset ` or :ref:`administrator-issued password resets ` to support account recovery while maintaining security controls. Audit Logging and Accountability --------------------------------- CMMC Level 2 (NIST 800-171) places heavy emphasis on audit logging and the ability to track and monitor system activity (Audit & Accountability, AU 3.3.x controls). Mattermost provides built-in logging and monitoring features that help meet these requirements: -**System and Application Audit Logs**: Mattermost records server and application events in an :ref:`audit log ` (:doc:`JSON format `). This includes security-relevant events such as logins, account creations, permission changes, server configuration changes, and more. Enterprise editions can send logs to external :ref:`syslog or monitoring systems ` in real time. These logs provide the evidence needed for AU.3.3.1 (“generate audit records for user/activity”) and support analysis of incidents. +**System and Application Audit Logs**: Mattermost records server and application events in an :ref:`audit log ` (:doc:`JSON format `). This includes security-relevant events such as logins, account creations, permission changes, server configuration changes, and more. Enterprise editions can send logs to external :ref:`syslog or monitoring systems ` in real time. These logs provide the evidence needed for AU.3.3.1 (“generate audit records for user/activity”) and support analysis of incidents. **Message History Retention**: By default, Mattermost retains a complete history of all messages (including edits and deletions) and file uploads in the database. Even if a user deletes a message in the application, the data is still preserved in the backend (unless a retention policy is in place). This ensures actions are traceable to individuals (AU 3.3.2) and meets requirements to retain and archive audit data. Administrators can also :ref:`disable users’ ability to edit or delete messages `, guaranteeing an unalterable record of conversation content for compliance purposes (useful for investigations and meeting audit retention requirements). -:doc:`Compliance Export ` and :doc:`Electronic Discovery `: Mattermost’s :doc:`Compliance Export ` feature can automatically export message history and metadata on a scheduled basis. This helps organizations produce chat records for audits, e-discovery, or long-term archival outside the application (relevant to AU 3.3.3 on audit record retention and review). Additionally, integration with third-party archiving and e-discovery tools is supported (e.g. Smarsh/Global Relay), enabling centralized analysis of communications for compliance. +:doc:`Compliance Export ` and :doc:`Electronic Discovery `: Mattermost’s :doc:`Compliance Export ` feature can automatically export message history and metadata on a scheduled basis. This helps organizations produce chat records for audits, e-discovery, or long-term archival outside the application (relevant to AU 3.3.3 on audit record retention and review). Additionally, integration with third-party archiving and e-discovery tools is supported (e.g. Smarsh/Global Relay), enabling centralized analysis of communications for compliance. -**Automated Monitoring and Alerts**: Administrators can generate daily compliance reports of Mattermost activity or use the audit data for anomaly detection. Mattermost supports integration with Security Information and Event Management (SIEM) systems by sending logs to a :ref:`syslog ` or via the `API `_. This allows organizations to correlate Mattermost events with other security data and receive alerts on suspicious behavior (e.g. multiple failed logins, unexpected user account changes), supporting AU 3.3.4 and RA 3.11.2 (continuous monitoring and risk assessment). Mattermost’s audit log can thus feed into your incident monitoring process for rapid detection of issues. +**Automated Monitoring and Alerts**: Administrators can generate daily compliance reports of Mattermost activity or use the audit data for anomaly detection. Mattermost supports integration with Security Information and Event Management (SIEM) systems by sending logs to a :ref:`syslog ` or via the `API `_. This allows organizations to correlate Mattermost events with other security data and receive alerts on suspicious behavior (e.g. multiple failed logins, unexpected user account changes), supporting AU 3.3.4 and RA 3.11.2 (continuous monitoring and risk assessment). Mattermost’s audit log can thus feed into your incident monitoring process for rapid detection of issues. **Protection of Audit Information**: Access to Mattermost logs is restricted to system administrators – regular users cannot view or tamper with audit records. Logs written to files on the server can be further protected by OS-level access controls. This aligns with AU 3.3.5 (prevent unauthorized access/modification of audit records). Additionally, if using Mattermost Cloud or an external log aggregator, you should apply appropriate controls to those environments to safeguard the logs. @@ -75,15 +75,15 @@ CMMC Level 2 includes controls to safeguard information during storage and trans :doc:`Encryption in Transit `: All Mattermost client-server communication can be :doc:`encrypted ` using TLS (Transport Layer Security). When configured with HTTPS, Mattermost encrypts data in transit between the server and clients (web, desktop, mobile), preventing eavesdropping on CUI being discussed or transferred. This meets the requirement to protect CUI on networks by encrypting it during transmission (SC 3.13.8). Mattermost supports modern TLS protocols and ciphers; administrators should configure TLS per DoD guidelines (e.g. FIPS 140-2 validated cryptographic modules where applicable) to fully satisfy this control. -:ref:`Encryption at Rest `: Mattermost supports encryption of data at rest through enterprise database and storage configurations. The application can be deployed on encrypted file systems or use encrypted storage backends. For instance, if using Amazon S3 for file storage, Mattermost Enterprise can enable :ref:`server-side encryption with S3-managed keys `. If using a self-hosted database, administrators can enable disk encryption or TDE on the database server. By encrypting the Mattermost database and storage drives, organizations add a layer of protection for CUI stored in chat messages and files, helping to meet SC 3.13.16 (protect confidentiality of CUI at rest) and MP 3.8.3 (media sanitization if disks are disposed). Mattermost documentation encourages regular key rotation and secure key management for encryption at rest. +:ref:`Encryption at Rest `: Mattermost supports encryption of data at rest through enterprise database and storage configurations. The application can be deployed on encrypted file systems or use encrypted storage backends. For instance, if using Amazon S3 for file storage, Mattermost Enterprise can enable :ref:`server-side encryption with S3-managed keys `. If using a self-hosted database, administrators can enable disk encryption or TDE on the database server. By encrypting the Mattermost database and storage drives, organizations add a layer of protection for CUI stored in chat messages and files, helping to meet SC 3.13.16 (protect confidentiality of CUI at rest) and MP 3.8.3 (media sanitization if disks are disposed). Mattermost documentation encourages regular key rotation and secure key management for encryption at rest. -**Network Access Control and Segmentation**: Mattermost can be deployed in a manner that controls network access to the system. In self-hosted deployments, organizations often place Mattermost servers in a secure enclave or DMZ with firewalls controlling ingress/egress. For cloud deployments, Mattermost Cloud offers :doc:`IP allowlisting ` (Enterprise plan) to restrict access to known IP ranges. These configurations address SC 3.13.1 and SC 3.13.2 by allowing Mattermost to reside within a protected network segment and ensuring only trusted networks or VPN users can reach it. Additionally, within Mattermost, data is segmented by :doc:`Teams ` and :doc:`Channels ` – you can create separate teams for different projects or clearance levels, and mark channels as private to restrict membership. This “micro-segmentation” of conversations ensures that sensitive discussions (e.g. about a specific CUI program) are isolated to authorized individuals, reducing inadvertent information exposure. +**Network Access Control and Segmentation**: Mattermost can be deployed in a manner that controls network access to the system. In self-hosted deployments, organizations often place Mattermost servers in a secure enclave or DMZ with firewalls controlling ingress/egress. For cloud deployments, Mattermost Cloud offers :doc:`IP allowlisting ` (Enterprise plan) to restrict access to known IP ranges. These configurations address SC 3.13.1 and SC 3.13.2 by allowing Mattermost to reside within a protected network segment and ensuring only trusted networks or VPN users can reach it. Additionally, within Mattermost, data is segmented by :doc:`Teams ` and :doc:`Channels ` – you can create separate teams for different projects or clearance levels, and mark channels as private to restrict membership. This “micro-segmentation” of conversations ensures that sensitive discussions (e.g. about a specific CUI program) are isolated to authorized individuals, reducing inadvertent information exposure. :ref:`Self-Hosted ` and :doc:`Air-Gapped Deployment `: Unlike many collaboration tools, Mattermost can be fully self-hosted on-premises or in a sovereign cloud, giving organizations complete control over data locality. DoD contractors can :doc:`deploy Mattermost in an air-gapped environment ` with no outside internet connectivity if required. This supports compliance when handling CUI that cannot be exposed to external systems. By keeping Mattermost within the same secured IT boundary as other CUI systems, contractors address concerns of SC 3.13.5 (isolate system components from external access). Mattermost’s deployment flexibility (on-prem, GovCloud, etc.) allows alignment with DoD requirements (e.g. hosting at IL4/IL5 for sensitive data, if using cloud infrastructure). All user data resides in the infrastructure you control, aiding data sovereignty and compliance with any `FedRAMP `_ or `ITAR `_ restrictions that may apply in addition to CMMC. -**Data Loss Prevention Measures**: While Mattermost does not natively include a full DLP suite, administrators can enforce certain restrictions to prevent unauthorized sharing or retention of data. For example, :ref:`public link sharing ` (for files) can be disabled or restricted, ensuring that shared files are not exposed to untrusted users. :ref:`File Upload Settings ` and :ref:`Plugin Whitelisting ` allow you to control what types of files can be shared or which integrations are allowed, supporting SC 3.13.4 (control of information flows). Additionally, the :ref:`Push Notification contents ` can be configured to omit message text, so that if mobile push notifications are used, they do not leak sensitive message content to device lock screens or external services. For more advanced DLP, Mattermost’s open `APIs `_ and `webhooks `_ enable integration with external DLP solutions or content filtering systems (e.g. a script could detect and remove messages containing certain keywords or PII). These measures help fulfill AC 3.1.3 / SC 3.13.4 by controlling the flow of CUI and preventing it from leaving authorized channels. +**Data Loss Prevention Measures**: While Mattermost does not natively include a full DLP suite, administrators can enforce certain restrictions to prevent unauthorized sharing or retention of data. For example, :ref:`public link sharing ` (for files) can be disabled or restricted, ensuring that shared files are not exposed to untrusted users. :ref:`File Upload Settings ` and :ref:`Plugin Whitelisting ` allow you to control what types of files can be shared or which integrations are allowed, supporting SC 3.13.4 (control of information flows). Additionally, the :ref:`Push Notification contents ` can be configured to omit message text, so that if mobile push notifications are used, they do not leak sensitive message content to device lock screens or external services. For more advanced DLP, Mattermost’s open `APIs `_ and `webhooks `_ enable integration with external DLP solutions or content filtering systems (e.g. a script could detect and remove messages containing certain keywords or PII). These measures help fulfill AC 3.1.3 / SC 3.13.4 by controlling the flow of CUI and preventing it from leaving authorized channels. -**Sensitive Information Controls**: :doc:`System-wide banners ` can display CUI handling notices such as "⚠️ This system contains CUI. Use authorized accounts only. All activity is monitored." Supports AC.L2-3.1.9, AT.L2-3.2.1, IR.L2-3.6.2, and MP.L2-3.8.2. As well as :doc:`channel-specific banners ` can be used to flag channels containing CUI or incident response data, reinforce workflow integrity, or restrict data sharing. Supports AC.L2-3.1.3, MP.L2-3.8.2, AU.L2-3.3.1/3.3.2, and SC.L2-3.13.4. +**Sensitive Information Controls**: :doc:`System-wide banners ` can display CUI handling notices such as "⚠️ This system contains CUI. Use authorized accounts only. All activity is monitored." Supports AC.L2-3.1.9, AT.L2-3.2.1, IR.L2-3.6.2, and MP.L2-3.8.2. As well as :doc:`channel-specific banners ` can be used to flag channels containing CUI or incident response data, reinforce workflow integrity, or restrict data sharing. Supports AC.L2-3.1.3, MP.L2-3.8.2, AU.L2-3.3.1/3.3.2, and SC.L2-3.13.4. **Antivirus Scanning**: To address system integrity requirements (SI 3.14.5 for scanning files for malware), Mattermost can integrate with antivirus tools. A `ClamAV plugin `_ is available that scans files uploaded to Mattermost for viruses and malware. When enabled, this helps ensure that malicious files are detected and quarantined, protecting users and meeting the intent of controls on detecting and protecting against malware (SI 3.14.4 and SI 3.14.5). Administrators should also keep the Mattermost server host up-to-date with security patches and monitor for vulnerabilities (SI 3.14.1/3.14.2), as part of overall system integrity maintenance. diff --git a/source/security-guide/hipaa-compliance.rst b/source/security-guide/hipaa-compliance.rst index 1f2ae0a559b..8972cca124c 100644 --- a/source/security-guide/hipaa-compliance.rst +++ b/source/security-guide/hipaa-compliance.rst @@ -7,8 +7,8 @@ HIPAA-compliant deployments commonly consider the following: - Omitting the contents of messages from mobile push and email notifications: - - If your :ref:`Push Notifications Contents ` option is set to ``Send full message snippet`` there is a chance Personal Health Information (PHI) contained in messages could be displayed on a user's locked phone as a notification. To avoid this, set the option to ``Send generic description with user and channel names`` or ``Send generic description with only sender name``. - - Similarly, setting :ref:`Email Notifications Contents ` to ``Send generic description with only sender name`` will only send the team name and name of the person who sent the message, with no information about channel name or message contents included in email notifications. + - If your :ref:`Push Notifications Contents ` option is set to ``Send full message snippet`` there is a chance Personal Health Information (PHI) contained in messages could be displayed on a user's locked phone as a notification. To avoid this, set the option to ``Send generic description with user and channel names`` or ``Send generic description with only sender name``. + - Similarly, setting :ref:`Email Notifications Contents ` to ``Send generic description with only sender name`` will only send the team name and name of the person who sent the message, with no information about channel name or message contents included in email notifications. - Beyond Technical Safeguards, HIPAA compliance deployments also require: diff --git a/source/security-guide/mobile-security.rst b/source/security-guide/mobile-security.rst index 24c07ba45fc..ad5945d3a8e 100644 --- a/source/security-guide/mobile-security.rst +++ b/source/security-guide/mobile-security.rst @@ -37,7 +37,7 @@ Biometric authentication Native biometric authentication ensures only the authorized device owner can access the Mattermost application. By utilizing hardware-level security, biometrics significantly enhance data protection, especially in cases of lost or stolen devices. This advanced security measure is far more robust and user-friendly compared to traditional passwords, adding a resilient layer of protection against unauthorized access. -Administrators can mandate biometric authentication each time users attempt to open the Mattermost application, further safeguarding customer data and mitigating risks. Learn more about Mattermost :ref:`mobile biometric authentication `, and the :ref:`user workflows in which users must authenticate `, when biometric authentication is enabled. +Administrators can mandate biometric authentication each time users attempt to open the Mattermost application, further safeguarding customer data and mitigating risks. Learn more about Mattermost :ref:`mobile biometric authentication `, and the :ref:`user workflows in which users must authenticate `, when biometric authentication is enabled. Screenshot and screen recording prevention ------------------------------------------- @@ -54,7 +54,7 @@ Learn more about how Mattermost leverages robust sandboxing mechanisms on both i Push notification message visibility ------------------------------------ -Push notifications are a convenient way to stay updated, but they can also pose security risks if sensitive information is displayed. Mattermost provides options to :ref:`control the visibility of message content in push notifications `, ensuring that sensitive information is not inadvertently exposed through locked mobile screens and via relay servers from Apple and Google when sending notifications to iOS or Android mobile apps. +Push notifications are a convenient way to stay updated, but they can also pose security risks if sensitive information is displayed. Mattermost provides options to :ref:`control the visibility of message content in push notifications `, ensuring that sensitive information is not inadvertently exposed through locked mobile screens and via relay servers from Apple and Google when sending notifications to iOS or Android mobile apps. Disable downloads ----------------- @@ -63,7 +63,7 @@ Environments with strict data loss prevention (DLP) policies or where sensitive Disabling file uploads adds an additional layer of security by reducing the risk of malware or malicious files being introduced into the system, ensuring tighter control over sensitive corporate data, and preventing accidental leaks from unsecure mobile networks. -Similarly, by disabling downloads, Mattermost ensures that files cannot be saved locally on the device, reducing the risk of unauthorized access or data leakage. Learn more about :ref:`disabling mobile uploads ` and :ref:`disabling mobile downloads ` in the Mattermost mobile app. +Similarly, by disabling downloads, Mattermost ensures that files cannot be saved locally on the device, reducing the risk of unauthorized access or data leakage. Learn more about :ref:`disabling mobile uploads ` and :ref:`disabling mobile downloads ` in the Mattermost mobile app. Secure file preview ------------------- @@ -74,6 +74,10 @@ When secure file preview is enabled, files are stored temporarily in the app's c Additionally, administrators can control link navigation within PDF files when secure file preview mode is active, allowing links to open in the device browser or supported applications as needed. +<<<<<<< HEAD +Learn more about :ref:`enabling secure file preview on mobile ` and :ref:`allow PDF link navigation on mobile ` in the Mattermost mobile app. +======= Learn more about :ref:`enabling secure file preview on mobile ` and :ref:`allow PDF link navigation on mobile ` in the Mattermost mobile app. +>>>>>>> master `Book a live demo `_ or `talk to a Mattermost expert `_ to explore tailored solutions for your organization's secure collaboration needs. Or try Mattermost yourself with a `1-hour preview `_ for instant access to a live sandbox environment. \ No newline at end of file diff --git a/source/security-guide/secure-mattermost.rst b/source/security-guide/secure-mattermost.rst index 3fbb41bd6c7..089421a3867 100644 --- a/source/security-guide/secure-mattermost.rst +++ b/source/security-guide/secure-mattermost.rst @@ -10,24 +10,24 @@ Mattermost ships with several security features that can help organizations safe Encryption options Transport encryption - Multi-factor authentication - Delegated granular administration - Custom terms of service - User and group provisioning via AD/LDAP - SAML-based SSO - SAML SSO techical documentation - Certificate-based authentication + Multi-factor authentication + Delegated granular administration + Custom terms of service + User and group provisioning via AD/LDAP + SAML-based SSO + SAML SSO techical documentation + Certificate-based authentication * :doc:`Encryption options ` - Setup encryption for data in transit and at rest. * :doc:`Transport encryption ` - Secure data in transit between Mattermost and other services. -* :doc:`Multi-factor authentication ` - Require users to provide a secure one-time code in addition to their username and password to log in to Mattermost. -* :ref:`ID-only push notifications ` - Enable fully private mobile notifications to protect against iOS and Android notification infrastructure breaches. +* :doc:`Multi-factor authentication ` - Require users to provide a secure one-time code in addition to their username and password to log in to Mattermost. +* :ref:`ID-only push notifications ` - Enable fully private mobile notifications to protect against iOS and Android notification infrastructure breaches. * :doc:`Enterprise mobility management ` - Secure mobile endpoints with management application configuration. -* :doc:`Delegated granular administration ` - Grant user access to specific areas of the Mattermost System Console. -* :doc:`Custom terms of service ` - Increase clarity on legal Mattermost expectations for internal employees and guests. -* :ref:`Manage session length ` - Control how long user sessions remain active. -* :doc:`User and group provisioning via AD/LDAP ` - Provision and synchronize users and groups to pre-defined roles. -* :doc:`SAML-based single sign-on (SSO) ` - Enable login using a single user ID and password managed through a SAML 2.0 Service Provider. -* :doc:`SAML SSO technical documentation ` - Technical details on SAML SSO. -* :doc:`Certificate-based authentication ` - Identify a user or a device before granting access to Mattermost. -* :ref:`Manage file sharing and downloads ` - Control file sharing and downloads in Mattermost. \ No newline at end of file +* :doc:`Delegated granular administration ` - Grant user access to specific areas of the Mattermost System Console. +* :doc:`Custom terms of service ` - Increase clarity on legal Mattermost expectations for internal employees and guests. +* :ref:`Manage session length ` - Control how long user sessions remain active. +* :doc:`User and group provisioning via AD/LDAP ` - Provision and synchronize users and groups to pre-defined roles. +* :doc:`SAML-based single sign-on (SSO) ` - Enable login using a single user ID and password managed through a SAML 2.0 Service Provider. +* :doc:`SAML SSO technical documentation ` - Technical details on SAML SSO. +* :doc:`Certificate-based authentication ` - Identify a user or a device before granting access to Mattermost. +* :ref:`Manage file sharing and downloads ` - Control file sharing and downloads in Mattermost. \ No newline at end of file diff --git a/source/security-guide/security-guide-index.rst b/source/security-guide/security-guide-index.rst index badd656268d..c62cc7923d1 100644 --- a/source/security-guide/security-guide-index.rst +++ b/source/security-guide/security-guide-index.rst @@ -27,7 +27,7 @@ Data-at-Rest Encryption Encryption-at-rest ensures that messages, files, and other data stored in the Mattermost database and file storage are protected from unauthorized access by safeguarding data on physical storage media (e.g., disks) by encrypting it, making it inaccessible without the appropriate encryption keys. Learn more about Mattermost :ref:`data-at-rest encryption `. -Encryption-at-rest also available for files stored in Amazon's proprietary S3 system using server-side encryption with :ref:`Amazon S3-managed keys ` (Mattermost Enterprise) when users choose not to use open source options. +Encryption-at-rest also available for files stored in Amazon's proprietary S3 system using server-side encryption with :ref:`Amazon S3-managed keys ` (Mattermost Enterprise) when users choose not to use open source options. We strongly recommend regularly rotating and securely storing encryption keys using tools, enabling logging and monitoring for access to encrypted data, and ensuring that backup data is encrypted. @@ -37,40 +37,40 @@ Authentication and Access Control Single Sign-On (SSO) ~~~~~~~~~~~~~~~~~~~~ -The mobile application integrates with Single Sign-On providers, allowing users to authenticate using their existing credentials from other trusted systems. This reduces the risk of password-related security breaches and streamlines the login process. Learn more about Mattermost :doc:`SSO `. +The mobile application integrates with Single Sign-On providers, allowing users to authenticate using their existing credentials from other trusted systems. This reduces the risk of password-related security breaches and streamlines the login process. Learn more about Mattermost :doc:`SSO `. Multi-Factor Authentication (MFA) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -An additional layer of security beyond username and password. Customers can :doc:`enable and enforce MFA ` to protect accounts from unauthorized access, even if login credentials are compromised. +An additional layer of security beyond username and password. Customers can :doc:`enable and enforce MFA ` to protect accounts from unauthorized access, even if login credentials are compromised. User Password Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~ System administrators can configure user password settings to help safeguard the platform against a range of common attack vectors while maintaining usability and compliance with enterprise security policies: -- Enforcing longer passwords ensures a baseline level of strength for every user's credentials. Learn more about configuring a :ref:`minimum password length `. -- Enforcing character complexity protects against attackers exploiting weak or overly simple passwords by enforcing passwords that resist dictionary attacks and common password vulnerabilities. Learn more about configuring :ref:`password requirements `. -- Limiting the number of failed authentication attempts before locking the account temporarily or permanently mitigates brute-force, where attackers attempt to guess passwords by repeatedly entering potential combinations. Learn more about configuring the :ref:`maximum number of login attempts `. -- Enabling the forgot password flow adds a layer of convenience by ensuring users can reset their password when needed while preventing users from being locked out due to legitimate loss of credentials. Learn more about :ref:`enabling a password reset workflow `. +- Enforcing longer passwords ensures a baseline level of strength for every user's credentials. Learn more about configuring a :ref:`minimum password length `. +- Enforcing character complexity protects against attackers exploiting weak or overly simple passwords by enforcing passwords that resist dictionary attacks and common password vulnerabilities. Learn more about configuring :ref:`password requirements `. +- Limiting the number of failed authentication attempts before locking the account temporarily or permanently mitigates brute-force, where attackers attempt to guess passwords by repeatedly entering potential combinations. Learn more about configuring the :ref:`maximum number of login attempts `. +- Enabling the forgot password flow adds a layer of convenience by ensuring users can reset their password when needed while preventing users from being locked out due to legitimate loss of credentials. Learn more about :ref:`enabling a password reset workflow `. Session Management ~~~~~~~~~~~~~~~~~~ -System administrators can configure session management settings, including session length, session cache, and idle timeout to ensure user sessions are managed effectively and securely. Session fixation attacks are mitigated as Mattermost sets a new session cookie with each login. Learn more about :ref:`session management configuration settings `. +System administrators can configure session management settings, including session length, session cache, and idle timeout to ensure user sessions are managed effectively and securely. Session fixation attacks are mitigated as Mattermost sets a new session cookie with each login. Learn more about :ref:`session management configuration settings `. Protection Against Brute Force Attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -System administrators can :doc:`rate limit Mattermost APIs ` based on query frequency, memory store size, remote address, and headers. +System administrators can :doc:`rate limit Mattermost APIs ` based on query frequency, memory store size, remote address, and headers. Remote Session Revocation & Password Reset ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ System administrators can remotely :doc:`revoke user sessions ` across web, mobile devices, and desktop apps. -User passwords can be remotely :ref:`reset ` to enhance security. +User passwords can be remotely :ref:`reset ` to enhance security. -Admins can also enforce re-login after a specified period of time by defining :ref:`session lengths ` and by :ref:`revoking user sessions ` to force users to log back into the system immediately. +Admins can also enforce re-login after a specified period of time by defining :ref:`session