From 94074a9c69f6b603782182101a4798c52f7ffda3 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Fri, 16 Jul 2021 09:49:28 -0400 Subject: [PATCH 01/16] Update conf.py --- source/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/conf.py b/source/conf.py index 889d79d4fb5..4c3d59d46f0 100644 --- a/source/conf.py +++ b/source/conf.py @@ -262,9 +262,9 @@ def setup(app): # built documents. # # The short X.Y version. -version = '5.37' +version = '5.38' # The full version, including alpha/beta/rc tags. -release = '5.37' +release = '5.38' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 3ab32254dda4853db3f3977629d23b71a920f80f Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Thu, 29 Jul 2021 15:21:38 -0400 Subject: [PATCH 02/16] Update open-source-components.rst --- source/upgrade/open-source-components.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/upgrade/open-source-components.rst b/source/upgrade/open-source-components.rst index 51634da5f58..59ff31f6a74 100644 --- a/source/upgrade/open-source-components.rst +++ b/source/upgrade/open-source-components.rst @@ -19,6 +19,7 @@ Desktop Mobile ------- + - Mattermost Mobile v1.46.0 - `View Open Source Components `_. - Mattermost Mobile v1.45.0 - `View Open Source Components `_. - Mattermost Mobile v1.44.0 - `View Open Source Components `_. - Mattermost Mobile v1.43.0 - `View Open Source Components `_. @@ -109,6 +110,7 @@ Redux Server ------------------------------ + - Mattermost Enterprise Edition v5.38.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.37.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.36.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.35.0 - `View Open Source Components `_. @@ -172,6 +174,7 @@ Server Webapp ------------------------------ + - Mattermost Enterprise Edition v5.38.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.37.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.36.0 - `View Open Source Components `_. - Mattermost Enterprise Edition v5.35.0 - `View Open Source Components `_. From 0bee829ddbc7e64b32140405811cbec4f727ba07 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Thu, 29 Jul 2021 15:23:00 -0400 Subject: [PATCH 03/16] Update release-lifecycle.rst --- source/upgrade/release-lifecycle.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/upgrade/release-lifecycle.rst b/source/upgrade/release-lifecycle.rst index 1c0d8ba5e71..66a9e5ea67f 100644 --- a/source/upgrade/release-lifecycle.rst +++ b/source/upgrade/release-lifecycle.rst @@ -13,6 +13,8 @@ During each monthly release, Mattermost backports high severity or high impact s +-------------+-----------------------+--------------------------+--------------------------+--------------------------+ | Version | Release Type | Lifecyle Start Date | Lifecycle End Date | Extended Support Release | +=============+=======================+==========================+==========================+==========================+ +| 5.38 | Feature | 2021-08-16 | 2021-11-15 | | ++-------------+-----------------------+--------------------------+--------------------------+--------------------------+ | 5.37 | Feature | 2021-07-16 | 2022-04-15 | Yes | +-------------+-----------------------+--------------------------+--------------------------+--------------------------+ | 5.36 | Feature | 2021-06-16 | 2021-09-15 | | From 5bf100bb491ed4f370c9995669ead481038971f9 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 4 Aug 2021 09:25:16 -0400 Subject: [PATCH 04/16] Reliable Websockets: default to true Documentation for: https://github.com/mattermost/mattermost-server/pull/17890 Updated: - Set Up, Manage, Onboard, and Comply > Set Up Mattermost > Self-Managed Deployments > Configuration Settings > Experimental Settings only in config.json > Enable Reliable Websockets - Updated the default value of the config setting to ``true`` --- source/configure/configuration-settings.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst index 3144efab507..7e89fdc33a2 100644 --- a/source/configure/configuration-settings.rst +++ b/source/configure/configuration-settings.rst @@ -5379,7 +5379,7 @@ Enable Reliable Websockets Enable this setting to make websocket messages more reliable by buffering messages during a connection loss and then re-transmitting all unsent messages when the connection is revived. +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": false`` with options ``true`` and ``false``. | +| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": true`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Remote Clusters From 84891023103f26de41312d92e07f5c503a015bf8 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 4 Aug 2021 09:40:19 -0400 Subject: [PATCH 05/16] PR didn't follow internal processes for submission --- source/configure/configuration-settings.rst | 6384 ------------------- 1 file changed, 6384 deletions(-) delete mode 100644 source/configure/configuration-settings.rst diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst deleted file mode 100644 index 7e89fdc33a2..00000000000 --- a/source/configure/configuration-settings.rst +++ /dev/null @@ -1,6384 +0,0 @@ -Configuration Settings -====================== - -.. note:: - The order of the configuration settings below are reflective of a reorganization of the System Console in version 5.12 released on June 16th, 2019. To view the configuration settings based on the organization of the System Console in versions prior to version 5.12, please see `this documentation `_ instead. - -Mattermost configuration settings are maintained in the ``config.json`` configuration file, located in the ``mattermost/config`` directory. You can modify the configuration file using the System Console, or by using a text editor to modify it directly. - -Mattermost must have write permissions to ``config.json``, otherwise changes made in the System Console will have no effect. - -On new installations starting from v5.14, the ``default.json`` file used to create the initial ``config.json`` has been removed from the binary and replaced with a build step that generates a fresh ``config.json``. This is to ensure the initial configuration file has all the correct defaults provided in the server code. Existing ``config.json`` files are not affected by this change. - -Configuration in Database --------------------------- - -Storing configuration in the database is supported in v5.10 and later. Please see more information on how to set this up `here `_. - -Environment Variables ---------------------- - -Starting from Mattermost v3.8, you can use environment variables to manage the configuration. Environment variables override settings in ``config.json``. If a change to a setting in ``config.json`` requires a restart for it to take effect, then changes to the corresponding environment variable also require a server restart. - -The name of the environment variable for any setting can be derived from the name of that setting in ``config.json``. For example, to derive the name of the Site URL setting: - -1. Find the setting in ``config.json``. In this case, *ServiceSettings.SiteURL*. -2. Add ``MM_`` to the beginning and convert all characters to uppercase and replace the ``.`` with ``_``. For example, *MM_SERVICESETTINGS_SITEURL*. -3. The setting becomes ``export MM_SERVICESETTINGS_SITEURL="http://example.com"``. - -Finally, if a setting is configured through an environment variable, modifying it in the System Console is disabled. - -For any setting that is not set in ``config.json`` or in environment variables, the Mattermost server uses the default value as documented in the sections below. - -.. note:: - If a setting is set through an environment variable and any other changes are made in the System Console, the value stored of the environment variable will be written back to the ``config.json`` as that setting's value. - -.. warning:: - Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see `Configuration In Database `_. - -.. warning:: - Database connection strings for the database read and search replicas need to be formatted using `URL encoding `__. Incorrectly formatted strings may cause some characters to terminate the string early, resulting in issues when the connection string is parsed. - -Override Mattermost License File --------------------------------- - -Starting from Mattermost v5.26, you can use an environment variable to override any license in the database or file configuration without replacing those licenses. - -When starting the server, specify the license key as ``MM_LICENSE`` with the contents of a license file. - -.. note:: - If ``MM_LICENSE`` is set to a non-empty string, but the license specified is not valid, the Mattermost server will be started without a license. - - In a High Availability deployment, using an environment variable to override a server license only affects the individual app server and doesn't propagate to other servers in the cluster. - -Load Custom Configuration Defaults ----------------------------------- - -Starting from Mattermost v5.30, you can load a set of custom configuration defaults using an environment variable. This custom configuration applies only if the values are not already present in the current server configuration. - -1. Create a JSON file that contains the custom configuration defaults. For example, ``custom.json``. -2. When starting the server, point the custom defaults environment variable to the defaults file: ``MM_CUSTOM_DEFAULTS_PATH=custom.json``. - -.. contents:: - :depth: 2 - :local: - :backlinks: entry - -About ------ - -Settings for managing the edition and license for Mattermost Enterprise Edition. - -Edition and License -~~~~~~~~~~~~~~~~~~~ - -Edition -^^^^^^^^ - -View the edition of the Mattermost deployment. - -License -^^^^^^^ - -View subscription details including the number of users and expiry date of your Mattermost license. - -License Key -^^^^^^^^^^^ - -Upload or remove license files. For more information on Mattermost Licensing, please see our `frequently asked questions about licensing `_. - -Reporting ---------- - -View statistics for your overall deployment and specific teams as well as access server logs. - -Site Statistics -~~~~~~~~~~~~~~~ - -View statistics on active users, teams, channels, sessions, webhooks, and connections. - -Team Statistics -~~~~~~~~~~~~~~~~ - -View statistics per team on number of active users, as well as Public and Private channels. - -Server Logs -~~~~~~~~~~~~ - -View logging of server-side events. - -User Management ---------------- - -Settings for managing users, user access, groups, and permissions. - -Users -~~~~~~ - -View and manage active and inactive users, and revoke all user sessions. Access individual users to view their User ID, and view the teams they are on and what their role is on a team. Additionally, add the user to other teams without direct access to the team. - -Teams (Experimental) -~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Manage group sychronization on teams. See `Using AD/LDAP Synchronized Groups to Manage Team or Private Channel Membership `__ for more details. - -Channels (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Manage group sychronization on channels. See `Using AD/LDAP Synchronized Groups to Manage Team or Private Channel Membership `__ for more details. - -Groups -~~~~~~ - -*Available in Enterprise Edition E20* - -Groups offers admins a way to manage default teams and channels by linking AD/LDAP groups to Mattermost groups. See `Groups documentation `__ for more details. - -Permissions -~~~~~~~~~~~ - -*Available in Enterprise Edition E10 and higher* - -Advanced permissions offer Admins a way to restrict actions in Mattermost to authorized users only. See `permissions documentation `__ for more details. - -Environment ------------ - -Settings for configuring the network environment in which Mattermost is deployed. - -Web Server -~~~~~~~~~~ - -Changes to properties in this section require a server restart before taking effect. - -Site URL -^^^^^^^^^ - -The URL that users will use to access Mattermost. The port number is required if it's not a standard port such as 80 or 443. - -**This field is required in Mattermost v3.8 and later.** - -In Mattermost v5.1 and later, the URL may contain a subpath, such as ``"https://example.com/company/mattermost"``. - -If Site URL is not set, the following features will not operate correctly: - - - Email notifications will contain broken links, and email batching will not work. - - Authentication via OAuth 2.0, including GitLab, Google, and Office 365, will fail. - - Plugins may not work as expected. - -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SiteURL": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------+ - -Test Live URL -^^^^^^^^^^^^^^^ - -This button confirms that the value entered into the Site URL is valid and live. - -Listen Address -^^^^^^^^^^^^^^ - -The address and port to which to bind and listen. Specifying ":8065" will bind to all network interfaces. Specifying ``127.0.0.1:8065`` will only bind to the network interface having that IP address. - -If you choose a port of a lower level (called "system ports" or "well-known ports", in the range of 0-1023), you must have permissions to bind to that port. - -On Linux you can use: ``sudo setcap cap_net_bind_service=+ep /opt/mattermost/bin/mattermost`` to allow Mattermost to bind to well-known ports. - -+-------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ListenAddress": ":8065"`` with string input. | -+-------------------------------------------------------------------------------------------+ - -Forward port 80 to 443 -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Forwards all insecure traffic from port 80 to secure port 443. - -**False**: When using a proxy such as NGINX in front of Mattermost this setting is unnecessary and should be set to ``false``. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Forward80To443": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Connection Security -^^^^^^^^^^^^^^^^^^^^ - -**None**: Mattermost will connect over an unsecure connection. - -**TLS**: Encrypts the communication between Mattermost clients and your server. See `documentation `__ for more details. - -+---------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""`` and ``"TLS"``. | -+---------------------------------------------------------------------------------------------------------------------------------------------+ - -TLS Certificate File -^^^^^^^^^^^^^^^^^^^^^ - -The path to the certificate file to use for TLS connection security. - -+------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSCertFile": ""`` with string input. | -+------------------------------------------------------------------------------------+ - -TLS Key File -^^^^^^^^^^^^ - -The path to the TLS key file to use for TLS connection security. - -+-----------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSKeyFile": ""`` with string input. | -+-----------------------------------------------------------------------------------+ - -Use Let's Encrypt -^^^^^^^^^^^^^^^^^^ - -**True**: Enable the automatic retrieval of certificates from Let's Encrypt. The certificate will be retrieved when a client attempts to connect from a new domain. This will work with multiple domains. See :doc:`../install/config-tls-mattermost` for more details on setting up Let's Encrypt. - -**False**: Manual certificate specification based on the **TLS Certificate File** and **TLS Key File** specified above. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseLetsEncrypt": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - If Let's Encrypt is enabled, forward port 80 through a firewall, with `Forward80To443 `__ ``config.json`` setting set to ``true`` to complete the Let's Encrypt certification. - -Let's Encrypt Certificate Cache File -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The path to the file where certificates and other data about the Let's Encrypt service will be stored. - -+-----------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------+ - -Read Timeout -^^^^^^^^^^^^ - -Maximum time allowed from when the connection is accepted to when the request body is fully read. - -+----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReadTimeout": 300`` with numerical input. | -+----------------------------------------------------------------------------------------+ - -Write Timeout -^^^^^^^^^^^^^ - -If using HTTP (insecure), this is the maximum time allowed from the end of reading the request headers until the response is written. If using HTTPS, it is the total time from when the connection is accepted until the response is written. - -+-----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"WriteTimeout": 300`` with numerical input. | -+-----------------------------------------------------------------------------------------+ - -Idle Timeout -^^^^^^^^^^^^ - -Set an explicit idle timeout in the HTTP server. This is the maximum time allowed before an idle connection is disconnected. - -+-----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdleTimeout": 60`` with numerical input. | -+-----------------------------------------------------------------------------------------+ - -Allow use of API v3 endpoints -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -Set to ``false`` to disable all version 3 endpoints of the REST API. Integrations that rely on API v3 will fail and can then be identified for migration to API v4. API v3 is deprecated and will be removed in the near future. See https://api.mattermost.com for details. - -+---------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAPIv3": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------+ - -Webserver Mode -^^^^^^^^^^^^^^^ - -gzip compression applies to the HTML, CSS, Javascript, and other static content files that make up the Mattermost web client. It is recommended to enable gzip to improve performance unless your environment has specific restrictions, such as a web proxy that distributes gzip files poorly. - -**gzip**: The Mattermost server will serve static files compressed with gzip to improve performance. - -**Uncompressed**: The Mattermost server will serve static files uncompressed. - -**Disabled**: The Mattermost server will not serve static files. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"WebserverMode": "gzip"`` with options ``"gzip"``, ``"uncompressed"``, and ``"disabled"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Insecure Outgoing Connections -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Outgoing HTTPS requests can accept unverified, self-signed certificates. For example, outgoing webhooks to a server with a self-signed TLS certificate, using any domain, will be allowed. - -**False**: Only secure HTTPS requests are allowed. - -**Security note:** Enabling this feature makes these connections susceptible to man-in-the-middle attacks. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableInsecureOutgoingConnections": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Managed Resource Paths -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A comma-separated list of paths within the Mattermost domain that are managed by a third party service instead of Mattermost itself. Links to these paths will be opened in a new tab/window by Mattermost apps. For example, if Mattermost is running on ``https://mymattermost.com``, setting this to ``conference`` will cause links such as ``https://mymattermost.com/conference`` to be opened in a new window. - -When using the Mattermost Desktop App, additional configuration is required to open the link within the Desktop App instead of in a browser. See `here `_ for more information. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ManagedResourcePaths": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Reload Configuration from Disk -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -The workflow for failover without downing the server is to change the database line in the ``config.json`` file, click **Reload Configuration from Disk** then click **Recycle Database Connections** in the **Advanced > Database** section. - -Purge All Caches -^^^^^^^^^^^^^^^^ - -This button purges all the in-memory caches for sessions, accounts and channels. Deployments using High Availability will attempt to purge all the servers in the cluster. Purging the caches may adversely impact performance. - -Database -~~~~~~~~ - -Changes to properties in this section require a server restart before taking effect. - -Driver Name -^^^^^^^^^^^ - -This setting can only be changed from ``config.json`` file, it cannot be changed from the System Console user interface. - -**``mysql``**: Enables driver to MySQL database. - -**``postgres``**: Enables driver to PostgreSQL database. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DriverName": "mysql"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Data Source -^^^^^^^^^^^ - -This is the connection string to the master database. When **DriverName** is set to ``postgres``, use a connection string in the form ``postgres://mmuser:password@localhost:5432/mattermost_test?sslmode=disable&connect_timeout=10``. This setting can only be changed from ``config.json`` file. - -.. note:: - To enable SSL, add ``&tls=true`` to your database connection string if your SQL driver supports it. Add ``&tls=skip-verify`` if you use self-signed certificates. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DataSource": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Idle Connections -^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum number of idle connections held open to the database. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxIdleConns": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Connection Idle Timeout -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum time a database connection can remain idle. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnMaxIdleTimeMilliseconds": 5`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Open Connections -^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum number of open connections held open to the database. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxOpenConns": 300`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Query Timeout -^^^^^^^^^^^^^ - -The number of seconds to wait for a response from the database after opening a connection and sending the query. Errors that you see in the UI or in the logs as a result of a query timeout can vary depending on the type of query. - -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"QueryTimeout": 30`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------------------+ - -Disable Database Search -^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Disables the use of the database to perform searches. Should only be used when other `search engines `_ are configured. If this setting is set to ``true`` and another search engine is not configured, it will result in empty search results. - -**False**: Database search is not disabled. - -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DisableDatabaseSearch": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------+ - -Maximum Connection Lifetime -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum lifetime for a connection to the database, in milliseconds. Use this setting to configure the maximum amount of time a connection to the database may be reused. Defaults to an hour (3,600,000 milliseconds). - -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnMaxLifetimeMilliseconds": 3600000`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------------------+ - -Minimum Hashtag Length -^^^^^^^^^^^^^^^^^^^^^^ - -Minimum number of characters in a hashtag. This must be greater than or equal to 2. MySQL databases must be configured to support searching strings shorter than three characters, see `documentation `_. - -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MinimumHashtagLength": 3`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------------------+ - -At Rest Encrypt Key -^^^^^^^^^^^^^^^^^^^ - -A 32-character key for encrypting and decrypting sensitive fields in the database. You can generate your own cryptographically random alphanumeric string, or you can go to **System Console > Environment > Database** and click **Regenerate**, which displays the value until you click **Save**. - -When using High Availability, the salt must be identical in each instance of Mattermost. - -No fields are encrypted using ``AtRestEncryptKey``. It's a legacy setting used to encrypt data stored at rest in the database. - -+------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AtRestEncryptKey": ""`` with string input. | -+------------------------------------------------------------------------------------------+ - -SQL Statement Logging (Trace) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Executing SQL statements are written to the log for development. - -**False**: SQL statements are not written to the log. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Trace": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Recycle Database Connections -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -This button reconnects to the database listed in the configuration settings. All old connections are closed after 20s. - -The workflow for failover without downing the server is to change the database line in the ``config.json`` file, click **Reload Configuration from Disk** in the **Environment > Database** section, then click **Recycle Database Connections**. - -Elasticsearch -~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Changes to properties in this section require a server restart before taking effect. - -Enable Elasticsearch Indexing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Indexing of new posts occurs automatically. Search queries will use database search until **Enable Elasticsearch for search queries** is enabled. `Learn more about Elasticsearch in our documentation `__. - -**False**: Elasticsearch indexing is disabled and new posts are not indexed. If indexing is disabled and re-enabled after an index is created, it is recommended to purge and rebuild the index to ensure complete search results. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Server Connection Address -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. - -+------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionUrl": ""`` with string input. | -+------------------------------------------------------------------------------------------------------------------------+ - -Skip TLS Verification -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Skips the certificate verification step for TLS connections. Not recommended for production environments where TLS is required. For testing only. - -**False**: Mattermost does not skip certificate verification. - -+-------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipTLSVerification": false`` with boolean input. | -+-------------------------------------------------------------------------------------------------------+ - -Server Username -^^^^^^^^^^^^^^^ - -(Optional) The username to authenticate to the Elasticsearch server. - -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Username": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------+ - -Server Password -^^^^^^^^^^^^^^^^ - -(Optional) The password to authenticate to the Elasticsearch server. - -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Password": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------+ - -Enable Cluster Sniffing -^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Sniffing finds and connects to all data nodes in your cluster automatically. - -**False**: Sniffing is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Sniff": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Bulk Indexing -^^^^^^^^^^^^^ - -This button starts a bulk index of all existing posts in the database. If the indexing process is cancelled the index and search results will be incomplete. - -Purge Indexes -^^^^^^^^^^^^^ - -This button purges the entire Elasticsearch index. Typically only used if the index has corrupted and search is not behaving as expected. After purging the index a new index can be created with the **Bulk Index** button. - -Enable Elasticsearch for Search Queries -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Elasticsearch will be used for all search queries using the latest index. Search results may be incomplete until a bulk index of the existing post database is finished. - -**False**: Database search is used for search queries. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Elasticsearch for Autocomplete Queries -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Elasticsearch will be used for all autocompletion queries on users and channels using the latest index. Autocompletion results may be incomplete until a bulk index of the existing users and channels database is finished. - -**False**: Database autocomplete is used. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File Storage -~~~~~~~~~~~~ - -Mattermost currently supports storing files on the local filesystem and Amazon S3 or S3 compatible containers. - -.. note:: - We have tested Mattermost with `MinIO `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. - -File Storage System -^^^^^^^^^^^^^^^^^^^^ - -+-------------------------+-----------------------+ -| ``config.json`` setting | ``DriverName`` | -+-------------------------+-----------------------+ -| Allowed Values | ``"local"`` (default) | -| | ``"amazons3"`` | -+-------------------------+-----------------------+ - -This selects which file storage system is used: Local File System or Amazon S3. - -**Local File System**: Files and images are stored in the specified local file directory. - -**Amazon S3**: Files and images are stored on Amazon S3 based on the provided access key, bucket and region fields. The ``"amazons3"`` driver is compatible with MinIO (Beta) and Digital Ocean Spaces based on the provided access key, bucket, and region fields. - -Local Storage Directory -^^^^^^^^^^^^^^^^^^^^^^^^ - -The local directory to which files are written when the File Storage System is set to ``"local"``. This is relative to the directory Mattermost is installed to and defaults to ``"./data"`` When File Storage System is set to S3 this setting has no effect. - -+-------------------------+------------------------------------------------------------------------------------------+ -| ``config.json`` setting | ``Directory`` | -+-------------------------+------------------------------------------------------------------------------------------+ -| Allowed Values | Any directory writeable by the user Mattermost is running as. Defaults to ``"./data/"``. | -+-------------------------+------------------------------------------------------------------------------------------+ - -Maximum File Size -^^^^^^^^^^^^^^^^^^ - -Maximum file size for message attachments entered in megabytes in the System Console UI. Converted to bytes in ``config.json`` at 1048576 bytes per megabyte. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxFileSize": 104857600`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. warning:: Verify server memory can support your setting choice. Large file sizes increase the risk of server crashes and failed uploads due to network disruptions. - -.. note:: - If you use a proxy or load balancer in front of Mattermost its settings need to be adjusted accordingly. For NGINX use ``client_max_body_size``. For Apache use ``LimitRequestBody``. - -Enable Document Search by Content -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enable users to search the contents of documents attached to messages. - -**True**: Documents are searchable by their content. - -.. note:: - Document content search results for files shared before upgrading to Mattermost Server 5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older files based on file name only. - -**False**: Documents aren't searchable by their content. When document content search is disabled, users can search for files by file name only. - -You can optionally install `these dependencies `__ to extend content searching support to include file formats beyond PDF, DOCX, and ODT, such as DOC, RTF, XML, HTML, and PAGES. If you choose not to install the dependencies, you will see log entries for documents that couldn't be extracted. Any documents that can't be extracted are skipped and logged so that content extraction can proceed. The search support each dependency offers is described below: - -- ``tidy``: Used to search the contents of HTML and PAGES documents. -- ``wv``: Used to search the contents of DOC documents. -- ``popplerutils``: Used to significantly improve server performance when extracting the contents of PDF documents. -- ``unrtf``: Used to search the contents of RTF documents. -- ``Justtext``: Used to search HTML documents. - -.. note:: - Document content search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older documents based on file name only. - -+---------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileSettings.ExtractContent": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - - Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. - - Searching document contents adds load to your server. - - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. - -Enable Searching Content of Documents within ZIP Files -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This configuration setting enables users to search the contents of compressed ZIP files attached to messages. - -**True**: Contents of documents within ZIP files are returned in search results. This may have an impact on server performance for large files. - -**False**: The contents of documents within ZIP files aren't returned in search results. - -+---------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileSettings.ArchiveRecursion": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - - Document content search within ZIP files is available in Mattermost Server from v5.35, with mobile support coming soon. - - Searching document contents adds load to your server. - - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. - -Amazon S3 Bucket -^^^^^^^^^^^^^^^^^ - -The name of the bucket for your S3-compatible object storage instance. - -+-------------------------+----------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Bucket`` | -+-------------------------+----------------------------------------------+ -| Allowed Values | A string with the S3-compatible bucket name. | -+-------------------------+----------------------------------------------+ - -Amazon S3 Region -^^^^^^^^^^^^^^^^^ - -The AWS region you selected when creating your S3 bucket. If no region is set, Mattermost attempts to get the appropriate region from AWS and sets it to ``"us-east-1"`` if none is found. For MinIO or Digital Ocean Spaces, leave this setting empty. - -+-------------------------+-----------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Region`` | -+-------------------------+-----------------------------------------------------+ -| Allowed Values | A string with the AWS region containing the bucket. | -+-------------------------+-----------------------------------------------------+ - -Amazon S3 Access Key ID -^^^^^^^^^^^^^^^^^^^^^^^^ - -This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the Access Key ID. - -+-------------------------+----------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3AccessKeyId`` | -+-------------------------+----------------------------------------------------------------------+ -| Allowed Values | A string with the access key for the S3-compatible storage instance. | -+-------------------------+----------------------------------------------------------------------+ - -Amazon S3 Endpoint -^^^^^^^^^^^^^^^^^^^ - -Hostname of your S3-compatible instance. Defaults to ``"s3.amazonaws.com"``. - -.. note:: - For Digital Ocean Spaces, the hostname should be set to ``".digitaloceanspaces.com"``, where ```` is the abbreviation for the region you chose when setting up the Space. It can be ``nyc3``, ``ams3``, or ``sgp1``. - -+-------------------------+-------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Endpoint`` | -+-------------------------+-------------------------------------------------------------------+ -| Allowed Values | A string with the hostname of the S3-compatible storage instance. | -+-------------------------+-------------------------------------------------------------------+ - -Amazon S3 Secret Access Key -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The secret access key associated with your Amazon S3 Access Key ID. - -+-------------------------+-----------------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SecretAccessKey`` | -+-------------------------+-----------------------------------------------------------------------------+ -| Allowed Values | A string with the secret access key for the S3-compatible storage instance. | -+-------------------------+-----------------------------------------------------------------------------+ - -Enable Secure Amazon S3 Connections -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables only secure Amazon S3 connections. - -**False**: Allows insecure connections to Amazon S3. - -+-------------------------+----------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SSL`` | -+-------------------------+----------------------------------------------+ -| Allowed Values | ``true`` or ``false``. Defaults to ``true``. | -+-------------------------+----------------------------------------------+ - -Enable Server-Side Encryption for Amazon S3 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. - -**False**: Doesn't encrypt files in Amazon S3. - -.. note:: - Server-side encryption only works with Amazon S3. - -+-------------------------+-----------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SSE`` | -+-------------------------+-----------------------------------------------+ -| Allowed Values | ``true`` or ``false``. Defaults to ``false``. | -+-------------------------+-----------------------------------------------+ - -Enable Amazon S3 Debugging -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When ``true``, log additional debugging information to the system logs. Typically set to ``false`` in production. - -**False**: No Amazon S3 debugging information is included in the system logs. - -+-------------------------+-----------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Trace`` | -+-------------------------+-----------------------------------------------+ -| Allowed Values | ``true`` or ``false``. Defaults to ``false``. | -+-------------------------+-----------------------------------------------+ - -Test Connection -^^^^^^^^^^^^^^^^ - -Ensures that the user can access the server and that the settings are valid. - -Image Proxy -~~~~~~~~~~~~ - -Enable Image Proxy -^^^^^^^^^^^^^^^^^^ - -When ``true``, enables an image proxy for loading external images. The image proxy is used by the Mattermost apps to prevent them from connecting directly to remote servers. This anonymizes their connections and prevents them from accessing insecure content. - -See the :doc:`documentation ` to learn more. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ - -Image Proxy Type -^^^^^^^^^^^^^^^^^ - -The type of image proxy used by Mattermost. There are two options: - -**local**: The Mattermost server itself acts as the image proxy. This is the default option. - -**atmos/camo**: An external `atmos/camo `__ image proxy is used. - -See the `documentation `__ to learn more. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ImageProxyType": "local"``, with options ``"local"`` and ``"atmos/camo"`` for the above settings, respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Remote Image Proxy URL -^^^^^^^^^^^^^^^^^^^^^^^ - -The URL of the ``atmos/camo`` proxy. This setting is not needed when using the local image proxy. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteImageProxyURL": ""`` with string input. | -+---------------------------------------------------------------------------------------------------------------------+ - -Remote Image Proxy Options -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The URL signing key passed to an ``atmos/camo`` image proxy. This setting is not needed when using the local image proxy. - -See the `documentation `_ to learn more. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteImageProxyOptions": ""`` with string input. | -+---------------------------------------------------------------------------------------------------------------------+ - -SMTP -~~~~ - -SMTP Email Server -^^^^^^^^^^^^^^^^^ - -Location of SMTP email server used for email notifications. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPServer": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SMTP Server Port -^^^^^^^^^^^^^^^^^ - -Port of SMTP email server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPPort": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SMTP Server Timeout -^^^^^^^^^^^^^^^^^^^ - -The maximum amount of time (in seconds) allowed for establishing a TCP connection between Mattermost and the SMTP server, to be idle before being terminated. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPServerTimeout": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable SMTP Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: SMTP username and password are used for authenticating to the SMTP server. - -**False**: Mattermost doesn't attempt to authenticate to the SMTP server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSMTPAuth": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SMTP Server Username -^^^^^^^^^^^^^^^^^^^^ - -The username for authenticating to the SMTP server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPUsername": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SMTP Server Password -^^^^^^^^^^^^^^^^^^^^^ - -The password associated with the SMTP username. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPPassword": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _email-tls: - -Connection Security -^^^^^^^^^^^^^^^^^^^^ - -**None**: Send email over an unsecure connection. - -**TLS**: Communication between Mattermost and your email server is encrypted. - -**STARTTLS**: Attempts to upgrade an existing insecure connection to a secure connection using TLS. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``"TLS"``, and ``"STARTTLS"``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Skip Server Certificate Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost will not verify the email server certificate. - -**False**: Mattermost will verify the email server certificate. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Security Alerts -^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enable System Admins to be notified by email if a relevant security fix alert is announced. Requires email to be enabled. To learn more about this feature, see :doc:`../manage/telemetry`. - -**False**: Security alerts are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSecurityFixAlert": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Push Notification Server -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable Push Notifications -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Your Mattermost server sends mobile push notifications to the server specified in **PushNotificationServer**. - -**False**: Mobile push notifications are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SendPushNotifications": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Push Notification Server -^^^^^^^^^^^^^^^^^^^^^^^^ - -Location of Mattermost Push Notification Service (MPNS), which re-sends push notifications from Mattermost to services like Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM). - -To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__: - -- For Enterprise Edition, enter ``https://push.mattermost.com`` for the push notification server hosted in the United States. If you prefer to use a push notification server hosted in Germany, enter ``https://hpns-de.mattermost.com/``. -- For Team Edition, enter ``https://push-test.mattermost.com``. - -Please review full documentation on `push notifications and mobile applications `__ including guidance on compiling your own mobile apps and MPNS before deploying to production. - -.. note:: - The ``https://push-test.mattermost.com`` server is provided for testing push notifications prior to compiling your own service. Please make sure `to read about its limitations `_. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PushNotificationServer": "https://push-test.mattermost.com"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Max Notifications Per Channel -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum total number of users in a channel before @all, @here, and @channel no longer send notifications to maximize performance. - -If you want to increase this value, the recommendation is to increase it a little at a time and monitor system health with `performance monitoring metrics `__. We also recommend only increasing this value if large channels have restricted permissions for who can post to the channel (for instance, a read-only Town Square channel). - -+--------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxNotificationsPerChannel": 1000`` with numerical input. | -+--------------------------------------------------------------------------------------------------------+ - -**Troubleshooting Push Notifications** - -To confirm push notifications are working: - -1. Go to **System Console > Notifications > Environment > Push Notification Server > Enable Push Notifications** and select **Use TPNS connection to send notifications to iOS and Android apps**. -2. Set **Push Notification Server** to ``https://push.mattermost.com`` if using Enterprise Edition. If using Team Edition, set the value to ``https://push-test.mattermost.com``. -3. To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__ and log in to your team site. -4. Close the app on your device, and close any other connections to your team site. -5. Wait 5 minutes and have another team member send you a direct message, which should trigger a push notification to the Mattermost app on your mobile device. -6. You should receive a push notification on your device alerting you of the direct message. - -If you did not receive an alert: - -1. Set **System Console > Environment > Logging > File Log Level** to *DEBUG* (make sure to set this back to *INFO* after troubleshooting to save disk space). -2. Repeat the above steps. -3. Go to **System Console > Reporting > Server Logs** and copy the log output into a file. -4. For Enterprise Edition customers, `submit a support request with the file attached `__. For Team Edition users, please start a thread in the `troubleshooting forum `__ for peer-to-peer support. - -.. _high-availability: - -High Availability -~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Changes to properties in this section require a server restart before taking effect. - -When High Availability mode is enabled, the System Console is set to read-only and settings can only be changed by editing the configuration file directly. However, for testing and validating a High Availability setup, you can set ``ReadOnlyConfig`` to ``false``, which allows changes made in the System Console to be saved back to the configuration file. - -To learn more about configuring High Availability, see `High Availability Cluster `_. - -Enable High Availability Mode -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: The Mattermost server will attempt inter-node communication with the other servers in the cluster that have the same cluster name. This sets the System Console to read-only mode to keep the servers ``config.json`` files in sync. - -**False**: Mattermost High Availability is disabled. - -+-----------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------+ - -Cluster Name -^^^^^^^^^^^^ - -The cluster to join by name. Only nodes with the same cluster name will join together. This is to support Blue-Green deployments or staging pointing to the same database. - -+------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClusterName": ""`` with string input. | -+------------------------------------------------------------------------------------+ - -Override Hostname -^^^^^^^^^^^^^^^^^ - -If blank, Mattermost attempts to get the hostname from the OS or use the IP address. You can override the hostname of this server with this property. It is not recommended to override the hostname unless needed. This property can also be set to a specific IP address if needed. Also see `cluster discovery `_ for more details. - -+-----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"OverrideHostname": ""`` with string input. | -+-----------------------------------------------------------------------------------------+ - -Use IP Address -^^^^^^^^^^^^^^ - -**True**: The cluster attempts to communicate using the IP address. - -**False**: The cluster attempts to communicate using the hostname. - -+---------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseIpAddress": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------+ - -Use Gossip -^^^^^^^^^^ - -.. note:: - All cluster traffic uses the gossip protocol. From Mattermost Server v5.36 gossip clustering can no longer be disabled. - -**True**: The server attempts to communicate via the gossip protocol over the gossip port. - -**False**: The server attempts to communicate over the streaming port. - -Note that the gossip port and gossip protocol are used to determine cluster health even when this setting is ``false``. - -+--------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseExperimentalGossip": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------+ - -Enable Experimental Gossip Encryption -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: All communication through the cluster using the gossip protocol will be encrypted. - -**False**: All communication using gossip protocol remains unencrypted. - -The encryption uses AES-256 by default, and it is not kept configurable by design. However, you can manually set the ``ClusterEncryptionKey`` row value in the Systems table. A key is a byte array converted to base64. It should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. - -+--------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableExperimentalGossipEncryption": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------+ - -Enable Gossip Compression -^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: All communication through the cluster uses gossip compression. This is set to ``true`` by default to maintain compatibility with older servers. - -**False**: All communication using the gossip protocol remains uncompressed. Once all servers in a cluster are upgraded to Mattermost v5.33 or later, we recommend that you disable this configuration setting for better performance. - -+--------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableGossipCompression": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------+ - -Gossip Port -^^^^^^^^^^^ - -The port used for the gossip protocol. Both UDP and TCP should be allowed on this port. - -+-------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GossipPort": 8074`` with numerical input. | -+-------------------------------------------------------------------------------------------+ - -Streaming Port -^^^^^^^^^^^^^^ - -The port used for streaming data between servers. - -+----------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"StreamingPort": 8075`` with numerical input. | -+----------------------------------------------------------------------------------------------+ - -Inter-Node Listen Address -^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Deprecated. Not used in version 4.0 and later* - -The address the Mattermost Server will listen on for inter-node communication. When setting up your network you should secure the listen address so that only machines in the cluster have access to that port. This can be done in different ways, for example, using IPsec, security groups, or routing tables. - -+-----------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"InterNodeListenAddress": ":8075"`` with string input. | -+-----------------------------------------------------------------------------------------------------+ - -Inter-Node URLs -^^^^^^^^^^^^^^^ - -*Deprecated. Not used in version 4.0 and later* - -A list of all the machines in the cluster, such as ``["http://10.10.10.2", "http://10.10.10.4"]``. It is recommended to use the internal IP addresses so all the traffic can be secured. - -+--------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"InterNodeUrls": []`` with string array input consisting of the machines in the cluster. | -+--------------------------------------------------------------------------------------------------------------------------------------+ - -Rate Limiting -~~~~~~~~~~~~~~ - -Changes to properties in this section require a server restart before taking effect. - -Enable Rate Limiting -^^^^^^^^^^^^^^^^^^^^^ - -Rate limiting prevents your server from being overloaded with too many requests. This decreases the risk and impact of third-party applications or malicious attacks on your server. - -**True**: APIs are throttled at the rate specified by **PerSec**. - -**False**: APIs are not throttled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Queries per Second -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Throttle API at this number of requests per second if rate limiting is enabled. - -The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PerSec": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Burst Size -^^^^^^^^^^^^^^^^^^^^ - -Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. - -Maximum number of requests allowed beyond the per second query limit. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxBurst": 100`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Memory Store Size -^^^^^^^^^^^^^^^^^^^ - -Maximum number of user sessions connected to the system as determined by ``VaryByRemoteAddr`` and ``VaryByHeader`` variables. - -Typically set to the number of users in the system. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MemoryStoreSize": 10000`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Vary rate limit by remote address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Rate limit API access by IP address. Recommended to set to ``true`` if you're using a proxy. - -**False**: Rate limiting does not vary by IP address. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByRemoteAddr": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Vary rate limit by user -^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Rate limit API access by user authentication token. Recommended to set to ``true`` if you're using a proxy. - -**False**: Rate limiting does not vary by user authentication token. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByUser": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Vary rate limit by HTTP header -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Vary rate limiting by HTTP header field specified (e.g. when configuring Ngnix set to ``X-Real-IP``, when configuring AmazonELB set to ``X-Forwarded-For``). Recommended to be set if you're using a proxy. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByHeader": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Advanced Logging -~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Output logs to multiple targets -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Allow any combination of console, local file, syslog, and TCP socket targets, and send log records to multiple targets. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. - -System Admins can define multiple log targets to: - -- Mirror log output to files and log aggregators for redundancy. -- Log certain entries to specific destinations. For example, all errors could be routed to a specific destination for review. - -Additional configuration options include: - -- Multiple local file targets: Supports rotation and compression triggered by size and/or duration. -- Multiple syslogs: Supports local and remote syslog servers, with or without TLS transport. -- Multiple TCP sockets: TCP socket target can be configured with an IP address or domain name, port, and optional TLS certificate. - -All access to the REST API or CLI is audited. When using Advanced Logging for auditing, System Admins can capture the following auditing in the target configuration in addition to discrete log levels: - -.. code-block:: none - - "Levels": [ - {"ID": 100, "Name": "audit-api"}, - {"ID": 101, "Name": "audit-content"}, - {"ID": 102, "Name": "audit-permissions"}, - {"ID": 103, "Name": "audit-cli"}, - ], - -Where: - -- ``audit-api``: Enables output of REST API calls. -- ``audit-content``: Enables output of API calls that generate content (e.g. ``create post``, ``create reaction``). -- ``audit-permissions``: Enables output of all permissions failures. -- ``audit-cli``: Enables output of legacy CLI calls. - -.. Note:: - - Logs are recorded asynchronously to reduce latency to the caller. - - Advanced logging supports hot-reloading of logger configuration. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``LogSettings.AdvancedLoggingConfig`` which can contain a filespec to another config file, a database DSN, or JSON. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Options outlined in `this text file `__ are described in the following table. - -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **Key** | **Definition** | **Type** | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **Levels** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| ID | Unique log level identifier. Must be registered in ``mattermost/mattermost-server/shared/mlog/levels.go``. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Name | Human-readable name for the log level identifier. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Stacktrace | Set to ``true`` to generate a stacktrace. Set to ``false`` to prevent a stacktrace from being generated. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **Targets** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Type | Can be one of: ``console``, ``file``, ``syslog``, or ``tcp``. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Format | Can be either ``json`` or ``plain``. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Levels | Array of log levels. | [] | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Options | Map of options specific to the target type. | {} | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| MaxQueueSize | The number of audit records that can be queued/buffered at any point in time when writing to syslog. Default is 1000. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **Console** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Out | Can be either ``stdout`` or ``stderr``. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **File** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Filename | Path and filename for logs. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| MaxAgeDays | Number of days until a rotation is triggered. Set to ``0`` to not rotate based on age. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| MaxBackups | Maximum number of rotated files to keep where the oldest are deleted. Set to ``0`` to discard rotated files. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| MaxSizeMB | Maximum file size before a rotation is triggered. Set to ``0`` to prevent rotation based on file size. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Compress | Set to ``true`` to compress files after rotation. Set to ``false`` to not compress files after rotation. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **SysLog** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| IP | IP address or domain of the syslog server. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Port | Listening port of syslog server. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Tag | Typically the program name, machine name, or node name. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| TLS | Set to ``true`` to connect via TLS. Set to ``false`` to prevent connecting via TLS. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Cert | For TLS connections where TLS is set to ``true``, the filename of client certificate or base64-encoded certificate. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Insecure | Used for testing purposes only. Set to ``true`` to prevent a certificate check from being performed. Set to ``false`` to perform a certificate check. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| **TCP** | | | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| IP | IP address or domain of the socket server. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Port | Listening port of the socket server. | int | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| TLS | Set to ``true`` to connect via TLS. Set to ``false`` to prevent connecting via TLS. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Cert | For TLS connections where TLS is set to ``true``, the filename of client certificate or base64-encoded certificate. | string | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ -| | | | -| Insecure | Used for testing purposes only. Set to ``true`` to prevent a certificate check from being performed. Set to ``false`` to perform a certificate check. | bool | -+---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ - -.. Note:: - Filenames for ``AdvancedLoggingConfig`` can contain an absolute filename, a relative filename, or embedded JSON. - -See the :download:`Advanced Logging Options Sample JSON ZIP file <../samples/advanced-logging-options-sample-json.zip>` for a sample configuration file. - -Standard Logging -~~~~~~~~~~~~~~~~ - -*Available in all editions* - -Output logs to console -^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - Logs are rotated once the log file reaches a size of 100 MB or more. - -**True**: Output log messages to the console based on ``ConsoleLevel`` option. The server writes messages to the standard output stream (stdout). - -**False**: Output log messages are not written to the console. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableConsole": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Console Log Level -^^^^^^^^^^^^^^^^^ - -Level of detail at which log events are written to the console when ``EnableConsole`` = ``true``. - -**DEBUG**: Prints high detail for developers debugging issues. - -**ERROR**: Outputs only error messages. - -**INFO**: Outputs error messages and information around startup and initialization. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConsoleLevel": "DEBUG"`` with options ``"DEBUG"``, ``"ERROR"``, and ``"INFO"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Output console logs as JSON -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. - -**True**: Logged events are written in a machine-readable JSON format. - -**False**: Logged events are written in plain text. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConsoleJson": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------+ - -Colorize plain text console logs -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting can only be changed from ``config.json`` file, it cannot be changed from the System Console user interface. - -**True**: When logged events are output to the console as plain text, colorize log levels details. - -**False**: Plain text log details aren't colorized in the console. - -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableColor": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------+ - -Output logs to file -^^^^^^^^^^^^^^^^^^^^ - -Typically set to ``true`` in production. When ``true``, logged events are written to the ``mattermost.log`` file in the directory specified by the **FileLocation** setting. The logs are archived to a file in the same directory, and given a name with a datestamp and serial number. For example, ``mattermost.2017-03-31.001``. - -**True**: Log files are written to files specified in ``FileLocation``. - -**False**: Log files are not written. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableFile": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------+ - -File Log Level -^^^^^^^^^^^^^^^ - -Level of detail at which log events are written to log files when ``EnableFile`` = ``true``. - -**ERROR**: Outputs only error messages. - -**INFO**: Outputs error messages and information around startup and initialization. - -**DEBUG**: Prints high detail for developers debugging issues. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLevel": "INFO"`` with options ``"DEBUG"``, ``"ERROR"``, and ``"INFO"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Output file logs as JSON -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. - -**True**: Logged events are written in a machine-readable JSON format. - -**False**: Logged events are written in plain text. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileJson": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------+ - -File Log Directory -^^^^^^^^^^^^^^^^^^^ - -The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLocation": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Webhook Debugging -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Contents of incoming webhooks are printed to log files for debugging. - -**False**: Contents of incoming webhooks are not printed to log files. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableWebhookDebugging": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Diagnostics and Error Reporting -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: To improve the quality and performance of future Mattermost updates, this option sends error reporting and diagnostic information to Mattermost, Inc. All diagnostics and error reporting is encrypted in transit and does not include personally identifiable information or message contents. To learn more about this feature, see :doc:`../manage/telemetry`. - -**False**: Diagnostics and error reporting are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDiagnostics": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Session Lengths -~~~~~~~~~~~~~~~~ - -User sessions are cleared when a user tries to log in. Additionally, a job runs every 24 hours to clear sessions from the sessions database table. - -Extend session length with activity -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Improves user experience by extending sessions and keeping users logged in if they are active in their Mattermost apps. - -**True**: Sessions will be automatically extended when the user is active in their Mattermost client. User sessions will only expire if they are not active in their Mattermost client for the entire duration of the session lengths defined in the fields below. - -**False**: Sessions will not extend with activity in Mattermost. User sessions will immediately expire at the end of the session length or idle timeouts defined below. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExtendSessionLengthWithActivity": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Session length for email and AD/LDAP authentication (days) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set the number of days from the last time a user entered their credentials to the expiry of the user's session on email and AD/LDAP authentication. - -After changing this setting, the new session length will take effect after the next time the user enters their credentials. - -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthWebInDays": 30`` with numerical input. | -+--------------------------------------------------------------------------------------------------------------+ - -Session length for mobile apps (days) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set the number of days from the last time a user entered their credentials to the expiry of the user's session on mobile apps. - -After changing this setting, the new session length will take effect after the next time the user enters their credentials. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthMobileInDays": 180`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------+ - -Session length for SSO authentication (days) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting defines the session length for SSO authentication, such as SAML, GitLab, and OAuth 2.0. - -Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML, GitLab, or OAuth 2.0, the user may automatically be logged back in to Mattermost if they are already logged in to SAML, GitLab, or with OAuth 2.0. - -After changing this setting, the setting will take effect after the next time the user enters their credentials. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays": 30`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Session Cache (minutes) -^^^^^^^^^^^^^^^^^^^^^^^^ - -Set the number of minutes to cache a session in memory. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionCacheInMinutes": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Session Idle Timeout (minutes) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The number of minutes from the last time a user was active on the system to the expiry of the user's session. Once expired, the user will need to log in to continue. Minimum is 5 minutes, and 0 is unlimited. - -Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. - -This setting does not take effect if ``ExtendSessionLengthWithActivity`` is set to ``true``. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes": 43200`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Performance Monitoring -~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Changes to properties in this section require a server restart before taking effect. - -Enable Performance Monitoring -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost enables performance monitoring collection and profiling. Please see `documentation `__ to learn more about configuring performance monitoring for Mattermost. - -**False**: Mattermost performance monitoring is disabled. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Listen Address -^^^^^^^^^^^^^^^ - -The address the Mattermost server will listen on to expose performance metrics. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"InterNodeListenAddress": ":8067"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Developer -~~~~~~~~~~ - -Enable Testing Commands -^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: ``/test`` slash command is enabled to load test accounts and test data. - -**False**: ``/test`` slash command is disabled. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTesting": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Developer Mode -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Javascript errors are shown in a purple bar at the top of the user interface. Not recommended for use in production. - -**False**: Users are not alerted to Javascript errors. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDeveloper": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow Untrusted Internal Connections To -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting limits the ability for the Mattermost server to make untrusted requests within its local network. A request is considered "untrusted" when it's made on behalf of a client. The following features make untrusted requests and are affected by this setting: - -- Integrations using webhooks, slash commands, or message actions. This prevents them from requesting endpoints within the local network. -- Link previews. When a link to a local network address is posted in a chat message, this prevents a link preview from being displayed. -- The `local image proxy `_. If the local image proxy is enabled, images located on the local network cannot be used by integrations or posted in chat messages. - -Requests that can only be configured by admins are considered trusted and will not be affected by this setting. Trusted URLs include ones used for OAuth login or for sending push notifications. - -.. warning:: - This setting is intended to prevent users located outside your local network from using the Mattermost server to request confidential data from inside your network. Care should be used when configuring this setting to prevent unintended access to your local network. - -Some examples of when you may want to modify this setting include: - -- When installing a plugin that includes its own images, such as `Matterpoll `__, you will need to add the Mattermost server's domain name to this list. -- When running a bot or webhook-based integration on your local network, you'll need to add the hostname of the bot/integration to this list. -- If your network is configured in such a way that publicly-accessible web pages or images are accessed by the Mattermost server using their internal IP address, the hostnames for those servers must be added to this list. - -This setting is a whitelist of local network addresses that can be requested by the Mattermost server. It's configured as a whitespace-separated list of hostnames, IP addresses, and CIDR ranges that can be accessed (such as ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``). Since v5.9, the public IP of the Mattermost application server itself is also considered a reserved IP. - -.. note:: - Use whitespaces instead of commas to list the hostnames, IP addresses, or CIDR ranges. For example: ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``. - -IP address and domain name rules are applied before host resolution. CIDR rules are applied after host resolution, and only CIDR rules require DNS resolution. We try to match IP addresses and hostnames without even resolving. If that fails, we resolve using the local resolver (by reading the ``/etc/hosts`` file first), then check for matching CIDR rules. For example, if the domain "webhooks.internal.example.com" resolves to the IP address ``10.0.16.20``, a webhook with the URL "https://webhooks.internal.example.com/webhook" can be whitelisted using ``webhooks.internal.example.com`` or ``10.0.16.16/28``, but not ``10.0.16.20``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowedUntrustedInternalConnections": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Site Configuration -------------------- - -Settings for customizing your Mattermost deployment. - -Customization -~~~~~~~~~~~~~ - -Site Name -^^^^^^^^^^^ - -Name of service shown in login screens and UI. Maximum 30 characters. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SiteName": "Mattermost"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Site Description -^^^^^^^^^^^^^^^^ - -Description of service shown in login screens and UI. When not specified, "All team communication in one place, searchable and accessible anywhere" is displayed. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomDescriptionText": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Custom Branding -^^^^^^^^^^^^^^^^^^^^^^^^ - -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -**True**: Enables custom branding to show a JPG image some custom text on the server login page. - -**False**: Custom branding is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomBrand": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Custom Brand Image -^^^^^^^^^^^^^^^^^^^ - -Custom JPG image is displayed on left side of server login page. Recommended maximum image size is less than 2 MB because image will be loaded for every user who logs in. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This features has no ``config.json`` setting and must be set in the System Console user interface. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Custom Brand Text -^^^^^^^^^^^^^^^^^ - -Custom text will be shown below custom brand image on left side of server login page. Maximum 500 characters allowed. You can format this text using the same `Markdown formatting codes `__ as using in Mattermost messages. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomBrandText": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Ask Community Link -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: **Ask the community** link is visible in the Mattermost channel header, under the **Help** menu. When clicked, users are redirected to https://mattermost.com/pl/default-ask-mattermost-community/, where they can join the Mattermost Community to ask questions and help others troubleshoot issues. This option is not available on the mobile apps. - -**False**: The link is not visible to users. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"enable_ask_community_link": ""`` with options ``true`` and ``false``. Defaults to true. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Help link -^^^^^^^^^^^ - -Configurable link to a Help page your organization may provide to end users. By default, links to Mattermost help documentation hosted on `docs.mattermost.com `__. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"HelpLink": "https://about.mattermost.com/default-help/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Support Email -^^^^^^^^^^^^^^ - -Set an email address for feedback or support requests. - -To ensure that users can contact you for assistance, set this value to an email address your System Admin receives, such as ``"support@yourcompany.com"``. This address is displayed on email notifications and during the Getting Started tutorial. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SupportEmail": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Terms of Service link -^^^^^^^^^^^^^^^^^^^^^^ - -Configurable link to Terms of Service your organization may provide to end users on the footer of the sign-up and login pages. By default, links to a Terms of Service page hosted on about.mattermost.com. If changing the link to a different Terms of Service, make sure to include the "Mattermost Conditions of Use" notice to end users that must also be shown to users from the "Terms of Service" link. - -In version 5.17 and later, this setting does not change the terms of service link in **Main Menu > About Mattermost**, which refers to the Mattermost Terms of Service. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TermsOfServiceLink": "https://about.mattermost.com/default-terms/"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Privacy Policy link -^^^^^^^^^^^^^^^^^^^^ - -Configurable link to Privacy Policy your organization may provide to end users on the footer of the sign-up and login pages. By default, links to a Privacy Policy page hosted on about.mattermost.com. - -In version 5.17 and later, this setting does not change the privacy policy link in **Main Menu > About Mattermost**, which refers to the Mattermost Privacy Policy. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -About Link -^^^^^^^^^^^^ - -Configurable link to an About page describing your organization may provide to end users. By default, links to an About page hosted on about.mattermost.com. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AboutLink": "https://about.mattermost.com/default-about/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Report a Problem link -^^^^^^^^^^^^^^^^^^^^^^^ - -Set the link for the support website. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/"`` with string input. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -App Custom URL Schemes -^^^^^^^^^^^^^^^^^^^^^^ - -Define valid custom URL schemes for redirect links provided by custom-built mobile Mattermost apps. This ensures users are redirected to the custom-built mobile app and not Mattermost's mobile client. - -When configured, after OAuth or SAML user authentication is complete, custom URL schemes sent by mobile clients are validated to ensure they don't include default schemes such as ``http`` or ``https``. Mobile users are then redirected back to the mobile app using the custom scheme URL provided by the mobile client. We recommend that you update your mobile client values as well with valid custom URL schemes. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NativeAppSettings.AppCustomURLSchemes"`` with an array of strings as input. For example: ``[custom-app://, some-app://]``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Mattermost Apps Download Page Link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Configurable link to a download page for Mattermost Apps. When a link is present, an option to **Download Apps** will be added in the Main Menu so users can find the download page. Leave this field blank to hide the option from the Main Menu. Defaults to a page on about.mattermost.com where users can download the iOS, Android, and Desktop clients. If you're using an `Enterprise App Store `__ for your mobile apps, change this link to point to a customized download page where users can find the correct apps. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AppDownloadLink": "https://mattermost.com/download/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Android App Download Link -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Configurable link to download the Android app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/"`` with string input. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -iOS App Download Link -^^^^^^^^^^^^^^^^^^^^^ - -Configurable link to download the iOS app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Localization -~~~~~~~~~~~~~ - -Default Server Language -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Default language for system messages and logs. - -Changes to this setting require a server restart before taking effect. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DefaultServerLocale": "en"`` with options ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Default Client Language -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Default language for newly-created users and pages where the user hasn't logged in. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DefaultClientLocale": "en"`` with options ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Available Languages -^^^^^^^^^^^^^^^^^^^ - -Sets which languages are available for users in **Account Settings > Display > Languages**. Leave the field blank to add new languages automatically by default, or add new languages using the dropdown menu manually as they become available. If you're manually adding new languages, the **Default Client Language** must be added before saving the setting. - -.. note:: - Servers which upgraded to v3.1 need to manually set this field blank to have new languages added by default. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AvailableLocales": ""`` with options ``""``, ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Users and Teams -~~~~~~~~~~~~~~~ - -Max Users Per Team -^^^^^^^^^^^^^^^^^^^^ - -Maximum number of users per team, excluding inactive users. - -The **Max Users Per Team** refers to the size of the "team site" which is workspace a "team of people" inhabits. A team of people is considered a small organization where people work closely together towards a specific shared goal and share the same etiquette. In the physical world, a team of people could typically be seated around a single table to have a meal and discuss their project. - -The default maximum of 50 people, is at the extreme high end of a single team of people. At this point organizations are more often "multiple teams of people" and investments in explicitly defining etiquette, such as `channel organization `__ or turning on `policy features `__ in Enterprise Edition, are often used to scale the high levels of productivity found in a team of people using Mattermost to multiple teams of people. - -In terms of technical performance, `with appropriate hardware, Mattermost can easily scale to hundreds and even thousands of users `__, and provided the administrator believes the appropriate etiquette is in place, they should feel free to increase the default value. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxUsersPerTeam": 50`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Max Channels Per Team -^^^^^^^^^^^^^^^^^^^^^^ - -Maximum number of channels per team, including both active and deleted channels. - -+---------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxChannelsPerTeam": 2000`` with numerical input. | -+---------------------------------------------------------------------------------------------------+ - -Enable users to open Direct Message channels with -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**Any user on the Mattermost server**: The Direct Messages **More** menu has the option to open a Direct Message channel with any user on the server. - -**Any member of the team**: The Direct Messages **More** menu only has the option to open a Direct Message channel with users on the current team, and CTRL/CMD+K channel switcher only lists users on the current team. If a user belongs to multiple teams, Direct Messages will still be received regardless of what team they are currently on. - -This setting only affects the UI, not permissions on the server. For instance, a Direct Message channel can be created with anyone on the server regardless of this setting. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictDirectMessage": "any"`` with options ``"any"`` and ``"team"`` for the above settings, respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow Team Administrators to edit others' posts -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*This permission is stored in the database and can be modified using the System Console user interface.* - -**True**: Team Admins and System Admins can edit other users' posts. - -**False**: Only System Admins can edit other users' posts. - -.. note:: - System Admins and Team Admins can always delete other users' posts. This setting is only available for Team Edition servers. Enterprise Edition servers can use `Advanced Permissions `__ to configure this permission. - -Enable Team Directory -^^^^^^^^^^^^^^^^^^^^^ - -*Removed in May 16th, 2016 release* - -**True**: Teams that are configured to appear in the team directory will appear on the system main page. Teams can configure this setting from **Team Settings > Include this team in the Team Directory**. - -**False**: Team directory on the system main page is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTeamListing": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Teammate Name Display -^^^^^^^^^^^^^^^^^^^^^ - -Specifies how names are displayed in the user interface by default. Please note that users can override this setting in **Account Settings > Display > Teammate Name Display**. - -**Show username**: Displays the user's username. - -**Show nickname if one exists**: Displays the user's nickname. If the user does not have a nickname, their full name is displayed. If the user does not have a full name, their username is displayed. - -**Show first and last name**: Displays the user's full name. If the user does not have a full name, their username is displayed. Recommended when using SAML or LDAP if first name and last name attributes are configured. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TeammateNameDisplay": "username"`` with options ``"username"``, ``"nickname_full_name"``, and ``"full_name"`` for the above settings, respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow Users to View Archived Channels (Beta) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allows users to view, share, and search for content of channels that have been archived. Users can only view the content in channels of which they were a member before the channel was archived. - -**False**: Users are unable to view, share, or search for content of channels that have been archived. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalViewArchivedChannels": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Show Email Address -^^^^^^^^^^^^^^^^^^^^ - -**True**: Show email address of all users. - -**False**: Hide email address of users from other users in the user interface, including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Admins will still be able to see email addresses in the UI. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ShowEmailAddress": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Show Full Name -^^^^^^^^^^^^^^^ - -**True**: Show full name of all users. - -**False**: Hide full name of users from other users including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Admins will still be able to see full names in the UI. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ShowFullName": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Custom User Statuses -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users can set descriptive status messages and optional status emojis that are visible to all users. - -**False**: Users are unable to set custom user statuses. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomUserStatuses": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notifications -~~~~~~~~~~~~~~ - -Show @channel and @all confirmation dialog -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users will be prompted to confirm when posting @channel and @all in channels with over five members. - -**False**: No confirmation is required. - -+--------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableConfirmNotificationsToChannel": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------+ - -Enable Email Notifications -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables sending of email notifications. - -**False**: Disables email notifications for posts. This is useful for developers who may want to skip email setup for faster development. In order to remove the **Preview Mode: Email notifications have not been configured** banner, you should also set **Enable Preview Mode Banner** to ``false``. - -If this setting is set to ``false`` and the SMTP server is set up, account related emails (such as password, email, username, user token, MFA, and other authentication related changes) will be sent regardless of this setting. - -Email invitations and account deactivation emails are not affected by this setting. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SendEmailNotifications": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. _email-preview-mode-banner-config: - -Enable Preview Mode Banner -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Preview Mode banner is displayed to all users when ``"SendEmailNotifications": false`` so users are aware that email notifications are disabled. - -**False**: Preview Mode banner is not displayed to users. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePreviewModeBanner": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Email Batching -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users can select how often to receive email notifications, and multiple notifications within that timeframe will be combined into a single email. Batching will occur at a default interval of 15 minutes, configurable in **Account Settings > Notifications**. - -.. note:: - - Email batching cannot be enabled unless the `SiteURL `__ is configured and the `SMTP Email Server `__ is configured. - - Email batching in `High Availability mode `__ is planned but not yet supported. - -**False**: If email notifications are enabled in Account Settings, emails will be sent individually for every mention or direct message received. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableEmailBatching": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Email Notification Contents -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -**Send full message contents**: Sender name and channel are included in email notifications. - -**Send generic description with only sender name**: The team name and name of the person who sent the message, with no information about channel name or message contents, is included in email notifications. Typically used for compliance reasons if Mattermost contains confidential information and policy dictates it cannot be stored in email. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailNotificationContentsType": "full"`` with options ``"full"`` and ``"generic"`` for the above settings, respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notification Display Name -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Name displayed on email account used when sending notification emails from Mattermost system. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackName": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notification From Address -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Address displayed on email account used when sending notification emails from within Mattermost. - -So you don't miss messages, please make sure to change this value to an email your system administrator receives, such as ``"admin@yourcompany.com"``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackEmail": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notification Reply-To Address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Email address used in the Reply-To header when sending notification emails from Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReplyToAddress": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notification Footer Mailing Address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Organization name and mailing address displayed in the footer of email notifications from Mattermost, such as "© ABC Corporation, 565 Knight Way, Palo Alto, California, 94305, USA". If the field is left empty, the organization name and mailing address will not be displayed. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackOrganization": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Push Notification Contents -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**Generic description with only sender name**: Push notifications include only the name of the person who sent the message but no information about channel name or message text. - -**Generic description with sender and channel names**: Push notifications include names of users and channels but no specific details from the message text. - -**Full message content sent in the notification payload**: Selecting **Send full message snippet** sends excerpts from messages triggering notifications with specifics and may include confidential information sent in messages. If your Push Notification Service is outside your firewall, it is HIGHLY RECOMMENDED this option only be used with an "https" protocol to encrypt the connection. - -**ID-Only Push Notifications - Full message content fetched from the server on receipt** (*Available in Enterprise Edition E20*): The notification payload relayed through the `Apple Push Notification service `_ or `Firebase Cloud Messaging `_ service contains no message content. Instead it contains a unique message ID used to fetch message content from the server when a push notification is received by a device via a `notification service app extention `_ on iOS or `an expandable notification pattern `_ on Android. If the server cannot be reached, a generic push notification message is displayed without message content or sender name. - -For customers who choose to wrap the Mattermost mobile application in a secure container, such as BlackBerry Dymanics, MobileIron, AirWatch or other solutions, the container needs to execute the fetching of message contents from the unique message ID when push notification are received. If the container is unable to execute the fetch, the push notification contents cannot be received by the customer's mobile application without passing the message contents through either the `Apple Push Notification service `_ or `Firebase Cloud Messaging `_ service. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PushNotificationContents": "full"`` with options ``"generic_no_channel"``, ``"generic"``, ``"full"``, and ``"id_loaded"`` for the above settings, respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Announcement Banner -~~~~~~~~~~~~~~~~~~~~ - -Enable Announcement Banner -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enable an announcement banner across all teams. The banner is displayed at the top of the screen and is the entire width of the screen. By default, users can dismiss the banner until you either change the text of the banner or until you re-enable the banner after it has been disabled. You can prevent users from dismissing the banner, and you can control the text color and the background color. - -**True**: Enable the announcement banner. The banner is displayed only if ``BannerText`` has a value. - -**False**: Disable the announcement banner. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableBanner": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------+ - -Banner Text -^^^^^^^^^^^ - -The text of the announcement banner. - -+------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BannerText": ""`` with string input. | -+------------------------------------------------------------------------------------+ - -Banner Color -^^^^^^^^^^^^ - -The background color of the announcement banner. - -+---------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BannerColor": "#f2a93b"`` with string input. | -+---------------------------------------------------------------------------------------------+ - -Banner Text Color -^^^^^^^^^^^^^^^^^ - -The color of the text in the announcement banner. - -+-------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BannerTextColor": "#333333"`` with string input. | -+-------------------------------------------------------------------------------------------------+ - -Allow Banner Dismissal -^^^^^^^^^^^^^^^^^^^^^^ -**True**: Users can dismiss the banner until the next time they log in or the banner is updated. - -**False**: The banner is permanently visible until it is turned off by the System Admin. - -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowBannerDismissal": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------+ - -Emoji -~~~~~~ - -Enable Emoji Picker -^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables an emoji picker that allows users to select emojis to add as reactions or use in messages. Enabling the emoji picker with a large number of Custom Emojis may slow down performance. - -**False**: Emoji picker is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableEmojiPicker": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Custom Emoji -^^^^^^^^^^^^^^^^^^^^ -**True**: Enables a Custom Emoji option in the Main Menu, where users can go to create customized emoji. - -**False**: Custom Emojis are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomEmoji": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Restrict Custom Emoji Creation -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* - -*Available in Enterprise Edition E10 and higher* - -**Allow everyone to create custom emoji**: Allows everyone to create Custom Emoji from the **Main Menu > Custom Emoji**. - -**Allow System and Team Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System or Team Admins. - -**Only allow System Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System Admins. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictCustomEmojiCreation": "all"`` with options ``"all"``, ``"admin"``, and ``"system_admin"`` for the above settings, respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Posts -~~~~~~ - -Enable Link Previews -^^^^^^^^^^^^^^^^^^^^ - -Link previews are previews of linked website content, image links, and YouTube videos that are displayed below posts when available. - -Link previews are requested by the server, meaning the Mattermost server must be connected to the internet for previews to be displayed. This connection can be established through a `firewall or outbound proxy `__ in environments where direct internet connectivity is not given or security policies make this necessary. - -**True**: Website link previews, image link previews, and YouTube previews are enabled on the server. Users can enable or disable website previews for themselves from **Account Settings > Display > Website Link Previews**. - -**False**: Website link previews, image link previews, and YouTube previews are disabled. The server does not request metadata for any links sent in messages. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLinkPreviews": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Disable Link Previews for Specific Domains -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Link previews are disabled for this list of comma-separated domains (e.g. “github.com, mattermost.com”). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictLinkPreviews": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable SVGs -^^^^^^^^^^^ - -**True**: Enables users to see previews of SVG file attachments and SVG image links. - -**False**: Previews of SVG file attachments and SVG image links are not displayed. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSVGs": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable LaTeX Rendering -^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables rendering of LaTeX code. - -**False**: Disables rendering of LaTeX code to prevent the app from crashing when sharing code that might outgrow assigned memory. When disabled, LaTeX code will be highlighted. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLatex": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Local Mode -^^^^^^^^^^^^^^^^^^ - -**True**: Enables local mode for mmctl. - -**False**: Prevents local mode for mmctl. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLocalMode": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Local Mode Socket Location -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The path for the socket that the server will create for mmctl to connect and communicate through local mode. If the default value for this key is changed, you will need to point mmctl to the new socket path when in local mode, using the ``--local-socket-path /new/path/to/socket`` flag in addition to the ``--local`` flag. - -If nothing is specified, the default path that both the server and mmctl assumes is ``/var/tmp/mattermost_local.socket``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Custom URL Schemes -^^^^^^^^^^^^^^^^^^ - -A list of URL schemes that are used for autolinking in message text. ``http``, ``https``, ``ftp``, ``tel`` and ``mailto`` always create links. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomUrlSchemes": []`` with string array input consisting of URL schemes, such as ``["git", "smtp"]``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Google API Key -^^^^^^^^^^^^^^^^ - -Mattermost offers the ability to embed YouTube videos from URLs shared by end users. - -Set this key and add YouTube Data API v3 as a service to your key to enable the display of titles for embedded YouTube video previews. Without the key, YouTube previews will still be created based on hyperlinks appearing in messages or comments but they will not show the video title. If Google detects the number of views is exceedingly high, they may throttle embed access. - -Should this occur, you can remove the throttle by registering for a Google Developer Key and entering it in this field following these instructions: https://www.youtube.com/watch?v=Im69kzhpR3I. Your Google Developer Key is used in client-side Javascript. - -Using a Google API Key allows Mattermost to detect when a video is no longer available and display the post with a *Video not found* label. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GoogleDeveloperKey": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File Sharing and Downloads -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Allow File Sharing -^^^^^^^^^^^^^^^^^^^ - -When ``false``, disables file sharing on the server. All file and image uploads on messages are forbidden across clients and devices, including mobile. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableFileAttachments": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ - -Allow File Uploads on Mobile -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -When ``false``, disables file uploads on mobile apps. All file and image uploads on messages are forbidden across clients and devices, including mobile. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMobileUpload": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ - -Allow File Downloads on Mobile -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -When ``false``, disables file downloads on mobile apps. Users can still download files from a mobile web browser. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMobileDownload": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ - -Public Links -~~~~~~~~~~~~ - -Enable Public File Links -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allow users to generate public links to files and images for sharing outside the Mattermost system with a public URL. - -**False**: The **Get Public Link** option is hidden from the image preview user interface. - -**Note:** When switched to ``False``, anyone who tries to visit a previously generated public link will receive an error message saying public links have been disabled. When switched back to ``True``, old public links will work again unless the **Public Link Salt** has been regenerated. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePublicLink": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Public Link Salt -^^^^^^^^^^^^^^^^^^ - -32-character salt added to the URL of public links when public links are enabled. Click **Regenerate** in the System Console to create a new salt, which will invalidate all existing public links. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PublicLinkSalt": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Notices -~~~~~~~~ - -Enable Admin Notices -^^^^^^^^^^^^^^^^^^^^ - -**True**: System Admins will receive notices about available server upgrades and relevant system administration features. `Learn more `_ - -**False**: System Admins will not receive notices except those that apply to all end users (See ``UserNoticesEnabled``). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AdminNoticesEnabled": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable End User Notices -^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: All users will receive notices about available client upgrades and relevant end user features to improve user experience. `Learn more `_ - -**False**: Users will not receive notices about available client upgrades and relevant end user features. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserNoticesEnabled": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Authentication ---------------- - -Authentication settings to enable account creation and sign in with email, GitLab, Google or Office 365 OAuth, AD/LDAP, or SAML. - -Signup -~~~~~~~ - -Enable Account Creation -^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Ability to create new accounts is enabled via inviting new members or sharing the team invite link. - -**False**: Ability to create accounts is disabled. The **Create Account** button displays an error when trying to signup via an email invite or team invite link. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserCreation": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Restrict account creation to specified email domains -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Teams and user accounts can only be created by a verified email from this list of comma-separated domains (e.g. "corp.mattermost.com, mattermost.org"). - -This setting only affects email login. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Open Server -^^^^^^^^^^^^^^^^^^^ - -**True**: Users can sign up to the server from the root page without an invite. - -**False**: Users can only sign up to the server if they receive an invite. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOpenServer": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Email Invitations -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users can invite others to the Mattermost system by email. - -**False**: Email invitations are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableEmailInvitations": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Invalidate pending email invites -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This button invalidates active email invitations that have not been accepted by the user. By default email invitations expire after 48 hours. - -Enable Team Creation -^^^^^^^^^^^^^^^^^^^^^ - -*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* - -**True**: Ability to create a new team is enabled for all users. - -**False**: Only System Admins can create teams from the team selection page. The **Create A New Team** button is hidden in the Main Menu UI. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTeamCreation": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Email -~~~~~ - -Enable account creation with email -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allow team creation and account signup using email and password. - -**False**: Email signup is disabled. This limits signup to single sign-on services like OAuth or AD/LDAP. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSignUpWithEmail": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Require Email Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Require email verification after account creation prior to allowing login. - -**False**: Users do not need to verify their email address prior to login. Developers may set this field to ``false`` to skip sending verification emails for faster development. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RequireEmailVerification": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable sign-in with email -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost allows account creation using email and password. - -**False**: Sign in with email is disabled and does not appear on the login screen. Use this value when you want to limit sign up to a Single Sign-on service like AD/LDAP, SAML, or GitLab. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSignInWithEmail": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable sign-in with username -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost allows users with email login to sign in using their username and password. This setting does not affect AD/LDAP login. - -**False**: Sign in with username is disabled and does not appear on the login screen. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EnableSignInWithUsername": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Password -~~~~~~~~~ - -Minimum Password Length -^^^^^^^^^^^^^^^^^^^^^^^^ - -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -Minimum number of characters required for a valid password. Must be a whole number greater than or equal to 5 and less than or equal to 64. - -+----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MinimumLength": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------+ - -Password Requirements -^^^^^^^^^^^^^^^^^^^^^^ - -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -Set the required character types to be included in a valid password. Defaults to allow any characters unless otherwise specified by the checkboxes. The error messasage previewed in the System Console will appear on the account creation page if a user enters an invalid password. - -- **At least one lowercase letter**: Select this checkbox if a valid password must contain at least one lowercase letter. -- **At least one uppercase letter**: Select this checkbox if a valid password must contain at least one uppercase letter. -- **At least one number**: Select this checkbox if a valid password must contain at least one number. -- **At least one symbol**: Select this checkbox if a valid password must contain at least one symbol. Valid symbols include: ``!"#$%&'()*+,-./:;<=>?@[]^_`|~``. - -This feature's ``config.json`` settings are, respectively: - -.. list-table:: - :widths: 80 - - * - ``"Lowercase": true`` with options ``true`` and ``false``. - * - ``"Number": true`` with options ``true`` and ``false``. - * - ``"Uppercase": true`` with options ``true`` and ``false``. - * - ``"Symbol": true`` with options ``true`` and ``false``. - -Maximum Login Attempts -^^^^^^^^^^^^^^^^^^^^^^ - -Failed login attempts allowed before a user is locked out and required to reset their password via email. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaximumLoginAttempts": 10`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -MFA -~~~~ - -Configure security settings for multi-factor authentication. - -The default recommendation for secure deployment is to host Mattermost within your own private network, with VPN clients on mobile, so everything works under your existing security policies and authentication protocols, which may already include multi-factor authentication. - -If you choose to run Mattermost outside your private network, bypassing your existing security protocols, it is recommended you set up a multi-factor authentication service specifically for accessing Mattermost. - - -Enable Multi-factor Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When true, users with LDAP and email authentication will be given the option to require a phone-based passcode, in addition to their password-based authentication, to sign-in to the Mattermost server. Specifically, they will be asked to download the `Google Authenticator `__ app to their iOS or Android mobile device, connect the app with their account, and then enter a passcode generated by the app on their phone whenever they log in to the Mattermost server. - -**False**: Multi-factor authentication is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMultifactorAuthentication": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enforce Multi-factor Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -**True**: When true, `multi-factor authentication (MFA) `__ is required for login. New users will be required to configure MFA on signup. Logged in users without MFA configured are redirected to the MFA setup page until configuration is complete. If your system has users with login options other than AD/LDAP and email, MFA must be enforced with the authentication provider outside of Mattermost. - -**False**: Multi-factor authentication is optional. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP -~~~~~~~~ - -*Available in Enterprise Edition E10 and higher* - -Enable sign-in with AD/LDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost allows login using AD/LDAP or Active Directory. - -**False**: Login with AD/LDAP is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Synchronization with AD/LDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost periodically synchronizes users from AD/LDAP. - -**False**: AD/LDAP synchronization is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSync": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Server -^^^^^^^^^^^^^^^ - -The domain or IP address of the AD/LDAP server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LdapServer": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Port -^^^^^^^^^^^^^ - -The port Mattermost will use to connect to the AD/LDAP server. Defaults to ``389``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LdapPort": 389`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Connection Security -^^^^^^^^^^^^^^^^^^^^^ - -The type of connection security Mattermost uses to connect to AD/LDAP. - -**None**: No encryption, Mattermost will not attempt to establish an encrypted connection to the AD/LDAP server. - -**TLS**: Encrypts the communication between Mattermost and your server using TLS. - -**STARTTLS**: Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS. - -If the "No encryption" option is selected it is highly recommended that the AD/LDAP connection is secured outside of Mattermost, for example, by adding a stunnel proxy. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``"TLS"``, and ``"STARTTLS"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Private Key -^^^^^^^^^^^^ - -(Optional) The private key file provided by your LDAP Authentication Provider and uploaded if TLS client certificates are being used as the primary authentication mechanism. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Public Certificate -^^^^^^^^^^^^^^^^^^ - -(Optional) The public TLS certificate file provided by your LDAP Authentication Provider and uploaded if TLS client certificates are being used as the primary authentication mechanism. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - - -Skip Certificate Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Skips the certificate verification step for TLS or STARTTLS connections. Not recommended for production environments where TLS is required. For testing only. - -**False**: Mattermost does not skip certificate verification. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipCertificateVerification": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Base DN -^^^^^^^^ - -The **Base Distinguished Name** of the location where Mattermost should start its search for users in the AD/LDAP tree. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BaseDN": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Bind Username -^^^^^^^^^^^^^ - -The username used to perform the AD/LDAP search. This should be an account created specifically for use with Mattermost. Its permissions should be limited to read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. When using Active Directory, **Bind Username** should specify domain in ``"DOMAIN/username"`` format. This field is required, and anonymous bind is not currently supported. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BindUsername": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Bind Password -^^^^^^^^^^^^^^ - -Password of the user given in **Bind Username**. Anonymous bind is not currently supported. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BindPassword": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -User Filter -^^^^^^^^^^^ - -(Optional) Enter an AD/LDAP Filter to use when searching for user objects (accepts `general syntax `__). Only the users selected by the query will be able to access Mattermost. - -Sample filters for Active Directory: - -- To filter out disabled users: ``(&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))``. -- To filter out by group membership, determine the distinguishedName of your group, then use the group membership general syntax format as your filter. - - * For example, if the security group distinguishedName is ``CN=group1,OU=groups,DC=example,DC=com``, then the user filter to use is: ``(memberOf=CN=group1,OU=groups,DC=example,DC=com)``. Note that the user must explicitly belong to this group for the filter to apply. - -This filter uses the permissions of the **Bind Username** account to execute the search. Administrators should make sure to use a specially created account for Bind Username with read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserFilter": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Guest Filter -^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Optional) Enter an AD/LDAP Filter to use when searching for external users who have Guest Access to Mattermost. Only the users selected by the query will be able to log in to and use Mattermost as Guests. This filter default is blank. - -See the `Guest Accounts documentation `__ for more information. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GuestFilter": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Admin Filter -^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Optional) Enter a filter to use for designating the System Admin role to users. When enabled the user is promoted to this role on their next login or at the next scheduled AD/LDAP sync. If the Admin Filter is removed, users who are currently logged in retain their Admin role. When they log out this is revoked and on their next login they will no longer have Admin privileges. - -This filter default is ``false`` and must be set to ``true`` in order for the Admin Filter to be used. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAdminFilter": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Group Filter -^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Optional) Enter an AD/LDAP Filter to use when searching for group objects (accepts `general syntax `__). Only the groups selected by the query will be able to access Mattermost. - -This filter is defaulted to ``(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))`` when blank. - -.. note:: - This filter is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupFilter": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Group Display Name Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Required) Enter an AD/LDAP Group Display name attribute used to populate Mattermost Group names. - -.. note:: - This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupDisplayNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Group Id Attribute -^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Required) Enter an AD/LDAP Group ID attribute to use as a unique identifier for Groups. This should be an AD/LDAP value that does not change. This is usually ``entryUUID`` for LDAP and ``objectGUID`` for AD. - -.. note:: - This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupIdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -First Name Attribute -^^^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the AD/LDAP server used to populate the first name of users in Mattermost. When set, users cannot edit their first name, since it is synchronized with the LDAP server. When left blank, users can set their first name in Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Last Name Attribute -^^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the AD/LDAP server used to populate the last name of users in Mattermost. When set, users cannot edit their last name, since it is synchronized with the LDAP server. When left blank, users can set their last name in Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Nickname Attribute -^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the AD/LDAP server used to populate the nickname of users in Mattermost. When set, users cannot edit their nickname, since it is synchronized with the LDAP server. When left blank, users can set their nickname in Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Position Attribute -^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the AD/LDAP server used to populate the position field in Mattermost. When set, users cannot edit their position, since it is synchronized with the LDAP server. When left blank, users can set their position in Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Email Attribute -^^^^^^^^^^^^^^^^^ - -The attribute in the AD/LDAP server used to populate the email address field in Mattermost. - -Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings chosen by the System Admin. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Profile Picture Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The attribute in the AD/LDAP server used to synchronize (and lock) the profile picture used in Mattermost. - -The Mattermost server will replace the user’s profile image upon login (not at the sync interval as with other attributes). The sync will not occur if the current Mattermost profile image matches the image associated with that user in AD/LDAP. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PictureAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Username Attribute -^^^^^^^^^^^^^^^^^^^ - -The attribute in the AD/LDAP server used to populate the username field in Mattermost. This may be the same as the Login ID Attribute. - -This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. - -The **Username Attribute** may be set to the same value used to sign-in to the system, called a **Login ID Attribute**, or it can be mapped to a different value. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -ID Attribute -^^^^^^^^^^^^^ - -The attribute in the AD/LDAP server used as a unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change. - -If a user's ID Attribute changes, a new Mattermost account (unassociated with the previous one) is created. To prevent this, it's recommended that a unique attribute such as ``objectGUID`` in Active Directory and ``entryUUID`` in LDAP be used instead. - -Before making any changes confirm with your LDAP provider whether these attributes are available in your environment. - -If you need to change this field after users have already logged in, use the `mattermost ldap idmigrate `__ CLI tool. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Login ID Attribute -^^^^^^^^^^^^^^^^^^^^ - -The attribute in the AD/LDAP server used to log in to Mattermost. Normally this attribute is the same as the **Username Attribute** field above. - -If your team typically uses domain\username to log in to other services with AD/LDAP, you may enter domain\username in this field to maintain consistency between sites. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginIdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Login Field Name -~~~~~~~~~~~~~~~~~~ - -The placeholder text that appears in the login field on the login page. Typically this would be whatever name is used to refer to AD/LDAP credentials in your company, so it is recognizable to your users. Defaults to **AD/LDAP Username**. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginFieldName": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Synchronization Interval (minutes) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set how often Mattermost accounts synchronize attributes with AD/LDAP, in minutes. - -When synchronizing, Mattermost queries AD/LDAP for relevant account information and updates Mattermost accounts based on changes to attributes (first name, last name, and nickname). - -When accounts are disabled in AD/LDAP users are made inactive in Mattermost, and their active sessions are revoked once Mattermost synchronizes attributes. To synchronize immediately after disabling an account, use the **AD/LDAP Synchronize Now** button. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SyncIntervalMinutes": 60`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - LDAP syncs cause a large number of database read queries. Ensure that you monitor database load during a sync to determine how often these syncs should happen in your environment in order to minimize performance degradation. - -Maximum Page Size -^^^^^^^^^^^^^^^^^^ - -The maximum number of users the Mattermost server will request from the AD/LDAP server at one time. Use this setting if your AD/LDAP server limits the number of users that can be requested at once. - -- A value of 0 is unlimited and does not paginate the results. -- A value of 1500 is recommended to align with the default AD/LDAP ``MaxPageSize`` setting. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxPageSize": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Query Timeout (seconds) -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The timeout value for queries to the AD/LDAP server. Increase this value if you are getting timeout errors caused by a slow AD/LDAP server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"QueryTimeout": 60`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Test -^^^^^^^^^^^^^ - -This button can be used to test the connection to the AD/LDAP server. If the test is successful, it shows a confirmation message and if there is a problem with the configuration settings it will show an error message. - -AD/LDAP Synchronize Now -^^^^^^^^^^^^^^^^^^^^^^^^^ - -This button causes AD/LDAP synchronization to occur as soon as it is pressed. Use it whenever you have made a change in the AD/LDAP server you want to take effect immediately. After using the button, the next AD/LDAP synchronization will occur after the time specified by the Synchronization Interval. - -You can monitor the status of the synchronization job in the table below this button. - -.. note:: - If synchronization **Status** displays as ``Pending`` and does not complete, make sure that the **Enable Synchronization with AD/LDAP** setting is set to ``true``. - -.. figure:: ../images/ldap-sync-table.png - -.. _saml-enterprise: - -SAML -~~~~~ - -*Available in Enterprise Edition E20* - -.. note:: - In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. - -Use New SAML Library -^^^^^^^^^^^^^^^^^^^^^ - -*Removed in December 16, 2020 release* - -**True**: Enable an updated SAML Library, which does not require the XML Security Library (xmlsec1) to be installed. - -**False**: Continue using the existing implementation which uses the XML Security Library (xmlsec1). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseNewSAMLLibrary": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Login With SAML -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost allows login using SAML. Please see `documentation `__ to learn more about configuring SAML for Mattermost. - -**False**: Login with SAML is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Synchronizing SAML Accounts With AD/LDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost periodically synchronizes SAML user attributes, including user deactivation and removal, with AD/LDAP. Enable and configure synchronization settings at **Authentication > AD/LDAP**. See `documentation `__ to learn more. - -**False**: Synchronization of SAML accounts with AD/LDAP is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSyncWithLdap": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Ignore Guest Users When Synchronizing with AD/LDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Available when ``Enable Synchronizing SAML Accounts With AD/LDAP`` is set to ``true``. - -**True**: Mattermost ignores Guest Users identified by the Guest Attribute when synchronizing with AD/LDAP on user deactivation and removal. Manage guest deactivation manually via **System Console > Users**. See `documentation `__ to learn more. - -**False**: Synchronization of SAML deactivates and removes Guest Users when synchronizing with AD/LDAP. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IgnoreGuestsLdapSync": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Override SAML Bind Data with AD/LDAP Information -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost overrides the SAML ID attribute with the AD/LDAP ID attribute if configured or overrides the SAML Email attribute with the AD/LDAP Email attribute if SAML ID attribute is not present. See `documentation `__ to learn more. - -**False**: Mattermost uses the email attribute to bind users to SAML. - -.. note:: - Moving from ``true`` to ``false`` will prevent the override from happening. To prevent the disabling of user accounts, SAML IDs must match the LDAP IDs when this feature is enabled. This setting should be set to ``false`` unless LDAP sync is enabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSyncWithLdapIncludeAuth": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SAML SSO URL -^^^^^^^^^^^^^ - -The URL where Mattermost sends a SAML request to start login sequence. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpURL": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Identity Provider Issuer URL -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The issuer URL for the Identity Provider you use for SAML requests. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpDescriptorUrl": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Identity Provider Metadata URL -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The URL where Mattermost sends a request to obtain setup metadata from the provider. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpMetadataUrl": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Identity Provider Public Certificate -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The public authentication certificate issued by your Identity Provider. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpCertificateFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Verify Signature -^^^^^^^^^^^^^^^^^ - -**True**: Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL. - -**False**: Not recommended for production environments. For testing only. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Verify": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Service Provider Identifier -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The unique identifier for the Service Provider, usually the same as Service Provider Login URL. In ADFS, this must match the Relying Party Identifier. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ServiceProviderIdentifier": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Service Provider Login URL -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enter ``https:///login/sso/saml`` (example: ``https://example.com/login/sso/saml``). Make sure you use HTTP or HTTPS in your URL depending on your server configuration. This field is also known as the Assertion Consumer Service URL. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AssertionConsumerServiceURL": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SignatureAlgorithm -^^^^^^^^^^^^^^^^^^^ - -The signature algorithm used to sign the request. Supported options are `RSAwithSHA1 `_, `RSAwithSHA256 `_, and `RSAwithSHA512 `_. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SignatureAlgorithm": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -CanonicalAlgorithm -^^^^^^^^^^^^^^^^^^^ - -The canonicalization algorithm. Supported options are ``Canonical1.0`` for `Exclusive XML Canonicalization 1.0 (omit comments) `_ (``http://www.w3.org/2001/10/xml-exc-c14n#``) and ``Canonical1.1`` for `Canonical XML 1.1 (omit comments) `_ (``http://www.w3.org/2006/12/xml-c14n11``). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CanonicalAlgorithm": "Canonical1.0"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Encryption -^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate. - -**False**: Not recommended for production environments. For testing only. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Encrypt": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Service Provider Private Key -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The private key used to decrypt SAML Assertions from the Identity Provider. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Service Provider Public Certificate -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The certificate file used to generate the signature on a SAML request to the Identity Provider for a service provider initiated SAML login, when Mattermost is the Service Provider. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Sign Request -^^^^^^^^^^^^^ -When ``true``, Mattermost signs the SAML request using your Service Provider Private Key. When ``false``, Mattermost does not sign the SAML request. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SignRequest": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Email Attribute -^^^^^^^^^^^^^^^^^ - -The attribute in the SAML Assertion that will be used to populate the email addresses of users in Mattermost. - -Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings choosen by the System Admin. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Username Attribute -^^^^^^^^^^^^^^^^^^^ - -The attribute in the SAML Assertion that will be used to populate the username field in Mattermost user interface. This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Id Attribute -^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion used to bind users from SAML to users in Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Guest Attribute -^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Optional) The attribute in the SAML Assertion used to apply a Guest role to users in Mattermost. - -See the `Guest Accounts documentation `__ for more information. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GuestAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Admin Attribute -^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -(Optional) The attribute in the SAML Assertion for designating System Admins. The user is automatically promoted to this role on their next login. If the Admin Attribute is removed, users who are currently logged in retain their Admin role. When they log out this is revoked and on their next login they will no longer have Admin privileges. - -This attribute's default is ``false`` and must be set to ``true`` in order for the Admin Attribute to be used. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAdminAttribute": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -First Name Attribute -^^^^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion that will be used to populate the first name of users in Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Last Name Attribute -^^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion that will be used to populate the last name of users in Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Nickname Attribute -^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion that will be used to populate the nickname of users in Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Position Attribute -^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion that will be used to populate the position field for users in Mattermost (typically used to describe a person's job title or role at the company). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Preferred Language Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -(Optional) The attribute in the SAML Assertion that will be used to populate the language of users in Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LocaleAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Login Button Text -^^^^^^^^^^^^^^^^^^^ - -(Optional) The text that appears in the login button on the login page. Defaults to **SAML**. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonText": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Scoping IDP Provider Id -^^^^^^^^^^^^^^^^^^^^^^^^ - -Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Scoping IDP Name -^^^^^^^^^^^^^^^^ - -Adds the name associated with a user's Scoping Identity Provider ID. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -OAuth 2.0 -~~~~~~~~~~ - -Settings to configure OAuth login for account creation and login. - -Select OAuth 2.0 service provider -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Team Edition and Enterprise Edition E10* - -Choose whether OAuth can be used for account creation and login. Options include: - - - **Do not allow sign-in via an OAuth 2.0 provider** - - **GitLab** (see `GitLab Settings `__ for more detail) - - **Google Apps** (available in Enterprise Edition E20, see `Google Settings `__ for more detail) - - **Office 365** (available in Enterprise Edition E20, see `Office 365 Settings `__ for more detail) - -This feature's setting does not appear in ``config.json``. - -GitLab -~~~~~~ - -Enable authentication with GitLab -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allow team creation and account signup using GitLab OAuth. To configure, input the **Secret** and **Id** credentials. - -**False**: GitLab OAuth cannot be used for team creation or account signup. - -**Note**: For Enterprise, GitLab settings can be found under **OAuth 2.0** - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application ID -^^^^^^^^^^^^^^^ - -Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application Secret Key -^^^^^^^^^^^^^^^^^^^^^^^^ - -Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -User API Endpoint -^^^^^^^^^^^^^^^^^^ - -Enter ``https:///api/v3/user`` (example: ``https://example.com:3000/api/v3/user``). Use HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Auth Endpoint -^^^^^^^^^^^^^^ -Enter ``https:///oauth/authorize`` (example: ``https://example.com:3000/oauth/authorize``). Use HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Token Endpoint -^^^^^^^^^^^^^^^^ - -Enter ``https:///oauth/token`` (example: ``https://example.com:3000/oauth/token``). Use HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Google -~~~~~~~~ - -*Available in Enterprise Edition E20* - -Enable authentication with Google by selecting ``Google Apps`` from **OAuth 2.0 > Select OAuth 2.0 service provider**. - -**True**: Allow team creation and account signup using Google OAuth. To configure, input the **Client ID** and **Client Secret** credentials. See `the documentation `__ for more detail. - -**False**: Google OAuth cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client ID -^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Google account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client Secret -^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Google account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -User API Endpoint -^^^^^^^^^^^^^^^^^^^ - -It is recommended to use `https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata` as the User API Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata"`` | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Auth Endpoint -^^^^^^^^^^^^^^ - -It is recommended to use ``"https://accounts.google.com/o/oauth2/v2/auth"`` as the Auth Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Token Endpoint -^^^^^^^^^^^^^^^^ - -It is recommended to use ``"https://www.googleapis.com/oauth2/v4/token"`` as the Token Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Office 365 -~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -.. note:: - In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. - -Enable authentication with Office 365 by selecting **Office 365** from **System Console > Authentication > OAuth 2.0 > Select OAuth 2.0 service provider**. - -**True**: Allow team creation and account signup using Office 365 OAuth. To configure, input the **Application ID** and **Application Secret Password** credentials. See `the documentation `__ for more detail. - -**False**: Office 365 OAuth cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application ID -^^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application Secret Password -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Directory (tenant) ID -^^^^^^^^^^^^^^^^^^^^^^ - -This value is the ID of the application's AAD directory. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DirectoryId": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -User API Endpoint -^^^^^^^^^^^^^^^^^^^ - -It is recommended to use ``"https://graph.microsoft.com/v1.0/me"`` as the User API Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://graph.microsoft.com/v1.0/me"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Auth Endpoint -^^^^^^^^^^^^^^^ - -It is recommended to use ``"https://accounts.google.com/o/oauth2/v2/auth"`` as the Auth Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Token Endpoint -^^^^^^^^^^^^^^^ - -It is recommended to use ``"https://login.microsoftonline.com/common/oauth2/v2.0/token"`` as the Token Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Select OpenID Connect service provider -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Choose whether OpenID Connect can be used for account creation and login. Options include: - - - **Do not allow sign-in via an OpenID provider** - - **GitLab** (see `GitLab Settings `__ for more detail) - - **Google Apps** (available in Enterprise Edition E20, see `Google Settings `__ for more detail) - - **Office 365** (available in Enterprise Edition E20, see `Office 365 Settings `__ for more detail) - - **OpenID Connect (Other)** (available in Enterprise Edition E20, see `OpenID Connect Settings `__ for more detail) - -This feature's setting does not appear in ``config.json``. - -GitLab Settings -~~~~~~~~~~~~~~~ - -Enable authentication with GitLab -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allow team creation and account signup using GitLab OpenID Connect. To configure, input the **Secret**, **Id**, and **DiscoveryEndpoint** credentials. - -**False**: GitLab OpenID Connect cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application ID -^^^^^^^^^^^^^^^ - -Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a **Name**, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application Secret Key -^^^^^^^^^^^^^^^^^^^^^^^^ - -Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a **Name**, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Discovery Endpoint -^^^^^^^^^^^^^^^^^^ - -This value is prepopulated with ``https://gitlab.com/.well-known/openid-configuration``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Google Settings -~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Enable authentication with Google by selecting ``Google Apps`` from **System Console > Authentication > OpenID Connect > Select service provider**. - -**True**: Allow team creation and account signup using Google OpenID Connect. To configure, input the **Client ID**, **Client Secret**, and **DiscoveryEndpoint** credentials. See `the documentation `__ for more detail. - -**False**: Google OpenID Connect cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client ID -^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Google account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client Secret -^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Google account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Discovery Endpoint -^^^^^^^^^^^^^^^^^^ - -This value is prepopulated with ``https://accounts.google.com/.well-known/openid-configuration``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Office 365 Settings -~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -.. note:: - In line with Microsoft ADFS guidance, we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. - -Enable authentication with Office 365 by selecting **Office 365** from **System Console > Authentication > OpenID Connect > Select service provider**. - -**True**: Allow team creation and account signup using Office 365 OpenID Connect. To configure, input the **Application ID** and **Application Secret Password** credentials. See `the documentation `__ for more detail. - -**False**: Office 365 OpenID Connect cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application ID -^^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Application Secret Password -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Discovery Endpoint -^^^^^^^^^^^^^^^^^^ - -This value is prepopulated with ``https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -OpenID Connect (Other) Settings -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Enable authentication with a service provider by selecting ``OpenID Connect (Other)`` from **System Console > Authentication > OpenID Connect > Select service provider**. - -**True**: Allow team creation and account signup using OpenID Connect. To configure, input the **Client ID**, **Client Secret**, and **DiscoveryEndpoint** credentials. See `the documentation `__ for more detail. - -**False**: OpenID Connect cannot be used for team creation or account signup. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client ID -^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your service provider account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client Secret -^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your service provider account. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Discovery Endpoint -^^^^^^^^^^^^^^^^^^ - -Obtain this value by registering Mattermost as an application in your service provider account. Should be in the format ``https://myopenid.provider.com/{my_company}/.well-known/openid-configuration`` where the value of *{my_company}* is replaced with your organization. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Button Text -^^^^^^^^^^^ - -Specify the text that displays on the OpenID login button. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ButtonText": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Button Color -^^^^^^^^^^^^ - -Specify the color of the OpenID login button for white labeling purposes. Use a hex code with a #-sign before the code, for example ``#145DBF``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ButtonColor": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Guest Access (Beta) -~~~~~~~~~~~~~~~~~~~~ - -Enable Guest Access -^^^^^^^^^^^^^^^^^^^ - -**True**: Allow guest invitations to channels within teams. Please see `Guest Accounts documentation `_ for more information. - -**False**: Email signup is disabled. This limits signup to Single sign-on services like OAuth or AD/LDAP. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Whitelisted Guest Domains -^^^^^^^^^^^^^^^^^^^^^^^^^ - -When populated, guest accounts can only be created by a verified email from this list of comma-separated domains. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enforce Multi-factor Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting defaults to false and is read-only if multi-factor authentication is not enforced for regular users. - -**True**: When true, multi-factor authentication (MFA) is required for login. New guest users will be required to configure MFA on sign-up. Logged in guest users without MFA configured are redirected to the MFA setup page until configuration is complete. - -**False**: Multi-factor authentication for guests is optional. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Plugins (Beta) --------------- - -Settings to configure plugins. - -Plugin Management -~~~~~~~~~~~~~~~~~~~ - -Enable Plugins -^^^^^^^^^^^^^^^ - -**True**: Enables plugins on your Mattermost server. Use plugins to integrate with third-party systems, extend functionality, or customize the user interface of your Mattermost server. See `documentation `__ to learn more. - -**False**: Disables plugins on your Mattermost server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Automatic Prepackaged Plugins -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Any pre-packaged plugins enabled in the configuration will be installed or upgraded automatically. If a newer version is already installed, no changes are made. - -**False**: Pre-packaged plugins are not installed or upgraded automatically but may be installed manually from the Plugin Marketplace, even when offline. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AutomaticPrepackagedPlugins": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Marketplace -^^^^^^^^^^^^^^^^^^^ - -**True**: Enables Plugin Marketplace on your Mattermost server for all System Admins. - -**False**: Disables Plugin Marketplace on your Mattermost server for all System Admins. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMarketplace": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Remote Marketplace -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: The server will attempt to connect to the configured Plugin Marketplace to show the latest plugins. If the connection fails, the Plugin Marketplace shows only pre-packaged and already installed plugins alongside a connection error. - -**False**: The server will not attempt to connect to a remote marketplace, instead showing only pre-packaged and already installed plugins. Use this setting if your server cannot connect to the internet. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableRemoteMarketplace": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Marketplace URL -^^^^^^^^^^^^^^^^ - -If the Marketplace is enabled, this setting specifies which URL should be used to query for new Marketplace plugins. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MarketplaceUrl": "https://api.integrations.mattermost.com"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Plugin Settings -^^^^^^^^^^^^^^^^ - -Settings specific to each plugin. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Plugins": {}`` with object input mapping plugin IDs as keys to objects containing plugin-specific data. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Installed Plugin State -^^^^^^^^^^^^^^^^^^^^^^ - -Lists installed plugins on your Mattermost server and whether they are enabled. Pre-packaged plugins are installed by default and can be deactivated, but not removed. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PluginStates": {}`` with object input mapping plugin IDs as keys to objects, each of which contains a key ``"Enable": false`` with options ``true`` or ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Require Plugin Signature -^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Require valid plugin signatures before starting managed or unmanaged plugins. Pre-packaged plugins are not subject to plugin signature verification. Plugins installed through the Plugin Marketplace are always subject to plugin signature verification at the time of download. - -**False**: Do not require valid plugin signatures before starting managed or unmanaged plugins. Pre-packaged plugins are not subject to plugin signature verification. Plugins installed through the Plugin Marketplace are always subject to plugin signature verification at the time of download. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RequirePluginSignature": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ - -Signature Public Key Files -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -In addition to the Mattermost plugin signing key built into the server, each public key specified here is trusted to validate plugin signatures. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SignaturePublicKeyFiles": {}`` with with string array input consisting of contents that are relative or absolute paths to signature files. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Autolink -~~~~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Custom User Attributes -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -GitHub -~~~~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Jira -~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Net Promoter Score -~~~~~~~~~~~~~~~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Welcome Bot -~~~~~~~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Zoom -~~~~~ - -Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. - -Integrations -------------- - -Settings to configure webhooks, slash commands, and external integration services. - -Integration Management -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable Incoming Webhooks -^^^^^^^^^^^^^^^^^^^^^^^^^ -Developers building integrations can create webhook URLs for Public channels and Private channels. Please see our `documentation page `__ to learn about creating webhooks, view samples, and to let the community know about integrations you have built. - -**True**: Incoming webhooks will be allowed. To manage incoming webhooks, go to **Account Settings > Integrations**. The webhook URLs created in Account Settings can be used by external applications to create posts in any Public or Private channels that you have access to. - -**False**: The **Integrations > Incoming Webhooks** section of Account Settings is hidden and all incoming webhooks are disabled. - -Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIncomingWebhooks": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Outgoing Webhooks -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Developers building integrations can create webhook tokens for Public channels. Trigger words are used to fire new message events to external integrations. For security reasons, outgoing webhooks are only available in Public channels. Please see our `documentation page `__ to learn about creating webhooks and view samples. - -**True**: Outgoing webhooks will be allowed. To manage outgoing webhooks, go to **Account Settings > Integrations**. - -**False**: The **Integrations > Outgoing Webhooks** section of Account Settings is hidden and all outgoing webhooks are disabled. - -Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOutgoingWebhooks": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Custom Slash Commands -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Slash commands send events to external integrations that send a response back to Mattermost. - -**True**: Allow users to create custom slash commands from **Main Menu > Integrations > Commands**. - -**False**: Slash commands are hidden in the **Integrations** user interface. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCommands": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable OAuth 2.0 Service Provider -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost acts as an OAuth 2.0 service provider allowing Mattermost to authorize API requests from external applications. - -**False**: Mattermost does not function as an OAuth 2.0 service provider. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOAuthServiceProvider": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Restrict managing integrations to Admins -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* - -**True**: When ``true``, webhooks and slash commands can only be created, edited, and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin. - -**False**: Any team members can create webhooks, slash commands` and OAuth 2.0 applications from **Main Menu > Integrations**. - -.. note:: - OAuth 2.0 applications can be authorized by all users if they have the **Client ID** and **Client Secret** for an app setup on the server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOnlyAdminIntegrations": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable integrations to override usernames -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Webhooks, slash commands, OAuth 2.0 apps, and other integrations such as `Zapier `__, will be allowed to change the username they are posting as. If no username is present, the username for the post is the same as it would be for a setting of ``False``. - -**False**: Custom slash commands can only post as the username of the user who used the slash command. OAuth 2.0 apps can only post as the username of the user who set up the integration. For incoming webhooks and outgoing webhooks, the username is "webhook". See https://mattermost.org/webhooks for more details. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostUsernameOverride": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable integrations to override profile picture icons -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Webhooks, slash commands, and other integrations, such as `Zapier `__, will be allowed to change the profile picture they post with. - -**False**: Webhooks, slash commands, and OAuth 2.0 apps can only post with the profile picture of the account they were set up with. See https://mattermost.org/webhooks for more details. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostIconOverride": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Personal Access Tokens -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When ``true``, users can create `personal access tokens `__ for integrations in **Account Settings > Security**. They can be used to authenticate against the API and give full access to the account. - -To manage who can create personal access tokens or to search users by token ID, go to the **System Console > Users** page. - -**False**: Personal access tokens are disabled on the server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserAccessTokens": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Bot Accounts -~~~~~~~~~~~~ - -Enable Bot Account Creation -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When ``true``, users can create bot accounts for integrations in **Integrations > Bot Accounts**. Bot accounts are similar to user accounts except they cannot be used to log in. See `documentation `_ to learn more. - -**False**: Bot accounts cannot be created through the user interface or the RESTful API. Plugins can still create and manage bot accounts. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableBotAccountCreation": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Disable bot accounts when owner is deactivated -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When a user is deactivated, disables all bot accounts managed by the user. To re-enable bot accounts, go to **Integrations > Bot Accounts**. - -**False**: When a user is deactivated, all bot accounts managed by the user remain active. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DisableBotsWhenOwnerIsDeactivated": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -GIF (Beta) -~~~~~~~~~~ - -Enable GIF Picker -^^^^^^^^^^^^^^^^^^ - -**True**: Allow users to select GIFs from the emoji picker via a Gfycat integration. - -**False**: GIFs cannot be selected in the emoji picker. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableGifPicker": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - `Link previews `_ must be enabled in order to display GIF link previews. Mattermost deployments restricted to access behind a firewall must open port 443 to both https://api.gfycat.com/v1 and https://gfycat.com/ (for all request types) for this feature to work. - -Gfycat API Key -^^^^^^^^^^^^^^^ - -When blank, uses the default API key provided by Gfycat. Alternatively, a unique API key can be requested at https://developers.gfycat.com/signup/#/. Enter the client ID you receive via email to this field. - -+-----------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GfycatApiKey": "2_KtH_W5"`` with string input. | -+-----------------------------------------------------------------------------------------------+ - -Gfycat API Secret -^^^^^^^^^^^^^^^^^^ - -The API secret generated by Gfycat for your API key. When blank, uses the default API secret provided by Gfycat. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof"`` with string input. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------+ - -CORS -~~~~~ - -Enable cross-origin requests from -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enable HTTP cross-origin requests from specific domains separated by spaces. Type ``*`` to allow CORS from any domain or leave it blank to disable it. - -.. note:: - Please make sure you have entered your Site URL before enabling this setting to prevent losing access to the System Console after saving. If you experience lost access to the System Console after changing this setting, you can set your `Site URL `__ through the ``config.json`` file. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowCorsFrom": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -CORS Exposed Headers -^^^^^^^^^^^^^^^^^^^^^ - -Whitelist of headers that will be accessible to the requester. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsExposedHeaders": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -CORS Allow Credentials -^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Requests that pass validation will include the ``Access-Control-Allow-Credentials`` header. - -**False**: Requests won't include the ``Access-Control-Allow-Credentials`` header. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsAllowCredentials": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -CORS Debug -^^^^^^^^^^^^ - -**True**: Prints messages to the logs to help when developing an integration that uses CORS. These messages will include the structured key value pair ``"source": "cors"``. - -**False**: Debug messages not printed to the logs. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsDebug": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Compliance ------------- - -Data Retention Policy -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Changes to properties in this section require a server restart before taking effect. - -.. warning:: Once a message or a file is deleted, the action is irreversible. Please be careful when setting up a custom data retention policy. - -Message Retention -^^^^^^^^^^^^^^^^^^ - -Set how long Mattermost keeps messages in channels and direct messages. - -If **Keep messages for a set amount of time** is chosen, set how many days messages are kept in Mattermost. Messages, including file attachments older than the duration you set, will be deleted nightly. The minimum time is one day. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMessageDeletion": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -and - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MessageRetentionDays": 365`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File Retention -^^^^^^^^^^^^^^^^^^ - -Set how long Mattermost keeps file uploads in channels and direct messages. - -If **Keep files for a set amount of time** is chosen, set how many days file uploads are kept in Mattermost. Files older than the duration you set will be deleted nightly. The minimum time is one day. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableFileDeletion": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -and - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileRetentionDays": 365`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Data Deletion Time -^^^^^^^^^^^^^^^^^^^ - -Set the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. Must be a 24-hour time stamp in the form ``HH:MM``. - -This setting is based on the local time of the server. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DeletionJobStartTime": "02:00"`` with 24-hour timestamp input in the form ``"HH:MM"``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Run Deletion Job Now -^^^^^^^^^^^^^^^^^^^^^ - -This button initiates a Data Retention deletion job immediately. - -You can monitor the status of the job in the data deletion job table below this button. - -Compliance Export (Beta) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available as an add-on to Enterprise Edition E20* - -Enable Compliance Export -^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When ``true``, Mattermost will generate a compliance export file that contains all messages that were posted in the last 24 hours. The export task is scheduled to run once per day. See the `documentation to learn more `__. - -**False**: When ``false``, Mattermost doesn't generate a compliance export file. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableExport": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Compliance Export Time -^^^^^^^^^^^^^^^^^^^^^^^^ - -Set the start time of the daily scheduled compliance export job. Choose a time when fewer people are using your system. Must be a 24-hour time stamp in the form ``HH:MM``. - -This setting is based on the local time of the server. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DailyRunTime": 01:00`` with 24-hour timestamp input in the form ``"HH:MM"``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Export File Format -^^^^^^^^^^^^^^^^^^ - -File format of the compliance export. Corresponds to the system that you want to import the data into. - -Currently supported formats are CSV, Actiance XML, and Global Relay EML. - -If Global Relay is chosen, the following options will be presented: - -Global Relay Customer Account -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Type of Global Relay customer account your organization has, either ``A9/Type 9`` or ``A10/Type 10``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomerType": "A9/Type 9"`` with options ``"A9/Type 9"`` and ``"A10/Type 10"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Global Relay SMTP Username -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The username for authenticating to the Global Relay SMTP server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SmtpUsername": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Global Relay SMTP Password -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The password associated with the Global Relay SMTP username. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SmtpPassword": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Global Relay Email Address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The email address your Global Relay server monitors for incoming compliance exports. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailAddress": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Global Relay SMTP Server Timeout -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The number of seconds that can elapse before the connection attempt to the SMTP server is abandoned. The default value is 1800 seconds. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPServerTimeout": "1800"`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Run Compliance Export Job Now -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This button initiates a compliance export job immediately. You can monitor the status of the job in the compliance export job table below this button. - -Compliance Monitoring -~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Settings used to enable and configure Mattermost compliance reports. - -Enable Compliance Reporting -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Compliance reporting is enabled in Mattermost. - -**False**: Compliance reporting is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Compliance Report Directory -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Sets the directory where compliance reports are written. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./data/"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Daily Report -^^^^^^^^^^^^^^^^^^^ - -**True**: Mattermost generates a daily compliance report. - -**False**: Daily reports are not generated. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDaily": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Batch Size -^^^^^^^^^^ - -Set the size of the batches in which posts will be read from the database to generate the compliance report. - -This setting is currently not available in the System Console and can only be set in ``config.json``. - -+------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BatchSize": 30000`` with default value ``30000``. | -+------------------------------------------------------------------------------------------------+ - -Custom Terms of Service (Beta) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Custom Terms of Service -~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Enable Custom Terms of Service -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - - This page can only be modified using the System Console user interface. - -**True**: When ``true``, new users must accept the Terms of Service before accessing any Mattermost teams on desktop, web, or mobile. Existing users must accept them after login or a page refresh. To update the Terms of Service link displayed in account creation and login pages, go to **System Console > Legal and Support > Terms of Service Link**. - -**False**: During account creation or login, users can review Terms of Service by accessing the link configured via **System Console > Legal and Support > Terms of Service link**. - -Custom Terms of Service Text -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Text that will appear in your custom Terms of Service. Supports Markdown-formatted text. - -Re-Acceptance Period -^^^^^^^^^^^^^^^^^^^^^ - -The number of days before Terms of Service acceptance expires, and the terms must be re-accepted. - -Defaults to 365 days. 0 indicates the terms do not expire. - -Experimental -------------- - -There are a number of settings considered "experimental" that are configurable from the System Console. These may be replaced or removed in a future release. - -Collapsed Reply Threads (Beta) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Collapsed Reply Threads offers an enhanced experience for users communicating in threads and replying to messages. Collapsed Reply Threads are available in Mattermost Cloud and from Self-Managed Mattermost v5.37 as an early access beta, and are disabled by default. See our `Organizing Conversations using Collapsed Reply Threads (Beta) `__ documentation to learn more about this feature. - -System Admins can set the default appearance of collapsed reply threads for their end users by going to **System Console > Experimental > Features**, then setting **Collapsed Reply Threads** to one of the following options: - -**Enabled (Default Off)**: Enable Collapsed Reply Threads functionality on the server. Users can choose to `enable Collapsed Reply Threads `__ for their Mattermost account in **Account Settings**. - -**Disabled**: Disable Collapsed Reply Threads functionality. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ServiceSettings.CollapsedThreads": disabled`` with options ``disabled`` and ``default-off``. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Settings -~~~~~~~~~~~~~~~~ - -AD/LDAP Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the AD/LDAP login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the AD/LDAP login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -AD/LDAP Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the AD/LDAP login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Allow Authentication Transfer (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -**True**: Users can change their sign-in method to any that is enabled on the server, either via Account Settings or the APIs. - -**False**: Users cannot change their sign-in method, regardless of which authentication options are enabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalEnableAuthenticationTransfer": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Autoclose Direct Messages in Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Not available in Mattermost Cloud.* - -This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. - -.. note:: - - This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. - -We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. - -**True**: By default, direct message conversations with no activity for 7 days will be hidden from the sidebar. Users can disable this in **Account Settings > Sidebar**. - -**False**: Conversations remain in the sidebar until they are manually closed. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CloseUnusedDirectMessages": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Link Metadata Timeout -^^^^^^^^^^^^^^^^^^^^^^ - -Adds a configurable timeout for requests made to return link metadata. If the metadata is not returned before this timeout expires, the message will post without requiring metadata. This timeout covers the failure cases of broken URLs and bad content types on slow network connections. - -+---------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LinkMetadataTimeoutMilliseconds": 5000`` with numerical input. | -+---------------------------------------------------------------------------------------------------------------------------------+ - -Email Settings -~~~~~~~~~~~~~~ - -Email Batching Buffer Size -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the maximum number of notifications batched into a single email. - -+--------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EmailBatchingBufferSize": 256`` with numerical input. | -+--------------------------------------------------------------------------------------------------------------------------+ - -Email Batching Interval -^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the maximum frequency, in seconds, which the batching job checks for new notifications. Longer batching intervals will increase performance. - -+-----------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EmailBatchingInterval": 30`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------------------+ - -Email Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the email login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Email Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the email login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Email Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the email login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Enable Account Deactivation -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Ability for users to deactivate their own account from **Account Settings > Advanced**. If a user deactivates their own account, they will get an email notification confirming they were deactivated. - -**False**: Ability for users to deactivate their own account is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserDeactivation": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Automatic Replies (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users can enable Automatic Replies in **Account Settings > Notifications**. Users set a custom message that will be automatically sent in response to Direct Messages. - -**False**: Disables the Automatic Direct Message Replies feature and hides it from Account Settings. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalEnableAutomaticReplies": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Channel Viewed WebSocket Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting determines whether ``channel_viewed WebSocket`` events are sent, which synchronize unread notifications across clients and devices. Disabling the setting in larger deployments may improve server performance. - -+------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableChannelViewedMessages": true`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------+ - -Enable Client-Side Certification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -**True**: Enables client-side certification for your Mattermost server. See `the documentation `__ to learn more. - -**False**: Client-side certification is disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClientSideCertEnable": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Client-Side Certification Login Method -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -Used in combination with the ``ClientSideCertEnable`` setting. - -**Primary**: After the client side certificate is verified, user's email is retrieved from the certificate and is used to log in without a password. - -**Secondary**: After the client side certificate is verified, user's email is retrieved from the certificate and matched against the one supplied by the user. If they match, the user logs in with regular email/password credentials. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClientSideCertCheck": "secondary"`` with options ``"primary"`` and ``"secondary"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Default Channel Leave/Join System Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting determines whether team leave/join system messages are posted in the default ``town-square`` channel. - -**True**: Enables leave/join system messages in the default ``town-square`` channel. - -**False**: Disables leave/join messages from the default ``town-square`` channel. These system messages won't be added to the database either. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalEnableDefaultChannelLeaveJoinMessages": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Hardened Mode (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables a hardened mode for Mattermost that makes user experience trade-offs in the interest of security. - -**False**: Disables hardened mode. - -Changes made when hardened mode is enabled: - - - Failed login returns a generic error message instead of a specific message for username and password. - - If `multi-factor authentication (MFA) `__ is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. - - Password reset does not inform the user that they can not reset their SSO account through Mattermost and instead claims to have sent the password reset email. - - Mattermost sanitizes all 500 errors before returned to the client. Use the supplied ``request_id`` to match user facing errors with the server logs. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalEnableHardenedMode": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable AD/LDAP Group Sync -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -**True**: Enables AD/LDAP Group Sync configurable under **Access Controls > Groups**. - -**False**: Disables AD/LDAP Group Sync and removes the **Access Controls > Groups** from the System Console. - -For more information on AD/LDAP Group Sync, please see the `AD/LDAP Group Sync documentation `_. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalLdapGroupSync": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Preview Features (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Preview features can be enabled from **Account Settings > Advanced > Preview pre-release features**. - -**False**: Disables and hides preview features from **Account Settings > Advanced > Preview pre-release features**. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePreviewFeatures": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Theme Selection -^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -**True**: Enables the **Display > Theme** tab in Account Settings so users can select their theme. - -**False**: Users cannot select a different theme. The **Display > Theme** tab is hidden in Account Settings. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableThemeSelection": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------+ - -Allow Custom Themes -^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -**True**: Enables the **Display > Theme > Custom Theme** section in Account Settings. - -**False**: Users cannot use a custom theme. The **Display > Theme > Custom Theme** section is hidden in Account Settings. - -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowCustomThemes": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------+ - -Default Theme -^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -Set a default theme that applies to all new users on the system. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DefaultTheme": "default"`` with options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Tutorial (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Users are prompted with a tutorial when they open Mattermost for the first time after account creation. - -**False**: The tutorial is disabled. Users are placed in Town Square when they open Mattermost for the first time after account creation. - -+--------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTutorial": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable User Typing Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting determines whether "user is typing..." messages are displayed below the message box. Disabling the setting in larger deployments may improve server performance. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserTypingMessages": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Time Between User Typing Updates (User Typing Timeout) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting defines how frequently "user is typing..." messages are updated, measured in milliseconds. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TimeBetweenUserTypingUpdatesMilliseconds": 5000`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable X to Leave Channels from Left-Hand Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Not available in Mattermost Cloud.* - -This setting applies to the legacy sidebar only. You must first enable the `Enable Legacy Sidebar `__ configuration setting if you want to see and enable this functionality in the System Console. - -.. note:: - - This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. - -We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. - -**True**: Users can leave Public and Private Channels by clicking the "x" beside the channel name. - -**False**: Users must use the **Leave Channel** option from the channel menu to leave channels. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableXToLeaveChannelsFromLHS": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Primary Team (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The primary team of which users on the server are members. When a primary team is set, the options to join other teams or leave the primary team are disabled. - -If the team URL of the primary team is https://example.mattermost.com/myteam/, then set the value to ``myteam`` in ``config.json``. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalPrimaryTeam": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Enable Shared Channels (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -Enable Shared Channels to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any Public and Private channel. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` settings are ``"ExperimentalSettings:EnableSharedChannels": false ""`` with options ``true`` or ``false``, and ``"ExperimentalSettings:EnableRemoteClusterService": false ""`` with options ``true`` or ``false``. Both configuration settings must be enabled in order to share channels with secure connections. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - - - Enabling Shared Channels functionality requires a server restart. - - System Admins for Cloud deployments can submit a request to have this configuration setting enabled in their Cloud instance. - -SAML Settings -~~~~~~~~~~~~~ - -SAML Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the SAML login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -SAML Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -SAML Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Specify the color of the SAML login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Experimental Sidebar Features -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This configuration setting has been deprecated in favor of `Enable Legacy Sidebar `__. - -**Disabled**: Users cannot access the experimental channel sidebar feature set. - -**Enabled (Default On)**: Enables the experimental sidebar features for all users on this server. Users can disable the features in **Account Settings > Sidebar > Experimental Sidebar Features**. Features include custom collapsible channel categories, drag and drop to reorganize channels, and unread filtering. - -**Enabled (Default Off)**: Users must enable the experimental sidebar features in **Account Settings**. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalChannelSidebarOrganization": off`` with options ``off``, ``default_on`` and ``default_off``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Legacy Sidebar -^^^^^^^^^^^^^^^^^^^^^ - -*Not available in Mattermost Cloud.* - -This setting re-enables the legacy sidebar functionality for all users on this server. We strongly recommend System Admins disable this setting so users can access `enhanced sidebar features `__, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. - -**False**: Users can access all new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. - -**True**: When enabled, the legacy sidebar is enabled for all users on this server and users cannot access any new channel sidebar features. The legacy channel sidebar is scheduled to be deprecated, and is only recommended if your deployment is experiencing bugs or other issues with the new channel sidebar. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLegacySidebar": false`` with options ``true`` or ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Sidebar Organization -^^^^^^^^^^^^^^^^^^^^ - -*Not available in Mattermost Cloud.* - -This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. - -.. note:: - - This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. - -We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. - -**True**: Enables channel sidebar organization options in **Account Settings > Sidebar > Channel grouping and sorting**. Includes options for grouping unread channels, sorting channels by most recent post, and combining all channel types into a single list. - -**False**: Hides the channel sidebar organization options in **Account Settings > Sidebar > Channel grouping and sorting**. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalChannelOrganization": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Timezone -^^^^^^^^^^ - -Select the timezone used for timestamps in the user interface and email notifications. - -**True**: The **Timezone** setting is visible in the Account Settings and a timezone is automatically assigned in the next active session. - -**False**: The **Timezone** setting is hidden in the Account Settings. - -+------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalTimezone": true`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------+ - -Town Square is Hidden in Left-Hand Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. - -.. note:: - - This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. - -We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. - -**True**: Hides Town Square in the left-hand sidebar if there are no unread messages in the channel. - -**False**: Town Square is always visible in the left-hand sidebar even if all messages have been read. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalHideTownSquareinLHS": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Town Square is Read-Only (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -**True**: Only System Admins can post in Town Square. Other members are not able to post, reply, upload files, emoji react, or pin messages to Town Square, nor are they able to change the channel name, header, or purpose. - -**False**: Anyone can post in Town Square. - -.. note:: - - This feature will be deprecated in a future release in favor of `channel moderation settings `_ which allow you to set any channel as read-only, including Town Square - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalTownSquareIsReadOnly": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Use Channel Name in Email Notifications (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Channel and team name appears in email notification subject lines. Useful for servers using only one team. - -**False**: Only team name appears in email notification subject line. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseChannelInEmailNotifications": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -User Status Away Timeout -^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting defines the number of seconds after which the user's status indicator changes to "Away", when they are away from Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserStatusAwayTimeout": 300`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Settings configurable only in ``config.json`` ----------------------------------------------- - -There are a number of settings customizable in ``config.json`` unavailable in the System Console and require updating from the file itself. - -Service Settings -~~~~~~~~~~~~~~~~ - -Automatically Follow Threads -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting has been added as a requirement to support `Collapsed Reply Threads `_, and may affect server performance. It is recommended to review our `documentation on hardware requirements `_ to ensure your servers are appropriately scaled for the size of your user base. - -**True**: Threads a user starts, participates in, or is mentioned in are automatically followed. A new ``Threads`` table is added in the database that tracks threads and thread participants, and a ``ThreadMembership`` table tracks followed threads for each user and the read or unread state of each followed thread. - -**False**: Threads are not automatically followed and Collapsed Reply Threads cannot be enabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ThreadAutoFollow": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Data Prefetch -^^^^^^^^^^^^^^ - -*Removed in February 16, 2021 release* - -**True**: Messages in all unread channels are pre-loaded from the server whenever the client reconnects to the network to eliminate loading time when users switch to unread channels. - -**False**: Messages are fetched on-demand from the server when users switch channels. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalDataPrefetch": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable File Search -^^^^^^^^^^^^^^^^^^ - -This configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our `Enable Document Search by Content `__ documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. - -**True**: Supported document types are searchable by their filename. - -**False**: File-based searches are disabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ServiceSettings.EnableFileSearch": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -WebSocket URL -^^^^^^^^^^^^^^ - -This setting allows the server to instruct clients where they should try to connect WebSockets to. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"WebsocketURL": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -License File Location -^^^^^^^^^^^^^^^^^^^^^ - -Path and filename of the license file on disk. On startup, if Mattermost cannot find a valid license in the database from a previous upload, it looks here. It can be an absolute path or a path relative to the ``mattermost`` directory. - -+---------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LicenseFileLocation": ""`` with string input. | -+---------------------------------------------------------------------------------------------+ - -TLS Minimum Version -^^^^^^^^^^^^^^^^^^^^ - -The minimum TLS version used by the Mattermost server. TLS v1.2 is default given insecurities for TLS 1.0 and 1.1. - -This setting only takes effect if you are using the built-in server binary directly, and not using a reverse proxy layer such as NGINX. - -+-------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSMinVer": "1.2"`` with string input. | -+-------------------------------------------------------------------------------------+ - -Trusted Proxy IP Header -^^^^^^^^^^^^^^^^^^^^^^^^ - -Specified headers that will be checked one by one for IP addresses (order is important). All other headers are ignored. - -Starting with v5.12, new configs will have this set by default to ``[]``, meaning that no header will be trusted. Configs created prior to v5.12 without this config entry will have it set to ``["X-Forwarded-For", "X-Real-Ip"]`` on upgrade in order to maintain backwards compatibility. - -We recommend keeping the default setting when Mattermost is running without a proxy, to avoid the client sending the headers and bypassing rate limiting and/or the audit log. For environments that use a reverse proxy this problem does not exist, provided that the headers are set by the reverse proxy. In those environments, only explicitly whitelist the header that is set by the reverse proxy and no additional values. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TrustedProxyIPHeader": []`` with string array input consisting of header names, such as ``["X-Forwarded-For", "X-Real-Ip"]``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Strict Transport Security (HSTS) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Adds the Strict Transport Security (HSTS) header to all responses, forcing the browser to request all resources via HTTPS. Learn more `here `__. - -**False**: No restrictions on TLS transport. Strict Transport Security (HSTS) header is not added to responses. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSStrictTransport": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Secure TLS Transport Expiry -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The time in seconds that the browser remembers a site is only to be accessed using HTTPS. After this period, a site can be accessed using HTTP unless ``TLSStrictTransport`` is set to ``true``. Defaults to two years. Learn more `here `__. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSStrictTransportMaxAge": 63072000`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------+ - -TLS Cipher Overwrites -^^^^^^^^^^^^^^^^^^^^^^ - -Set TLS ciphers overwrites to meet requirements from legacy clients which don't support modern ciphers, or to limit the types of accepted ciphers. - -If none specified, the Mattermost server assumes a set of currently considered secure ciphers, and allows overwrites in the edge case. See the ``ServerTLSSupportedCiphers`` variable in `/model/config.go `__ for the list of ciphers considered secure. - -This setting only takes effect if you are using the built-in server binary directly, and not using a reverse proxy layer such as NGINX. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TLSStrictTransportMaxAge": 63072000`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------+ - -Go Routine Health Threshold -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set a threshold on the number of goroutines when the Mattermost system is considered to be in a healthy state. When goroutines exceed this limit, a warning is returned in the server logs. - -To turn off checking for the threshold, set this value to ``-1``. - -+----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GoroutineHealthThreshold": -1`` with numerical input. | -+----------------------------------------------------------------------------------------------------------+ - -Allow Cookies for Subdomains -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Allows cookies for subdomains by setting the domain parameter on Mattermost cookies. - -**False**: Cookies not allowed for subdomains. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowCookiesForSubdomains": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Cluster Log Timeout -^^^^^^^^^^^^^^^^^^^^ - -This setting defines the frequency of cluster request time logging for :doc:`../scale/performance-monitoring`, measured in milliseconds. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClusterLogTimeoutMilliseconds": 2000`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Read Only Config -^^^^^^^^^^^^^^^^ - -**True**: Changes made to settings in the System Console are ignored. - -**False**: Changes made to settings in the System Console are written to ``config.json``. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReadOnlyConfig": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------+ - -Enable Searching of Posts -^^^^^^^^^^^^^^^^^^^^^^^^^ - -If this setting is enabled, users can search messages. Disabling search can result in a performance increase, but users get an error message when they attempt to use the search box. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostSearch": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------+ - -Enable User Status Updates -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Turn status updates off to improve performance. When status updates are off, users appear online only for brief periods when posting a message, and only to members of the channel in which the message is posted. - -+---------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserStatuses": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------+ - -Segment Write Key -^^^^^^^^^^^^^^^^^^^ - -*Removed in March 16, 2017 release* - -For deployments seeking additional tracking of system behavior using Segment.com, you can enter a Segment ``WRITE_KEY`` using this field. This value works like a tracking code and is used in client-side JavaScript and will send events to Segment.com attributed to the account you used to generate the ``WRITE_KEY``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SegmentDeveloperKey": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -WebSocket Secure Port -^^^^^^^^^^^^^^^^^^^^^^ - -(Optional) This setting defines the port on which the secured WebSocket will listen using the ``wss`` protocol. Defaults to ``443``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"WebsocketSecurePort": 443`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -WebSocket Port -^^^^^^^^^^^^^^^^ - -(Optional) This setting defines the port on which the unsecured WebSocket will listen using the ``ws`` protocol. Defaults to ``80``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``WebsocketPort": 80`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable API Team Deletion -^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: The ``api/v4/teams/{teamid}?permanent=true`` API endpoint can be called by Team and System Admins to permanently delete a team. - -**False**: The API endpoint cannot be called. Note that ``api/v4/teams/{teamid}`` can still be used to soft delete a team. - -mmctl local mode ignores this setting and behaves as though ``EnableAPITeamDeletion`` is set to ``true``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAPITeamDeletion": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable API User Deletion -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: The ``api/v4/users/{userid}?permanent=true`` API endpoint can be called by System Admins, or users with appropriate permissions, to permanently delete a user. - -**False**: The API endpoint cannot be called. Note that ``api/v4/users/{userid}`` can still be used to soft delete a user. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAPIUserDeletion": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -mmctl local mode ignores this setting and behaves as though ``EnableAPIUserDeletion`` is set to ``true``. - -Enable API Channel Deletion -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: The ``api/v4/channels/{channelid}?permanent=true`` API endpoint can be called by System Admins, or users with appropriate permissions, to permanently delete a channel. - -**False**: The API endpoint cannot be called. Note that ``api/v4/channels/{channelid}`` can still be used to soft delete a channel. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAPIChannelDeletion": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -mmctl local mode ignores this setting and behaves as though ``EnableAPIChannelDeletion`` is set to ``true``. - -Enable OpenTracing -^^^^^^^^^^^^^^^^^^^ - -**True**: A Jaeger client is instantiated and is used to trace each HTTP request as it goes through App and Store layers. Context is added to App and Store and is passed down the layer chain to create OpenTracing 'spans'. - -By default, in order to avoid leaking sensitive information, no method parameters are reported to OpenTracing. Only the name of the method is reported. - -**False**: OpenTracing is not enabled. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOpenTracing": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Import Settings Default Directory -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The directory where the imported files are stored. The path is relative to the ``FileSettings`` directory. By default, imports are stored under ``./data/import``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``Directory: ./import`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Import Settings Default Retention Days -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The number of days to retain the imported files before deleting them. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``RetentionDays: 30`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Export Settings Default Directory -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The directory where the exported files are stored. The path is relative to the ``FileSettings`` directory. By default, exports are stored under ``./data/export``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``Directory: ./export`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Export Settings Default Retention Days -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The number of days to retain the exported files before deleting them. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``RetentionDays: 30`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -SQL Settings -~~~~~~~~~~~~ - -Read Replicas -^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -Specifies the connection strings for the read replica databases. Each string must be in the same form as used for the `Data Source`_ setting. - -Changes to this setting require a server restart before taking effect. - -+---------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DataSourceReplicas": []`` with string array input consisting of database connection strings. | -+---------------------------------------------------------------------------------------------------------------------------------------------+ - -Search Replicas -^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -Specifies the connection strings for the search replica databases. A search replica is similar to a read replica, but is used only for handling search queries. Each string must be in the same form as used for the `Data Source`_ setting. - -Changes to this setting require a server restart before taking effect. - -+---------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DataSourceSearchReplicas": []`` with string array input consisting of database connection strings. | -+---------------------------------------------------------------------------------------------------------------------------------------------------+ - -Replica Lag Settings -^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -Specifies a connection string and user-defined SQL queries on the database to measure replica lag for a single replica instance. These settings monitor absolute lag based on binlog distance/transaction queue length, and the time taken for the replica to catch up. - -+-------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ReplicaLagSettings": []`` with string array input. | -+-------------------------------------------------------------------------------------------------------+ - -String array input consists of: - -- ``DataSource``: The DB credentials to connect to the replica instance. -- ``QueryAbsoluteLag``: A plain SQL query that must return a single row. The first column must be the node value of the Prometheus metric, and the second column must be the value of the lag used to measure absolute lag. -- ``QueryTimeLag``: A plain SQL query that must return a single row. The first column must be the node value of the Prometheus metric, and the second column must be the value of the lag used to measure the time lag. - -Examples: - -For AWS Aurora instances, ``QueryAbsoluteLag`` can be: - -.. code-block:: sh - - select server_id, highest_lsn_rcvd-durable_lsn as bindiff from aurora_global_db_instance_status() where server_id=<> - -And for AWS Aurora instances, ``QueryTimeLag`` can be: - -.. code-block:: sh - - select server_id, visibility_lag_in_msec from aurora_global_db_instance_status() where server_id=<> - -For MySQL Group Replication, the absolute lag can be measured from the number of pending transactions in the applier queue: - -.. code-block:: sh - - select member_id, count_transactions_remote_in_applier_queue FROM performance_schema.replication_group_member_stats where member_id=<> - -File Settings -~~~~~~~~~~~~~~ - -Initial Font -^^^^^^^^^^^^^^ - -Font used in auto-generated profile pics with colored backgrounds. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"InitialFont": "luximbi.ttf"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Bucket Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set an endpoint URL for Amazon S3 buckets. - -*Removed in November 16th, 2016 release* - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3BucketEndpoint": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Location Constraint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: S3 region is location constrained. - -**False**: S3 region is not location constrained. - -*Removed in November 16th, 2016 release* - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3LocationConstraint": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Lowercase Bucket -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: S3 bucket names are fully lowercase. - -**False**: S3 bucket names may contain uppercase and lowercase letters. - -*Removed in November 16th, 2016 release* - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3LowercaseBucket": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Signature V2 -^^^^^^^^^^^^^^^^^^^^^^ - -By default, Mattermost uses Signature V4 to sign API calls to AWS, but under some circumstances, V2 is required. For more information about when to use V2, see https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html. - -**True**: Use Signature Version 2 Signing Process. - -**False**: Use Signature Version 4 Signing Process. - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3SignV2": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Path -^^^^^^^^^^^^^^^ - -Allows using the same S3 bucket for multiple deployments. - -+------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"AmazonS3PathPrefix: ""`` with string input. | -+------------------------------------------------------------------------------------------------------------+ - - -GitLab Settings -~~~~~~~~~~~~~~~ - -Scope -^^^^^^ - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Not currently supported by GitLab OAuth. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Google Settings -~~~~~~~~~~~~~~~ - -Scope -^^^^^^ - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``profile email``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": "profile email"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Office 365 Settings -~~~~~~~~~~~~~~~~~~~~ - -Scope -^^^^^^ - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``User.Read``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": "User.Read"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Cluster Settings -~~~~~~~~~~~~~~~~ - -Maximum Idle Connections -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The maximum number of idle connections held open from one server to all others in the cluster. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxIdleConns": 100`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Maximum Idle Connections per Host -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The maximum number of idle connections held open from one server to another server in the cluster. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxIdleConnsPerHost": 128`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Idle Connection Timeout (in Milliseconds) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The number of milliseconds to leave an idle connection open between servers in the cluster. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdleConnTimeoutMilliseconds": 90000`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Network Interface -^^^^^^^^^^^^^^^^^ - -An IP address used to identify the device that does automatic IP detection in High Availability clusters. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NetworkInterface": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Bind Address -^^^^^^^^^^^^^ - -An IP address used to bind cluster traffic to a specific network device. This setting is used primarily for servers with multiple network devices or different Bind Address and Advertise Address like in deployments that involve NAT (Network Address Translation). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BindAddress": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Advertise Address -^^^^^^^^^^^^^^^^^^ - -The IP address used to access the server from other nodes. This settings is used primary when cluster nodes are not in the same network and involve NAT (Network Address Translation). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AdvertiseAddress": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Metrics Settings -~~~~~~~~~~~~~~~~~ - -Block Profile Rate -^^^^^^^^^^^^^^^^^^ - -Value that controls the `fraction of goroutine blocking events reported in the blocking profile `__. - -The profiler aims to sample an average of one blocking event per rate nanoseconds spent blocked. - -To include every blocking event in the profile, set the rate to ``1``. To turn off profiling entirely, set the rate to ``0``. - -Changes to this setting require a server restart before taking effect. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BlockProfileRate": 0`` with options ``0`` and ``1``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Experimental Settings only in ``config.json`` ---------------------------------------------- - -Audit settings -~~~~~~~~~~~~~~ - -The audit settings output audit records to syslog (local or remote server via TLS) and/or to a local file. Both are disabled by default. They can be enabled simultaneously. - -Enable Reliable Websockets -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable this setting to make websocket messages more reliable by buffering messages during a connection loss and then re-transmitting all unsent messages when the connection is revived. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Remote Clusters -~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Enable this setting to add, remove, and view remote clusters for shared channels. - -**True**: When ``true`` System Admins can manage remote clusters using the System Console. - -**False**: Remote cluster management is disabled. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteClusters": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog configuration options -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable this setting to write audit records to a local or remote syslog, specifying the IP, port, user-generated fields, and certificate settings. - -**True**: When ``true`` syslog output is enabled. - -**False**: Syslog output is disabled. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogEnabled": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog IP -^^^^^^^^^ - -The IP address or domain of the syslog server. Use ``localhost`` for local syslog. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogIP": "localhost"`` with string input consisting of an IP address or domain name. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog port -^^^^^^^^^^^^^^ - -The port that the syslog server is listening on. The default port is 6514. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogPort": 6514`` with numeric input consisting of a port number. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog tag -^^^^^^^^^^ - -The syslog metadata tag field. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogTag": ""`` with string input consisting of a user-defined tag field. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog cert -^^^^^^^^^^^^^^ - -This is the path to the syslog server certificate for TLS connections (``.crt`` or ``.pem``). - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogCert": ""`` with string input consisting of the path to the certificate. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog insecure -^^^^^^^^^^^^^^^ - -This setting controls whether a client verifies the server's certificate chain and host name. If ``true``, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. - -**Note:** This should be used only for testing and not in a production environment. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogInsecure": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Syslog max queue size -^^^^^^^^^^^^^^^^^^^^^ - -This setting determines how many audit records can be queued/buffered at any point in time when writing to syslog. The default is 1000 records. - -This setting can be left as default unless you are seeing audit write failures in the server log and need to adjust the number accordingly. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SysLogMaxQueueSize": 1000`` with numerical input. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File configuration options -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enable this setting to write audit files locally, specifying size, backup interval, compression, and maximum age to manage file rotation. - -**True**: When ``true`` file output is enabled. - -**False**: File output is disabled. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileEnabled": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File name -^^^^^^^^^^ - -This is the path to the output file location. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileName": ""`` with string input consisting of a user-defined path (e.g. ``/var/log/mattermost_audit.log``). | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File max size MB -^^^^^^^^^^^^^^^^ - -This is the maximum size (measured in megabytes) that the file can grow before triggering rotation. The default setting is 100. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileMaxSizeMB": 100`` with numerical input. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File max age days -^^^^^^^^^^^^^^^^^ - -This is the maximum age in days a file can reach before triggering rotation. The default value is 0, indicating no limit on the age. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileMaxAgeDays": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File max backups -^^^^^^^^^^^^^^^^ - -This is the maximum number of rotated files kept; the oldest is deleted first. The default value is 0, indicating no limit on the number of backups. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileMaxBackups": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File compress -^^^^^^^^^^^^^ - -When ``true`` rotated files are compressed using ``gzip``. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileCompress": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File max queue size -^^^^^^^^^^^^^^^^^^^ - -This setting determines how many audit records can be queued/buffered at any point in time when writing to a file. The default is 1000 records. - -This setting can be left as default unless you are seeing audit write failures in the server log and need to adjust the number accordingly. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileMaxQueueSize": 1000`` with numerical input. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Advanced Audit Logging Configuration -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Output logs to multiple targets -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Send log records to multiple targets: - -- Multiple local file targets -- Multiple syslogs -- Multiple TCP sockets - -Allow any combination of local file, syslog, and TCP socket targets. - -File target supports rotation and compression triggered by size and/or duration. Syslog target supports local and remote syslog servers, with or without TLS transport. TCP socket target can be configured with an IP address or domain name, port, and optional TLS certificate. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``ExperimentalAuditSettings.AdvancedLoggingConfig`` which can contain a filespec to another config file, a database DSN, or JSON. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Options are outlined in this text file: `Log Settings Options `_. Sample config: `Advanced Logging Options Sample.json.zip `_. - -Service Settings -~~~~~~~~~~~~~~~~ - -Group Unread Channels (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting applies to the new sidebar only. You must disable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. - -**Default Off**: Disables the unread channels sidebar section for all users by default. Users can enable it in **Account Settings > Sidebar > Group unread channels separately**. - -**Default On**: Enables the unread channels sidebar section for all users by default. Users can disable it in **Account Settings > Sidebar > Group unread channels separately**. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalGroupUnreadChannels": "default_off"`` with options ``"default_off"`` and ``"default_on"``. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Strict CSRF Token Enforcement (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables CSRF protection tokens for additional hardening compared to the currently used custom header. When the user logs in, an additional cookie is created with the CSRF token contained. - -**False**: Disables CSRF protection tokens. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalStrictCSRFEnforcement": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Limit Access to Config Settings Prior to Login -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in December 16, 2018 release* - -Enable this setting to limit the number of config settings sent to users prior to login. - -Supported for Mattermost server v5.1.0 and later, and Mattermost Mobile apps v1.10.0 and later. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalLimitClientConfig": "false"`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Disable Legacy MFA API Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Disables the legacy ``checkMfa`` endpoint, which is only required for Mattermost Mobile Apps on version 1.16 or earlier when using multi-factor authentication (MFA). Recommended to set to ``true`` for additional security hardening. - -**False**: Keeps the legacy ``checkMfa`` endpoint enabled to support mobile versions 1.16 and earlier. Keeping the endpoint enabled creates an information disclosure about whether a user has set up MFA. