Manage users
Users are accounts that can log into the Telegraf Controller web interface and interact with the system based on their assigned role. You can create, update, disable, and delete users to control who has access to your Telegraf Controller instance.
Authentication providers
Every user account is tied to one authentication provider:
- Local users sign in with a username and password stored in Telegraf Controller. Owners and administrators can create local users through invites and can manage their passwords from the Users page.
- LDAP users sign in with their LDAP credentials. Accounts are provisioned automatically the first time a user signs in, according to the LDAP provider’s provisioning strategy and group-to-role mappings.
- OIDC users sign in through an OpenID Connect identity provider. Accounts are provisioned automatically the first time a user signs in, according to the OIDC provider’s provisioning strategy and group-to-role mappings.
LDAP and OIDC require a Telegraf Enterprise license. For setup instructions, see Authentication.
User states
Each user account is in one of the following states:
- Active: The user can log in and perform actions based on their assigned role.
- Disabled: The user cannot log in. Existing API tokens remain associated with the account but are unusable while the user is disabled.
- Locked: A temporary state triggered by too many failed login attempts. The lock clears automatically after the configured lockout period. See the Settings page for configuration options.
User roles
Telegraf Controller supports four roles with different levels of access:
| Role | Access level |
|---|---|
| Owner | Full access. Manages users, tokens, and settings. |
| Administrator | Full access except ownership transfer. |
| Manager | Manages configs, agents, labels, reporting rules, and own tokens. |
| Viewer | Read-only access. |
For more details about roles and permissions, see Authentication and authorization.
Manage your account
Update your username, email address, and password in Telegraf Controller.
Invite a new user
Invite new users to Telegraf Controller by generating an invite link with a pre-assigned role.
Update users
Reset user passwords, change user roles, and manage user accounts in Telegraf Controller.
Transfer ownership
Transfer the Telegraf Controller owner role to another administrator.
Disable a user
Disable a user account to prevent login without deleting the account or its associated tokens.
Delete a user
Permanently delete a user account and all associated API tokens from Telegraf Controller.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for Telegraf and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.