lengths ` and by :ref:`revoking user sessions ` to force users to log back into the system immediately. Role-Based Access Control (ABAC) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -80,14 +80,14 @@ Administrators can set granular permissions to control access to sensitive infor Cross-Origin Requests Control ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Choose whether to restrict or enable :ref:`cross-origin requests ` for enhanced control. +Choose whether to restrict or enable :ref:`cross-origin requests ` for enhanced control. Public Link Management ---------------------- -Public links for account creation, file, and image shares can be invalidated by :ref:`regenerating salts ` to ensure security. +Public links for account creation, file, and image shares can be invalidated by :ref:`regenerating salts ` to ensure security. -Public links can also be disabled by setting the :ref:`public link salt ` to an empty string. This prevents the creation of new public links and invalidates existing ones. +Public links can also be disabled by setting the :ref:`public link salt ` to an empty string. This prevents the creation of new public links and invalidates existing ones. LLM Context Management ----------------------- @@ -97,7 +97,7 @@ Mattermost Agents are designed to ensure that only necessary information is sent Audit Logs and Monitoring ------------------------- -Mattermost writes logs to both the console and to a log file in a machine-readable JSON format. Commercial customers can additionally log directly to syslog and TCP socket destination targets. Learn more about :doc:`Mattermost logging `. +Mattermost writes logs to both the console and to a log file in a machine-readable JSON format. Commercial customers can additionally log directly to syslog and TCP socket destination targets. Learn more about :doc:`Mattermost logging `. Activity Monitoring ~~~~~~~~~~~~~~~~~~~~ @@ -205,7 +205,7 @@ When using username-password authentication, especially with AD/LDAP, there's th We believe this design increases productivity, speeds up user adoption, and reduces help desk tickets and support costs - and that these benefits outweigh the trade-offs. -The trade-off with this design is that if physical security is not in effect, network security is not in effect (i.e., no VPN or a malicious user within the private network), and username-password authentication is used, an attacker may be able to enumerate email addresses or usernames by sending HTTP requests to the system, up to the maximum number of requests per second defined in Mattermost's :doc:`API rate limiting settings `. +The trade-off with this design is that if physical security is not in effect, network security is not in effect (i.e., no VPN or a malicious user within the private network), and username-password authentication is used, an attacker may be able to enumerate email addresses or usernames by sending HTTP requests to the system, up to the maximum number of requests per second defined in Mattermost's :doc:`API rate limiting settings `. For organizations who choose to deploy in such a configuration, please consider the following mitigations: diff --git a/source/security-guide/zero-trust.rst b/source/security-guide/zero-trust.rst index 9bbdd90d5f9..c4364962cd4 100644 --- a/source/security-guide/zero-trust.rst +++ b/source/security-guide/zero-trust.rst @@ -16,23 +16,23 @@ Mattermost integrates seamlessly with enterprise identity providers (IdPs), enab By using one of the secure identity mechanisms listed below and enforcing least-privilege access via roles and groups, Mattermost ensures that only verified individuals gain access to the platform and its resources: -- `SAML `_: Enables seamless Single Sign-On, ensuring centralized authentication to continuously enforce user verification. -- `LDAP `_: Facilitates integration with enterprise directories to tightly control user access, adhering to granular identity verification. -- `OpenID Connect `_: Provides secure, standards-based user authentication to verify identities and enforce secure access. -- `Session Management `_: Strengthens continuous authentication by controlling session lengths and automatically revoking sessions based on inactivity or policy violations, ensuring constant identity verification. By limiting session lifetimes and enforcing strict session policies, Mattermost mitigates the risk of stolen session tokens or extended unauthorized access. +- `SAML `_: Enables seamless Single Sign-On, ensuring centralized authentication to continuously enforce user verification. +- `LDAP `_: Facilitates integration with enterprise directories to tightly control user access, adhering to granular identity verification. +- `OpenID Connect `_: Provides secure, standards-based user authentication to verify identities and enforce secure access. +- `Session Management `_: Strengthens continuous authentication by controlling session lengths and automatically revoking sessions based on inactivity or policy violations, ensuring constant identity verification. By limiting session lifetimes and enforcing strict session policies, Mattermost mitigates the risk of stolen session tokens or extended unauthorized access. Authorized users can seamlessly be added and removed from channels utilizing the native AD/LDAP integration based on group memberships: -- `LDAP Synchronized User Groups `_: Automates user management and access control by dynamically syncing with organizational directories to minimize risks and enforce policies. +- `LDAP Synchronized User Groups `_: Automates user management and access control by dynamically syncing with organizational directories to minimize risks and enforce policies. Continuous monitoring ---------------------- Mattermost offers tools for monitoring activity, identifying suspicious behavior, session management, and real-time incident response. Audit trails and performance monitoring ensure the proactive detection of potential issues or breaches, delivering visibility into the activity across the platform. -- `Audit Logging `_: Tracks detailed activity logs for monitoring and identifying real-time anomaly-detection use cases, such as detecting anomalous behavior from compromised accounts or insider threats, or responding to unusual file-sharing activity within sensitive channels. +- `Audit Logging `_: Tracks detailed activity logs for monitoring and identifying real-time anomaly-detection use cases, such as detecting anomalous behavior from compromised accounts or insider threats, or responding to unusual file-sharing activity within sensitive channels. - `SIEM Integrations `_: Streamlines monitoring within existing security systems to detect and respond to lateral movement threats or policy violations consistently. -- `Performance Monitoring `_: Protects against potential threats by analyzing system and user behaviors via proactive monitoring. +- `Performance Monitoring `_: Protects against potential threats by analyzing system and user behaviors via proactive monitoring. Deployment and host control --------------------------- @@ -42,7 +42,7 @@ Flexibility and control to host Mattermost securely to minimize the risk of vuln Mattermost's self-hosting enables tailored configurations for on-premises systems with specialized security needs, while cloud IP filtering ensures scalable control for remote or hybrid teams operating across distributed environments: - :doc:`Self-hosting Mattermost `: Enforces stricter data sovereignty requirements, and complete control over deployment environments, enabling organizations to implement custom Zero Trust security measures. -- :ref:`Cloud IP Filtering `: Prevents untrusted entities from gaining initial access, restricting platform access to trusted network ranges, enforcing an evaluation of every connection. +- :ref:`Cloud IP Filtering `: Prevents untrusted entities from gaining initial access, restricting platform access to trusted network ranges, enforcing an evaluation of every connection. Encryption ---------- @@ -84,9 +84,9 @@ Administrative controls Enforce logical segmentation through team-level and group-level management, enhancing productivity and security by aligning user access with their specific roles: - `Delegated Granular Administration `_: Ensures operational security by enabling controlled management access based on responsibilities. -- `Custom Terms of Service `_: Requires users to acknowledge organization-specific Terms of Service before access ensures alignment with security policies and strengthens compliance, particularly in regulated industries where custom terms may reflect specific mandates. +- `Custom Terms of Service `_: Requires users to acknowledge organization-specific Terms of Service before access ensures alignment with security policies and strengthens compliance, particularly in regulated industries where custom terms may reflect specific mandates. - `Granular Permissions `_: Facilitates precise control over user and system permissions, adhering to the principle of least privilege. -- `Read-Only Permissions for Files `_: Limits file-sharing capabilities to safeguard sensitive information from unauthorized alterations. +- `Read-Only Permissions for Files `_: Limits file-sharing capabilities to safeguard sensitive information from unauthorized alterations. Security policies and tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -100,7 +100,7 @@ Multi-factor authentication (MFA) Mattermost supports MFA to strengthen authentication practices by adding an extra layer of protection for high-risk workflows beyond passwords: -- `MFA `_: Enhances user identity verification by requiring multiple factors for authentication. MFA ensures that unauthorized users are denied access even if passwords are compromised, reducing the risk of account breaches. +- `MFA `_: Enhances user identity verification by requiring multiple factors for authentication. MFA ensures that unauthorized users are denied access even if passwords are compromised, reducing the risk of account breaches. Alternatively, often enforced through the identity provider (IDP). @@ -111,10 +111,10 @@ Data management directly addresses how sensitive information is managed, control By retaining data only for the duration that it is needed and then securely disposing of it, the exposure to malicious activity or unauthorized access is significantly reduced. Even if attackers gain access, their exposure is minimized. The less data stored, the smaller the "footprint" for potential exploitation: -- `Data Retention Policies `_: Enforces strict retention controls to reduce data exposure and help comply with governance standards. -- `Compliance Export `_: Ensures data portability for audit and compliance purposes in a secure and controlled manner. -- `Compliance Monitoring `_: Offers visibility into adherence to security and compliance policies, supporting compliance mandates. -- `E-Discovery `_: Boosts organizational oversight by ensuring discoverability of stored data for legal and compliance audits under secure protocols. E-Discovery capabilities help organizations meet compliance expectations for legal audits under frameworks like GDPR or HIPAA without sacrificing secure collaboration workflows. +- `Data Retention Policies `_: Enforces strict retention controls to reduce data exposure and help comply with governance standards. +- `Compliance Export `_: Ensures data portability for audit and compliance purposes in a secure and controlled manner. +- `Compliance Monitoring `_: Offers visibility into adherence to security and compliance policies, supporting compliance mandates. +- `E-Discovery `_: Boosts organizational oversight by ensuring discoverability of stored data for legal and compliance audits under secure protocols. E-Discovery capabilities help organizations meet compliance expectations for legal audits under frameworks like GDPR or HIPAA without sacrificing secure collaboration workflows. - `Archiving Inactive Teams or Channels `_ & `Unarchive Channels `_: Reduces the potential attack surface by securely deactivating and storing inactive resources, minimizing both live data exposure and the likelihood of exploitation. This approach ensures adherence to security best practices while maintaining the ability to securely restore resources if needed. Incident response diff --git a/source/use-case-guide/devops-collaboration.rst b/source/use-case-guide/devops-collaboration.rst index 73ccbe07429..8c9dfe7adb1 100644 --- a/source/use-case-guide/devops-collaboration.rst +++ b/source/use-case-guide/devops-collaboration.rst @@ -30,7 +30,7 @@ Platform teams need streamlined, secure ways to deliver services and enable deve - **Centralize platform requests and updates** in :doc:`dedicated channels ` that organize provisioning, support, and environment status discussions. - **Automate ticket triage and escalation workflows** using :doc:`Playbooks ` to track response SLAs and ownership across platform operations. -- **Monitor infrastructure health and changes** with integrated feeds from :doc:`Prometheus, Grafana `, or custom observability tools—supporting faster feedback loops. +- **Monitor infrastructure health and changes** with integrated feeds from :doc:`Prometheus, Grafana `, or custom observability tools—supporting faster feedback loops. - **Support hybrid cloud and edge operations** through :ref:`deployment flexibility ` across public, private, and disconnected environments. Secure Incident Response for Production Systems @@ -42,8 +42,8 @@ Real-time visibility and structured collaboration are critical during service de - **Automate incident handling** with :doc:`Playbooks ` to track diagnostics, assign tasks, and issue updates—supporting NOC, SRE, and AppSec workflows. - **Accelerate containment and recovery** by :ref:`integrating alerting tools ` like PagerDuty, Opsgenie, and custom webhooks into secure Mattermost channels. -- **Ensure communication continuity** during outages using :doc:`high availability architecture ` and :doc:`support for disconnected environments `. -- **Enable forensic review and audit** with :ref:`logging and export capabilities ` that preserve all incident-related communications. +- **Ensure communication continuity** during outages using :doc:`high availability architecture ` and :doc:`support for disconnected environments `. +- **Enable forensic review and audit** with :ref:`logging and export capabilities ` that preserve all incident-related communications. Policy-Driven Collaboration in Regulated Environments ------------------------------------------------------ @@ -54,7 +54,7 @@ Critical infrastructure DevSecOps must align with strict security, audit, and co - **Apply granular role-based access controls** using :doc:`advanced permissions ` and :ref:`channel-specific configurations ` to protect sensitive workflows. - **Support supply chain security coordination** by using :doc:`Playbooks ` to manage SBOM reviews, vendor risk analysis, and software intake workflows across internal and external teams. -- **Enforce secure collaboration behavior** through :doc:`custom Terms of Service `, :doc:`data retention policies `, and user authentication tied to :doc:`SSO and Entra ID `. +- **Enforce secure collaboration behavior** through :doc:`custom Terms of Service `, :doc:`data retention policies `, and user authentication tied to :doc:`SSO and Entra ID `. - **Deploy in line** with :doc:`Zero Trust ` principles with :ref:`self-managed, segmented deployments ` that enforce identity, access, and policy boundaries—suitable for classified or sovereign cloud environments. Get Started diff --git a/source/use-case-guide/integrated-security-operations.rst b/source/use-case-guide/integrated-security-operations.rst index 616332205da..fcb1f477175 100644 --- a/source/use-case-guide/integrated-security-operations.rst +++ b/source/use-case-guide/integrated-security-operations.rst @@ -21,7 +21,7 @@ SOCs are the front lines of real-time monitoring, triage, and escalation. Coordi - **Accelerate triage and response workflows** with :doc:`Collaborative Playbooks ` that automate escalations, task assignment, and ticket updates for consistent response execution. - **Integrate detection pipelines and observability tools** using the :doc:`Mattermost integrations platform ` to surface alerts from SIEM, SOAR, and log analysis systems into dedicated response channels. -- **Maintain operational security and compliance** through :doc:`role-based permissions ` and :ref:`audit logging ` to safeguard sensitive incident data. +- **Maintain operational security and compliance** through :doc:`role-based permissions ` and :ref:`audit logging ` to safeguard sensitive incident data. - **Operate in secure, classified, or hybrid environments** using Kubernetes or Linux on the infrastructure of your choice: Public cloud, organization data center, or fully air-gapped. :ref:`Explore deployment options `. - **Meet regulatory compliance requirements** with a solution that adapts to your organization's security posture and regulatory requirements, incl. GDPR, FedRAMP, ISO 27001, and more. @@ -35,7 +35,7 @@ CERTs serve as rapid-response teams during high-risk events, requiring tight coo - **Orchestrate high-stakes incident response** through :doc:`Collaborative Playbooks ` tailored for malware outbreaks, data exfiltration events, and zero-day exploits. - **Centralize and structure communication** with :doc:`channel-based collaboration `, including :doc:`file sharing `, :doc:`threaded updates `, and task-tracking across affected teams. - **Enable coordination across geographies** using :doc:`multi-device access ` and :doc:`mobile EMM support ` for secure participation across locations and devices. -- **Preserve evidentiary and compliance data** through :ref:`audit logs ` and configurable :doc:`exports ` for legal review or forensic handoff. +- **Preserve evidentiary and compliance data** through :ref:`audit logs ` and configurable :doc:`exports ` for legal review or forensic handoff. - **Ensure data sovereignty** with flexible hosting options including EU-resident infrastructure, on-premises deployments, and air-gapped environments that maintain full control over sensitive communications. Federated Threat Intelligence & Information Sharing @@ -45,11 +45,11 @@ Cross-organizational threat intelligence teams,spanning sectors, regions, and pu **Benefits** -- **Collaborate securely across agencies or organizations** using :doc:`Connected Workspaces ` to synchronize alerts, discussions, and file sharing with trusted external partners. -- **Support multinational and sectoral collaboration** with :doc:`custom terms of service enforcement ` and :ref:`localized UI settings ` for global partner access. +- **Collaborate securely across agencies or organizations** using :doc:`Connected Workspaces ` to synchronize alerts, discussions, and file sharing with trusted external partners. +- **Support multinational and sectoral collaboration** with :doc:`custom terms of service enforcement ` and :ref:`localized UI settings ` for global partner access. - **Preserve operational trust and compliance** through :doc:`role-based access controls ` and :ref:`channel-specific permissions ` that enforce jurisdictional and information-sharing agreements. - **Operationalize shared threat intelligence** by integrating IOCs, threat actor profiles, and shared playbooks into your Mattermost instance via the :doc:`integrations platform `. -- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture `,supporting tens of thousands of users across enterprise, field, government, or classified environments. +- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture `,supporting tens of thousands of users across enterprise, field, government, or classified environments. Get Started ----------- diff --git a/source/use-case-guide/maximize-microsoft-investments.rst b/source/use-case-guide/maximize-microsoft-investments.rst index 08312dc8fa1..12bdebff887 100644 --- a/source/use-case-guide/maximize-microsoft-investments.rst +++ b/source/use-case-guide/maximize-microsoft-investments.rst @@ -17,7 +17,7 @@ Agencies and critical infrastructure organizations must often comply with strict - **Deploy Mattermost on-premise or in sovereign clouds**, fully integrated with Microsoft Teams and Outlook (See :doc:`Mattermost for M365, Teams, and Outlook `) to maintain workflow continuity and secure data storage. - **Store messages, recordings, and transcriptions in compliance-approved systems**, with :ref:`data-at-rest encryption ` ensuring no leakage of sensitive data to third-party platforms. - **Enable secure Microsoft Teams interactions via embedded Mattermost collaboration**, supporting operations within familiar interfaces while enforcing regulatory compliance. See :doc:`Mattermost for M365, Teams, and Outlook `. -- **Enforce agency-specific policies** with :doc:`legal hold `, :doc:`retention policies `, and :doc:`user access controls ` that align with national or sectoral mandates. +- **Enforce agency-specific policies** with :doc:`legal hold `, :doc:`retention policies `, and :doc:`user access controls ` that align with national or sectoral mandates. On-Premises Skype for Business Replacement ------------------------------------------- @@ -28,7 +28,7 @@ As Skype for Business reaches end-of-life, secure organizations require an alter :alt: Extend Microsoft Enterprise IT investments for edge-based, highly tailored Mission IT workflows with Mattermost. - **Preserve mission-critical communication workflows** with a self-hosted Mattermost deployment that supports :doc:`1:1 calls `, :ref:`screen sharing `, and :doc:`threaded messaging ` within secure environments. -- **Integrate Mattermost with Microsoft tools** such as Outlook, Teams, and :doc:`Entra ID Single Sign-On ` to retain user workflows while centralizing identity and access control. See :doc:`Mattermost for M365, Teams, and Outlook `. +- **Integrate Mattermost with Microsoft tools** such as Outlook, Teams, and :doc:`Entra ID Single Sign-On ` to retain user workflows while centralizing identity and access control. See :doc:`Mattermost for M365, Teams, and Outlook `. - **Deploy in sovereign, air-gapped, or private cloud environments** such as `Azure Deployment `_ or **Azure Local** (formerly Azure Stack HCI) for on-premises hybrid cloud scenarios while maintaining compliance with STIG, FedRAMP, and NIST 800-53 standards. For Azure Local deployments, we recommend engaging **Mattermost Professional Services** for deployment support. `Talk to an Expert `_ to learn more. :doc:`Learn more ` about replacing Skype for Business with Mattermost. @@ -44,9 +44,9 @@ During high-stakes incidents, Microsoft 365 tools can be limited or unavailable, **Benefits** - **Maintain operational continuity during M365 outages** with a dedicated, out-of-band Mattermost instance for secure incident response, communication, and collaboration. See :doc:`Mattermost Mission Collaboration for Microsoft ` -- **Accelerate responses** with :doc:`AI-powered workflows `, enabling structured playbooks for triage, escalation, and resolution even when primary systems are compromised. -- **Integrate with Microsoft Security Suite** and :doc:`Entra ID ` to preserve centralized identity management while keeping sensitive data in a secure secondary system. :doc:`Learn more ` about Mattermost's integration capabilities. -- **Protect breach-sensitive notifications** using :ref:`ID-only push alerts ` and enhanced mobile security, enabling secure communication without cloud exposure. +- **Accelerate responses** with :doc:`AI-powered workflows `, enabling structured playbooks for triage, escalation, and resolution even when primary systems are compromised. +- **Integrate with Microsoft Security Suite** and :doc:`Entra ID ` to preserve centralized identity management while keeping sensitive data in a secure secondary system. :doc:`Learn more ` about Mattermost's integration capabilities. +- **Protect breach-sensitive notifications** using :ref:`ID-only push alerts ` and enhanced mobile security, enabling secure communication without cloud exposure. Enterprise to Tactical Edge ---------------------------- @@ -60,7 +60,7 @@ Operational teams need to extend Microsoft capabilities to mission environments - **Enable mission-critical coordination at the edge** by :ref:`deploying Mattermost in secure, on-prem or air-gapped environments ` :doc:`integrated with Microsoft Teams and Outlook `. - **Fuse data and decision-making across platforms** with support for :doc:`toolchain integration `, :doc:`audio/screen share `, and :doc:`workflow automation ` embedded into a dedicated Mission Operations Platform. -- **Maintain coalition and partner alignment** through :doc:`interoperable Connected Workspaces ` supporting collaboration across mission partner networks. +- **Maintain coalition and partner alignment** through :doc:`interoperable Connected Workspaces ` supporting collaboration across mission partner networks. - **Accelerate action with mission-tuned AI** using secure Azure AI and :doc:`Mattermost Copilot ` to summarize context, guide decisions, and automate operational tasks. - **Secure every communication path** with built-in :doc:`Zero Trust controls ` and deploy on Azure or sovereign environments for maximum flexibility and compliance. @@ -75,9 +75,9 @@ Managing external collaboration within Microsoft Teams can be complex, often req **Benefits** - **Integrate Mattermost with Microsoft Teams and Outlook** to enable secure external collaboration with encryption, audit trails, and role-based permissions—without compromising compliance. (See :doc:`Mattermost for M365, Teams, and Outlook `). -- **Eliminate shadow IT** by providing :doc:`Connected Workspaces ` for sanctioned, policy-enforced engagement with external partners—reducing reliance on consumer-grade tools. -- **Apply granular policy enforcement for external users**, including :ref:`granular user permissions `, :doc:`legal hold `, :doc:`retention policies `, and :doc:`custom Terms of Service `. -- **Synchronize user identity** using :doc:`Entra ID ` to maintain scalable, centralized access control across both internal and external collaborators. +- **Eliminate shadow IT** by providing :doc:`Connected Workspaces ` for sanctioned, policy-enforced engagement with external partners—reducing reliance on consumer-grade tools. +- **Apply granular policy enforcement for external users**, including :ref:`granular user permissions `, :doc:`legal hold `, :doc:`retention policies `, and :doc:`custom Terms of Service `. +- **Synchronize user identity** using :doc:`Entra ID ` to maintain scalable, centralized access control across both internal and external collaborators. Cross-Instance Collaboration Hub --------------------------------- @@ -87,7 +87,7 @@ Multi-agency, multi-tenant Microsoft 365 environments often hinder seamless coll **Benefits** - **Centralize communication across M365 instances** using Mattermost as a neutral, embedded hub for messaging, file sharing, and playbook coordination (See :doc:`Mattermost for M365, Teams, and Outlook `). -- **Bridge segmented Teams deployments** with :doc:`Connected Workspaces ` and Microsoft presence integration to ensure continuity without duplicative configuration. +- **Bridge segmented Teams deployments** with :doc:`Connected Workspaces ` and Microsoft presence integration to ensure continuity without duplicative configuration. - **Deploy flexibly across hybrid, private, or air-gapped environments** such as :doc:`Mattermost for M365, Teams, and Outlook ` to ensure operational consistency no matter the deployment complexity. - **Secure external communications and maintain control** with segmentation, data governance, and compliance automation across Teams ecosystems. diff --git a/source/use-case-guide/mission-ready-mobile.rst b/source/use-case-guide/mission-ready-mobile.rst index 4452f5beca7..e5ce1237bd2 100644 --- a/source/use-case-guide/mission-ready-mobile.rst +++ b/source/use-case-guide/mission-ready-mobile.rst @@ -20,9 +20,9 @@ Mission teams require trusted mobile access to secure collaboration, ensuring op **Benefits** - **Deploy securely with enterprise mobility management (EMM)** using :ref:`AppConfig integrations ` to manage application policies, access controls, and encrypted communication channels. -- **Maintain control over mission-critical data**: Enable safe delivery of notifications via :ref:`ID-only push notifications ` that prevent exposure of sensitive content to third-party systems like Apple or Google. +- **Maintain control over mission-critical data**: Enable safe delivery of notifications via :ref:`ID-only push notifications ` that prevent exposure of sensitive content to third-party systems like Apple or Google. - **Mitigate data compromise risk in personnel transitions**: Protect data with :doc:`remote wipe and deactivation ` capabilities in the event of device loss, theft, or personnel separation. -- **Enforce strong identity assurance** through :ref:`native biometric authentication ` and :doc:`multi-factor authentication (MFA) ` tied to :doc:`SSO ` or :doc:`AD/LDAP ` provisioning . +- **Enforce strong identity assurance** through :ref:`native biometric authentication ` and :doc:`multi-factor authentication (MFA) ` tied to :doc:`SSO ` or :doc:`AD/LDAP ` provisioning . - **Comply with classified mobility mandates** by using :ref:`secure data storage `, :ref:`sandboxing `, and FIPS 140-3-validated TLS in transit* to meet defense-grade standards. Secure Government Communications on Personal Devices @@ -35,8 +35,8 @@ When personal devices are the only available channel—whether in partner nation - **Enable trusted communications on BYOD** using lightweight AppConfig policies with :doc:`EMM optionality ` that avoids intrusive control while ensuring essential security baselines. - **Prevent unauthorized data sharing**: Mitigate leakage with :ref:`screenshot and screen recording prevention ` and :ref:`jailbreak/root detection ` that block high-risk mobile behaviors. - **Secure access without cloud dependency** via :ref:`self-hosted deployments ` or :doc:`air-gapped infrastructures ` that prevent sensitive data from touching public networks. -- **Deliver rapid alerts with low bandwidth impact** using :ref:`ID-only push notifications `, ideal for DDIL (disconnected, intermittent, low-bandwidth) conditions. -- **Support interagency or coalition workflows** in mission-partner environments through :doc:`Connected Workspaces ` with :doc:`role-based ` and :doc:`attribute-based access controls (ABAC) `. +- **Deliver rapid alerts with low bandwidth impact** using :ref:`ID-only push notifications `, ideal for DDIL (disconnected, intermittent, low-bandwidth) conditions. +- **Support interagency or coalition workflows** in mission-partner environments through :doc:`Connected Workspaces ` with :doc:`role-based ` and :doc:`attribute-based access controls (ABAC) `. Built for Field-Forward Security --------------------------------- @@ -45,10 +45,10 @@ Mattermost on mobile is hardened to operate under mission-grade security expecta **Features** -- **Zero Trust security architecture** with channel- and file-level :doc:`attribute-based access control (ABAC) `. +- **Zero Trust security architecture** with channel- and file-level :doc:`attribute-based access control (ABAC) `. - **TLS with post-quantum readiness** and end-to-end* :doc:`encryption options ` for high-assurance deployments. - **Burn-on-read messaging**: Use secure file viewers*, burn on read messaging*, and advanced data spillage controls* to protect sensitive information and minimize persistent data exposure. -- **DoD STIG container support** with FIPS 140-3 validation*, and :ref:`audit logging ` to ensure deployment compliance in regulated missions. +- **DoD STIG container support** with FIPS 140-3 validation*, and :ref:`audit logging ` to ensure deployment compliance in regulated missions. - **Isolated mobile sessions** from host operating systems by partnering with platforms like Hypori in high-assurance BYOD scenarios. Features marked with an asterisk above ``*`` will be available in a future 2025 release. diff --git a/source/use-case-guide/on-prem-skype-for-business-replacement.rst b/source/use-case-guide/on-prem-skype-for-business-replacement.rst index c663100e9af..f03613b63ee 100644 --- a/source/use-case-guide/on-prem-skype-for-business-replacement.rst +++ b/source/use-case-guide/on-prem-skype-for-business-replacement.rst @@ -18,7 +18,7 @@ Organizations operating in fully disconnected or classified environments require - **Ensure secure communication in fully disconnected networks** using Mattermost's support for private on-premise deployments, including FIPS 140-3 validated and DISA STIG-hardened container images. :doc:`Learn more ` about Mattermost's architecture, components, and backend infrastructure. - **Maintain operational continuity** with enterprise-grade :doc:`channel-based collaboration `— including :doc:`1:1 audio calls `, :ref:`screen sharing `, :doc:`threaded messaging `, and :doc:`file sharing `—entirely within air-gapped systems. -- **Scale to mission requirements** with a :doc:`high-availability, horizontally scalable architecture ` that supports tens of thousands of users in secure on-prem environments. +- **Scale to mission requirements** with a :doc:`high-availability, horizontally scalable architecture ` that supports tens of thousands of users in secure on-prem environments. - **Preserve data sovereignty and eliminate external dependencies** with a self-hosted :doc:`Kubernetes deployment model ` that integrates into classified networks, sovereign data centers, or **Azure Local** (formerly Azure Stack HCI) for hybrid cloud on-premises scenarios. Modernize Secure Collaboration Workflows @@ -32,7 +32,7 @@ Legacy communication tools lack the flexibility, automation, and usability deman - **Streamline mission-critical processes** with :doc:`Collaborative Playbooks ` that automate and track workflows like incident response, shift turnover, and logistics planning. - **Embed secure video conferencing into daily operations** using the `Pexip integration `_, allowing real-time video engagement from within your air-gapped or secure infrastructure. - **Support operational task management** through optional Kanban-style `Boards `_ for structured, accountable planning—hosted securely within your own network. -- **Align the user experience with your operational identity** using :doc:`custom branding `, :doc:`theming `, and :ref:`product localization ` across more than 20 languages to support multinational teams. +- **Align the user experience with your operational identity** using :doc:`custom branding `, :doc:`theming `, and :ref:`product localization ` across more than 20 languages to support multinational teams. Enterprise-Controlled External Collaboration -------------------------------------------- @@ -45,9 +45,9 @@ Collaborating across organizational boundaries must not compromise compliance or **Benefits** - **Collaborate securely with third parties** via Connected Workspaces that allow messaging, :doc:`file sharing `, and :doc:`thread-based discussions ` with external teams—without exposing internal systems. -- **Apply fine-grained access controls and retention policies** to external users through enterprise-managed :doc:`permissions `, :ref:`audit logging `, and :ref:`channel-specific configurations `. +- **Apply fine-grained access controls and retention policies** to external users through enterprise-managed :doc:`permissions `, :ref:`audit logging `, and :ref:`channel-specific configurations `. - **Integrate with Microsoft Teams, Exchange, and M365** to maintain centralized workflows and extend secure communication to external stakeholders without leaving policy-aligned platforms. See :doc:`Mattermost for M365, Teams, and Outlook `. -- **Manage user identity and access** across internal and external roles using Microsoft :doc:`Entra ID ` (Azure AD) synchronization for scalable and compliant provisioning. +- **Manage user identity and access** across internal and external roles using Microsoft :doc:`Entra ID ` (Azure AD) synchronization for scalable and compliant provisioning. Get Started ----------- diff --git a/source/use-case-guide/out-of-band-incident-response.rst b/source/use-case-guide/out-of-band-incident-response.rst index f1b9e7359e8..2ab393a4aa5 100644 --- a/source/use-case-guide/out-of-band-incident-response.rst +++ b/source/use-case-guide/out-of-band-incident-response.rst @@ -23,7 +23,7 @@ Out-of-band collaboration provides a persistent, independent channel for coordin - **Meet regulatory compliance requirements** with a solution that adapts to your organization's security posture and regulatory requirements, incl. GDPR, FedRAMP, ISO 27001, and more. - **Ensure data sovereignty** with flexible hosting options including EU-resident infrastructure, on-premises deployments, and air-gapped environments that maintain full control over sensitive communications. - **Maintain continuity across platforms** with :doc:`multi-device access `, including web, desktop, and mobile experiences, even when primary tools are offline. -- **Enforce strict access controls** using :doc:`role-based permissions ` and :ref:`audit logging ` to limit risk exposure during high-stakes operations. +- **Enforce strict access controls** using :doc:`role-based permissions ` and :ref:`audit logging ` to limit risk exposure during high-stakes operations. Business Continuity at Scale ---------------------------- @@ -32,7 +32,7 @@ Outages and downtime threaten both productivity and revenue. In large enterprise **Benefits** -- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture `, supporting tens of thousands of users across enterprise, field, government, or classified environments. +- **Scale communication globally** with Mattermost's :doc:`high availability and horizontal scalability architecture `, supporting tens of thousands of users across enterprise, field, government, or classified environments. - **Accelerate outage recovery** using :doc:`Collaborative Playbooks ` that automate response steps and ensure team accountability during time-critical events, reducing mean time to recovery (MTTR) by up to 50%. - **Demonstrate ROI through measurable outcomes** with built-in metrics tracking incident response times, team coordination efficiency, and compliance audit trails. diff --git a/source/use-case-guide/purpose-built-collaboration.rst b/source/use-case-guide/purpose-built-collaboration.rst index 45e29d89153..549d68b99b8 100644 --- a/source/use-case-guide/purpose-built-collaboration.rst +++ b/source/use-case-guide/purpose-built-collaboration.rst @@ -19,7 +19,7 @@ Coordinating logistics across continents, agencies, and time zones requires a se - **Enable real-time coordination** across supply chains, procurement, and field units with :doc:`channel-based messaging ` and :doc:`playbook-driven workflows ` that standardize communication and reduce friction. - **Connect systems across logistics networks** by integrating ERP, fleet tracking, maintenance management, and transportation tools via :doc:`webhooks, APIs, and plugins `. -- **Preserve operational continuity** during outages or disruptions using :ref:`self-hosted deployments ` and :doc:`high availability architecture ` that eliminate reliance on third-party cloud services. +- **Preserve operational continuity** during outages or disruptions using :ref:`self-hosted deployments ` and :doc:`high availability architecture ` that eliminate reliance on third-party cloud services. - **Support multilingual coordination** with :ref:`localized UI options ` in 20+ languages to ensure inclusive collaboration across global teams. Operational Technology and ICS Collaboration @@ -32,7 +32,7 @@ Mattermost enables secure collaboration across OT environments and field operati **Benefits** - **Enable compliant, real-time OT communications** across operational zones and facilities using :ref:`secure, on-prem collaboration ` that keeps data within your control perimeter. -- **Support field teams with hardened mobile access** using :doc:`EMM-based app provisioning `, :ref:`biometric authentication `, :ref:`jailbreak detection `, and :ref:`ID-only push notifications `—ensuring that only authorized, uncompromised devices can access operational data. +- **Support field teams with hardened mobile access** using :doc:`EMM-based app provisioning `, :ref:`biometric authentication `, :ref:`jailbreak detection `, and :ref:`ID-only push notifications `—ensuring that only authorized, uncompromised devices can access operational data. - **Integrate with industrial monitoring systems** like SCADA, PI historians, and plant analytics using :doc:`alert-driven webhook and plugin integrations ` that push system events to relevant mobile or desktop channels. - **Ensure system and network isolation** with :doc:`air-gapped deployment support ` that allows full collaboration within OT enclaves and disconnected environments. - **Prevent mobile data leakage** via :ref:`remote wipe capabilities ` and :ref:`screenshot/screen recording prevention ` for mobile devices used in the field. @@ -45,7 +45,7 @@ Engineering, infrastructure, and security teams manage increasingly complex envi **Benefits** - **Accelerate decision-making and incident response** using :doc:`Collaborative Playbooks ` to automate workflows for triage, patching, code releases, and security alerts. -- **Customize your collaboration environment** with :doc:`theming `, :doc:`custom branding `, and :doc:`channel templates ` to mirror internal teams and operational domains. +- **Customize your collaboration environment** with :doc:`theming `, :doc:`custom branding `, and :doc:`channel templates ` to mirror internal teams and operational domains. - **Extend platform capabilities** with :doc:`slash commands, bots, and custom plugins ` that connect Mattermost to CI/CD systems, alerting frameworks, ticketing platforms, and internal tools. - **Increase usability and team cohesion** with :ref:`custom emojis `, shared terminology, and :doc:`real-time messaging ` optimized for platform engineers, DevSecOps teams, and field service managers. diff --git a/source/use-case-guide/secure-command-and-control.rst b/source/use-case-guide/secure-command-and-control.rst index cf265b2d3c9..4730429e0e4 100644 --- a/source/use-case-guide/secure-command-and-control.rst +++ b/source/use-case-guide/secure-command-and-control.rst @@ -34,11 +34,11 @@ Disconnected environments demand resilient tools that work without cloud access, **Benefits** - **Operate in air-gapped and disconnected networks** using :doc:`self-hosted Kubernetes deployments ` and STIG-hardened container images for secure offline operations. -- **Ensure secure mobile access on managed or BYOD devices** with :doc:`mobile security features `, Zero Trust enforcement, and :ref:`ID-only push notifications ` for sensitive alerts. +- **Ensure secure mobile access on managed or BYOD devices** with :doc:`mobile security features `, Zero Trust enforcement, and :ref:`ID-only push notifications ` for sensitive alerts. - **Integrate with legacy and mission-specific systems** to maintain decision advantage in disconnected environments through :doc:`custom-built, self-hosted integrations ` tailored to your operational infrastructure. -- **Maintain command resilience** using :doc:`high availability cluster-based deployment ` and :doc:`horizontal scalability ` to support operational continuity at scale. +- **Maintain command resilience** using :doc:`high availability cluster-based deployment ` and :doc:`horizontal scalability ` to support operational continuity at scale. - **Automate field workflows** with :doc:`Collaborative Playbooks ` that track tasks, manage field updates, and orchestrate responses under DDIL constraints. -- **Enable secure real-time collaboration with headquarters** using :doc:`Connected Workspaces ` to synchronize discussions, files, and reactions if connectivity is restored. +- **Enable secure real-time collaboration with headquarters** using :doc:`Connected Workspaces ` to synchronize discussions, files, and reactions if connectivity is restored. Bring Your Own Device (BYOD) with Sensitive Information Protections -------------------------------------------------------------------- @@ -51,7 +51,7 @@ Mattermost provides enterprise-grade mobile protections to enable secure BYOD ac - **Mitigate unauthorized access** with :ref:`biometric authentication ` and :ref:`jailbreak/root detection `, ensuring only secure and uncompromised devices can access mission data. - **Control information sharing** with :ref:`screenshot and screen recording prevention `, blocking unauthorized capture of sensitive content during classified or time-sensitive discussions. -- **Protect data at rest and in motion** using encrypted mobile storage, :ref:`secure sandboxing `, and :ref:`ID-only push notifications ` that never expose message content to third-party cloud services. +- **Protect data at rest and in motion** using encrypted mobile storage, :ref:`secure sandboxing `, and :ref:`ID-only push notifications ` that never expose message content to third-party cloud services. - **Segment mission access by role or project** with :ref:`attribute-based access controls (ABAC) ` and scoped channel access, ensuring users only see data aligned with their permissions and operational role. - **Ensure continuous mobile compliance** with secure SDLC practices and proactive vulnerability management baked into the Mattermost mobile application lifecycle. @@ -66,7 +66,7 @@ Coordinating across departments, agencies, and external stakeholders—especiall - **Unify mission stakeholders on a common-use platform** that supports :ref:`hybrid deployments ` across private cloud, edge environments, and :doc:`air-gapped infrastructure `. - **Maintain data sovereignty and mission alignment** with deployments that avoid consumer infrastructure and retain control over all communications and file transfers—even in classified operations. - **Apply role-based separation of access** through :doc:`advanced permissions ` and :ref:`channel-level controls ` to protect mission integrity across organizational boundaries. -- **Enable secure real-time collaboration across entities** using :doc:`Connected Workspaces ` to synchronize discussions, files, and reactions between teams without compromising internal governance. +- **Enable secure real-time collaboration across entities** using :doc:`Connected Workspaces ` to synchronize discussions, files, and reactions between teams without compromising internal governance. - **Reduce personal device risk** by offering secure enterprise communication options that eliminate the need for unauthorized messaging apps. Get Started diff --git a/source/use-case-guide/self-sovereign-collaboration.rst b/source/use-case-guide/self-sovereign-collaboration.rst index f3549f0824f..517f145bef3 100644 --- a/source/use-case-guide/self-sovereign-collaboration.rst +++ b/source/use-case-guide/self-sovereign-collaboration.rst @@ -19,8 +19,8 @@ Managing global operations means adhering to regional regulations—without comp - **Meet global compliance mandates** like GDPR and data localization laws by deploying Mattermost in :doc:`public, private, or sovereign cloud environments ` tailored to national regulatory frameworks. - **Ensure full data control and transparency** with :ref:`self-hosted deployment options ` that eliminate exposure to vendor-controlled infrastructure or telemetry. -- **Audit and enforce compliance behavior** with :ref:`role-based access controls `, :doc:`custom Terms of Service `, and :ref:`audit logging ` to align with internal and regulatory standards. -- **Protect identity and access** using :doc:`SSO integrations `, :doc:`AD/LDAP synchronization `, and :doc:`MFA enforcement ` for secure authentication across geographies and operational roles. +- **Audit and enforce compliance behavior** with :ref:`role-based access controls `, :doc:`custom Terms of Service `, and :ref:`audit logging ` to align with internal and regulatory standards. +- **Protect identity and access** using :doc:`SSO integrations `, :doc:`AD/LDAP synchronization `, and :doc:`MFA enforcement ` for secure authentication across geographies and operational roles. Secure, Sovereign Deployment at Any Scale ----------------------------------------- @@ -31,7 +31,7 @@ From national critical infrastructure to defense-grade networks, Mattermost offe - **Deploy in classified, air-gapped, or disconnected environments** using :doc:`Kubernetes-based deployments ` and STIG-hardened container images to support classified operations and sensitive data workflows. - **Eliminate third-party monitoring** with full control over infrastructure, encryption keys, access policies, and system-level logging. -- **Scale to meet operational growth** with :doc:`horizontal scalability architecture ` that supports tens of thousands of users in sovereign environments without degrading performance or control. +- **Scale to meet operational growth** with :doc:`horizontal scalability architecture ` that supports tens of thousands of users in sovereign environments without degrading performance or control. - **Maintain operational continuity under cyber or supply chain disruption** using fully self-managed infrastructure that ensures collaboration continues even during cloud outages or external service failures. Interoperable Mission-Partner Collaboration @@ -41,7 +41,7 @@ Cross-agency, multinational, or coalition collaboration requires sovereignty wit **Benefits** -- **Create secure shared workspaces** with :doc:`Connected Workspaces Channels ` that synchronize discussions, reactions, and file sharing across trusted organizations—without exposing internal systems. +- **Create secure shared workspaces** with :doc:`Connected Workspaces Channels ` that synchronize discussions, reactions, and file sharing across trusted organizations—without exposing internal systems. - **Control access across organizations** with :doc:`attribute-based permissions ` and scoped identity policies to ensure mission alignment and sensitive information segmentation. - **Deploy sovereign AI and workflow automation** in isolated environments using :doc:`air-gapped AI operations ` and :doc:`Collaborative Playbooks `—enabling intelligence and speed without compromising data control. - **Upgrade legacy platforms** like Skype for Business with modern, compliant tools for secure messaging, screen sharing, and team coordination. :doc:`See Skype for Business replacement options `.