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DisableLegacyMFA": true,`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Restrict System Admin (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Restricts the System Admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the System Admin role to users but restricting certain actions only for Cloud Admins. - -**False**: No restrictions are applied to the System Admin role. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictSystemAdmin": "false"`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Team Settings -~~~~~~~~~~~~~~ - -Teammate Name Display -^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -Control Teammate Name Display at the system level. - -**True**: Allows System Admins to control Teammate Name Display at the system level. - -**False**: System Admins cannot control Teammate Name Display at the system level. - -+------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LockTeammateNameDisplay": []`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------+ - -Default Channels (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Default channels every user is added to automatically after joining a new team. Only applies to Public channels, but affects all teams on the server. - -When not set, every user is added to the ``off-topic`` and ``town-square`` channels by default. - -Note that even if ``town-square`` is not listed, every user is added to that channel after joining a new team. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalDefaultChannels": []`` with string array input consisting of channel names, such as ``["announcement", "developers"]``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Email Settings -~~~~~~~~~~~~~~ - -Client Requirement Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Latest Android Version -^^^^^^^^^^^^^^^^^^^^^^^^^ - -The latest version of the Android React Native app that is recommended for use. - -+----------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------+ - -Minimum Android Version -^^^^^^^^^^^^^^^^^^^^^^^^ - -The minimum version of the Android React Native app that is required to be used. - -+-------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------+ - -Latest Desktop Version -^^^^^^^^^^^^^^^^^^^^^^^ - -The latest version of the desktop app that is recommended for use. - -+----------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DesktopLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------+ - -Minimum Destop Version -^^^^^^^^^^^^^^^^^^^^^^^ - -The minimum version of the desktop app that is required to be used. - -+-------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DesktopMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------+ - -Latest iOS Version -^^^^^^^^^^^^^^^^^^^ - -The latest version of the iOS app that is recommended for use. - -+------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+------------------------------------------------------------------------------------------------------------------------------------------------+ - -Minimum iOS Version -^^^^^^^^^^^^^^^^^^^^^ - -The minimum version of the iOS React Native app that is required to be used. - -+---------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | -+---------------------------------------------------------------------------------------------------------------------------------------------+ - -Push Notification Buffer -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Used to control the buffer of outstanding Push Notification messages to be sent. If the number of messages exceeds that number, then the request making the Push Notification will be blocked until there's room. - -+---------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"PushNotificationBuffer": 1000"`` with numerical input. | -+---------------------------------------------------------------------------------------------------------------------------------------------+ - -Theme Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Allowed Themes -^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E10 and higher* - -Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowedThemes": []`` with string array input consisting of the options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``, such as ``["mattermostDark", "windows10"]``. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Display Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Supported Timezones Path -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in April 16, 2019 release* - -Set the path of the JSON file that lists supported timezones when ``ExperimentalTimezone`` is set to ``true``. - -The file must be in the same directory as your ``config.json`` file if you set a relative path. Defaults to ``timezones.json``. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SupportedTimezonesPath": "timezones.json"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Experimental Settings -~~~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E20* - -Disable Post Metadata -^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Disabling post metadata is only recommended if you are experiencing a significant decrease in performance around channel and post load times. - -**False**: Load channels with more accurate scroll positioning by loading post metadata. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DisablePostMetadata": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Analytics Settings -~~~~~~~~~~~~~~~~~~~ - -*Available in Enterprise Edition E10 and higher* - -Maximum Users for Statistics -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Sets the maximum number of users on the server before statistics for total posts, total hashtag posts, total file posts, posts per day, and active users with posts per day are disabled. - -This setting is used to maximize performance for large Enterprise deployments. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxUsersForStatistics": 2500`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Elasticsearch Settings -~~~~~~~~~~~~~~~~~~~~~~~~ - -Post Index Replicas -^^^^^^^^^^^^^^^^^^^^^ - -The number of replicas to use for each post index. If this setting is changed, it only applies to newly-created indexes. To apply the change to existing indexes, purge and rebuild the index after changing this setting. - -+---------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PostIndexReplicas": 2`` with numerical input. | -+---------------------------------------------------------------------------------------------------+ - -Post Index Shards -^^^^^^^^^^^^^^^^^^ - -The number of shards to use for each post index. If this setting is changed, it only applies to newly-created indexes. To apply the change to existing indexes, purge and rebuild the index after changing this setting. - -+-------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PostIndexShards": 1`` with numerical input. | -+-------------------------------------------------------------------------------------------------+ - -Aggregate Search Indexes -^^^^^^^^^^^^^^^^^^^^^^^^ - -Elasticsearch indexes over the age specified by this setting will be aggregated during the daily scheduled job. - -.. note:: - If you're using `data retention `_ and `ElasticSearch `_, ensure the `ElasticSearch aggregate search indexes `_ setting is set to a value that is greater than your data retention policy in days. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AggregatePostsAfterDays": 365`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------+ - -Post Aggregator Start Time -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The start time of the daily scheduled aggregator job. Must be a 24-hour time stamp in the form ``HH:MM``. - -This setting is based on the local time of the server. - -+--------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PostsAggregatorJobStartTime": "03:00"`` with 24-hour timestamp input in the form ``"HH:MM"``. | -+--------------------------------------------------------------------------------------------------------------------------------------------+ - -Index Prefix -^^^^^^^^^^^^ - -Prefix on the Elasticsearch index name. Enables the use of Mattermost Elasticsearch on a shared Elasticsearch cluster. - -+----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IndexPrefix": ""`` with string input. | -+----------------------------------------------------------------------------------------+ - -.. note:: - When this setting is used, all Elasticsearch indexes created by Mattermost are given this prefix. You can set different prefixes so that multiple Mattermost deployments can share an Elasticsearch cluster without the index names colliding. - -Live Indexing Batch Size -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Determines how many new posts are batched together before they are added to the Elasticsearch index. It may be necessary to increase this value to avoid hitting the rate limit of your Elasticsearch cluster on installs handling multiple messages per second. - -+--------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LiveIndexingBatchSize": 1`` with numerical input. | -+--------------------------------------------------------------------------------------------------------+ - -Request Timeout -^^^^^^^^^^^^^^^^ - -Timeout in seconds for Elasticsearch calls. - -+-------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RequestTimeoutSeconds": 30`` with numerical input. | -+-------------------------------------------------------------------------------------------------------+ - -Bulk Indexing Time Window -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting servers as a performance optimisation for installs with over ~10 million posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BulkIndexingTimeWindowSeconds": 3600`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Trace -^^^^^^ - -Options for printing Elasticsearch trace errors. Accepts ``error``, ``all``, or empty. ``error`` will create the error trace when initialising the Elasticsearch client and will print any template creation or search query that returns an error as part of the error message. ``all`` will create the three traces (error, trace and info) for the driver and will not print the queries because they will be part of the trace log level of the driver. - -+-------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Trace": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------+ - -Bleve Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Index Dir -^^^^^^^^^^ - -Directory path to use for storing bleve indexes. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------+ - -Enable Indexing -^^^^^^^^^^^^^^^ - -**True**: The indexing of new posts occurs automatically. Search queries will not use bleve search until **Enable Bleve for search queries** is enabled. - -**False**: The indexing of new posts does not occur automatically. - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - -Enable Searching -^^^^^^^^^^^^^^^^^ - -**True**: Search queries will use bleve search. - -**False**: Search queries will not use bleve search. - -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------+ - -Enable Autocomplete -^^^^^^^^^^^^^^^^^^^^ - -**True**: Autocomplete queries will use bleve search. - -**False**: Autocomplete queries will not use bleve search. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------+ - -Bulk Indexing Time Window Seconds -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting serves as a performance optimization for installs with over ~10 million posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BulkIndexingTimeWindowSeconds": 3600`` with numerical input. | -+-------------------------------------------------------------------------------------------------------------+ - -Message Export Settings -~~~~~~~~~~~~~~~~~~~~~~~ - -Export From Timestamp -^^^^^^^^^^^^^^^^^^^^^^ - -Set the Unix timestamp (seconds since epoch, UTC) to export data from. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExportFromTimestamp": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -File Location -^^^^^^^^^^^^^^^ - -Set the file location of the compliance exports. - -By default, they are written to the ``exports`` subdirectory of the configured `Local Storage directory `_. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Batch Size -^^^^^^^^^^^ - -Determines how many new posts are batched together to a compliance export file. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BatchSize": 10000`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Plugin Settings (Beta) -~~~~~~~~~~~~~~~~~~~~~~ - -Enable Plugin Uploads -^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables plugin uploads by System Admins at **Plugins > Management**. If you do not plan to upload a plugin, set to ``false`` to control which plugins are installed on your server. See `documentation `__ to learn more. - -**False**: Disables plugin uploads on your Mattermost server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUploads": false`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow Insecure Download URL -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables downloading and installing a plugin from a remote URL. - -**False**: Disables downloading and installing a plugin from a remote URL. - -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowInsecureDownloadUrl": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Plugin Health Check -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. - -The health check runs every 30 seconds. If the plugin is detected to fail 3 times within an hour, the Mattermost server attempts to restart it. If the restart fails 3 successive times, it's automatically disabled. - -**False**: Disables plugin health check on your Mattermost server. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableHealthCheck": true`` with options ``true`` and ``false``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Directory -^^^^^^^^^^ - -The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Client Directory -^^^^^^^^^^^^^^^^^^ - -The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./client/plugins"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -Jobs -~~~~~ - -Settings to configure how Mattermost schedules and completes periodic tasks such as the deletion of old posts with Data Retention enabled or indexing posts with Elasticsearch. These settings control which Mattermost servers are designated as a Scheduler, a server that queues the tasks at the correct times, and as a Worker, a server that completes the given tasks. - -When running Mattermost on a single machine, both ``RunJobs`` and ``RunScheduler`` should be enabled. Without both of these enabled, Mattermost will not function properly. - -When running Mattermost in High Availability mode, ``RunJobs`` should be enabled on one or more servers while ``RunScheduler`` should be enabled on all servers under normal circumstances. A High Availability cluster will have one Scheduler and one or more Workers. See the below sections for more information. - -Run Jobs -^^^^^^^^ - -Set whether or not this Mattermost server will handle tasks created by the Scheduler. - -When running Mattermost on a single machine, this setting should always be enabled. - -When running Mattermost in High Availablity mode, one or more servers should have this setting enabled. It is recommended that a High Availability cluster has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. - -+------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------------------+ - -Run Scheduler -^^^^^^^^^^^^^^ - -Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. - -When running Mattermost on a single machine, this setting should always be enabled. - -When running Mattermost in High Availablity mode, this setting should always be enabled. In a High Availability cluster, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See `High Availability documentation `__ for more details. - -.. warning:: - - It is strongly recommended not to change this setting from the default setting of ``true`` as this prevents the ``ClusterLeader`` from being able to run the scheduler. As a result, recurring jobs such as LDAP sync, Compliance Export, and data retention will no longer be scheduled. - -In previous Mattermost Server versions, and this documentation, the instructions stated to run the Job Server with ``RunScheduler: false``. The cluster design has evolved and this is no longer the case. - -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunScheduler": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------+ - -Shared Channels (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Available in Enterprise Edition E20* - -**True**: Enables users from multiple Mattermost instances to collaborate with one another using shared channels. - -**False**: Disables channel sharing. - -+---------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSharedChannels": false`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------------------+ - -Deprecated Configuration Settings ------------------------------------ - -Policy -~~~~~~~ - -*Removed in June 16, 2018 release* - -.. note:: - - Permission policy settings are available in Enterprise Edition E10 and E20. From v5.0, these settings are found in the `Advanced Permissions `__ page instead of configuration settings. - -Enable sending team invites from -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Set policy on who can invite others to a team using the **Send Email Invite**, **Get Team Invite Link**, and **Add Members to Team** options on the Main Menu. If **Get Team Invite Link** is used to share a link, you can expire the invite code from **Team Settings > Invite Code** after the desired users have joined the team. Options include: - -**All team members**: Allows any team member to invite others using an email invitation, team invite link, or by adding members to the team directly. - -**Team and System Admins**: Hides the email invitation, team invite link, and the add members to team buttons in the Main Menu from users who are not Team Admins or System Admins. - -**System Admins**: Hides the email invitation, team invite link, and add members to team buttons in the Main Menu from users who are not System Admins. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictTeamInvite": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable public channel creation for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to create public channels. - -**All team members**: Allow all team members to create public channels. - -**Team Admins and System Admins**: Restrict creating public channels to Team Admins and System Admins. - -**System Admins**: Restrict creating public channels to System Admins. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelCreation": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable public channel renaming for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to rename and set the header or purpose for Public channels. - -**All channel members**: Allow all channel members to rename Public channels. - -**Channel Admins, Team Admins, and System Admins**: Restrict renaming Public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. - -**Team Admins and System Admins**: Restrict renaming Public channels to Team Admins and System Admins who are members of the channel. - -**System Admins**: Restrict renaming Public channels to System Admins who are members of the channel. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelManagement": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable public channel deletion for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to delete Public channels. Deleted channels can be recovered from the database using a `command line tool `__. - -**All channel members**: Allow all channel members to delete Public channels. - -**Channel Admins, Team Admins, and System Admins**: Restrict deleting Public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. - -**Team Admins and System Admins**: Restrict deleting Public channels to Team Admins and System Admins who are members of the channel. - -**System Admins**: Restrict deleting Public channels to System Admins who are members of the channel. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelDeletion": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable private channel creation for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to create Private channels. - -**All team members**: Allow all team members to create Private channels. - -**Team Admins and System Admins**: Restrict creating Private channels to Team Admins and System Admins. - -**System Admins**: Restrict creating Private channels to System Admins. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelCreation": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable private channel renaming for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to rename and set the header or purpose for Private channels. - -**All channel members**: Allow all channel members to rename Private channels. - -**Channel Admins, Team Admins, and System Admins**: Restrict renaming Private channels to Channel Admins, Team Admins, and System Admins who are members of the Private channel. - -**Team Admins and System Admins**: Restrict renaming Private channels to Team Admins and System Admins who are members of the private channel. - -**System Admins**: Restrict renaming Private channels to System Admins who are members of the Private channel. - -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManagement": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable managing of private channel members for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Set policy on who can add and remove members from Private channels. - -**All team members**: Allow all team members to add and remove members. - -**Team Admins, Channel Admins, and System Admins**: Allow only Team Admins, Channel Admins, and System Admins to add and remove members. - -**Team Admins, and System Admins**: Allow only Team Admins and System Admins to add and remove members. - -**System Admins**: Allow only System Admins to add and remove members. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManageMembers": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable private channel deletion for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to delete Private channels. Deleted channels can be recovered from the database using a `command line tool `__. - -**All channel members**: Allow all channel members to delete Private channels. - -**Channel Admins, Team Admins, and System Admins**: Restrict deleting Private channels to Channel Admins, Team Admins, and System Admins who are members of the Private channel. - -**Team Admins and System Admins**: Restrict deleting private channels to Team Admins and System Admins who are members of the Private channel. - -**System Admins**: Restrict deleting Private channels to System Admins who are members of the Private channel. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelDeletion": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow which users to delete messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Restrict the permission level required to delete messages. Team Admins, Channel Admins, and System Admins can delete messages only in channels where they are members. Messages can be deleted any time. - -**Message authors can delete their own messages, and Administrators can delete any message**: Allow authors to delete their own messages, and allow Team Admins, Channel Admins, and System Admins to delete any message. - -**Team Admins and System Admins**: Allow only Team Admins and System Admins to delete messages. - -**System Admins**: Allow only System Admins to delete messages. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPostDelete": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow users to edit their messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in June 16, 2018 release* - -.. note:: - - From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. - -Set the time limit that users have to edit their messages after posting. - -**Any time**: Allow users to edit their messages at any time after posting. - -**Never**: Do not allow users to edit their messages. - -**{n} seconds after posting**: Users can edit their messages within the specified time limit after posting. The time limit is applied using the ``config.json`` setting ``PostEditTimeLimit`` described below. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowEditPost": "always"`` with options ``"always"``, ``"never"``, and ``"time_limit"`` for the above settings, respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Post edit time limit -^^^^^^^^^^^^^^^^^^^^ - -When post editing is permitted, setting this to ``-1`` allows editing any time, and setting this to a positive integer restricts editing time in seconds. If post editing is disabled, this setting does not apply. - -+--------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PostEditTimeLimit": -1`` with numerical input. | -+--------------------------------------------------------------------------------------------------+ - -Images -~~~~~~ - -Attachment Thumbnail Width -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -Width of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ThumbnailWidth": 120`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Attachment Thumbnail Height -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -Height of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ThumbnailHeight": 100`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Image Preview Width -^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -Maximum width of preview image. Updating this value changes how preview images render in future, but does not change images created in the past. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PreviewWidth": 1024`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Image Preview Height -^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -Maximum height of preview image. Setting this value to ``0`` instructs Mattermost to auto-size the preview image height based on the source image aspect ratio and the preview image width. Updating this value changes how preview images render in future, but does not change images created in the past. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PreviewHeight": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Profile Picture Width -^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -The width to which profile pictures are resized after being uploaded via Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ProfileWidth": 128`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Profile Picture Height -^^^^^^^^^^^^^^^^^^^^^^^ - -*Removed in July 16th, 2017 release* - -The height to which profile pictures are resized after being uploaded via Account Settings. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ProfileHeight": 128`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From 4adfdc57c7084523adac39e076b3f24b22a757b1 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 4 Aug 2021 09:50:05 -0400 Subject: [PATCH 06/16] Re-added file deleted in error --- source/configure/configuration-settings.rst | 6390 +++++++++++++++++++ 1 file changed, 6390 insertions(+) create mode 100644 source/configure/configuration-settings.rst diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst new file mode 100644 index 00000000000..76d3b1da1c2 --- /dev/null +++ b/source/configure/configuration-settings.rst @@ -0,0 +1,6390 @@ +Configuration Settings +====================== + +.. note:: + The order of the configuration settings below are reflective of a reorganization of the System Console in version 5.12 released on June 16th, 2019. To view the configuration settings based on the organization of the System Console in versions prior to version 5.12, please see `this documentation `_ instead. + +Mattermost configuration settings are maintained in the ``config.json`` configuration file, located in the ``mattermost/config`` directory. You can modify the configuration file using the System Console, or by using a text editor to modify it directly. + +Mattermost must have write permissions to ``config.json``, otherwise changes made in the System Console will have no effect. + +On new installations starting from v5.14, the ``default.json`` file used to create the initial ``config.json`` has been removed from the binary and replaced with a build step that generates a fresh ``config.json``. This is to ensure the initial configuration file has all the correct defaults provided in the server code. Existing ``config.json`` files are not affected by this change. + +Configuration in Database +-------------------------- + +Storing configuration in the database is supported in v5.10 and later. Please see more information on how to set this up `here `_. + +Environment Variables +--------------------- + +Starting from Mattermost v3.8, you can use environment variables to manage the configuration. Environment variables override settings in ``config.json``. If a change to a setting in ``config.json`` requires a restart for it to take effect, then changes to the corresponding environment variable also require a server restart. + +The name of the environment variable for any setting can be derived from the name of that setting in ``config.json``. For example, to derive the name of the Site URL setting: + +1. Find the setting in ``config.json``. In this case, *ServiceSettings.SiteURL*. +2. Add ``MM_`` to the beginning and convert all characters to uppercase and replace the ``.`` with ``_``. For example, *MM_SERVICESETTINGS_SITEURL*. +3. The setting becomes ``export MM_SERVICESETTINGS_SITEURL="http://example.com"``. + +Finally, if a setting is configured through an environment variable, modifying it in the System Console is disabled. + +For any setting that is not set in ``config.json`` or in environment variables, the Mattermost server uses the default value as documented in the sections below. + +.. note:: + If a setting is set through an environment variable and any other changes are made in the System Console, the value stored of the environment variable will be written back to the ``config.json`` as that setting's value. + +.. warning:: + Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see `Configuration In Database `_. + +.. warning:: + Database connection strings for the database read and search replicas need to be formatted using `URL encoding `__. Incorrectly formatted strings may cause some characters to terminate the string early, resulting in issues when the connection string is parsed. + +Override Mattermost License File +-------------------------------- + +Starting from Mattermost v5.26, you can use an environment variable to override any license in the database or file configuration without replacing those licenses. + +When starting the server, specify the license key as ``MM_LICENSE`` with the contents of a license file. + +.. note:: + If ``MM_LICENSE`` is set to a non-empty string, but the license specified is not valid, the Mattermost server will be started without a license. + + In a High Availability deployment, using an environment variable to override a server license only affects the individual app server and doesn't propagate to other servers in the cluster. + +Load Custom Configuration Defaults +---------------------------------- + +Starting from Mattermost v5.30, you can load a set of custom configuration defaults using an environment variable. This custom configuration applies only if the values are not already present in the current server configuration. + +1. Create a JSON file that contains the custom configuration defaults. For example, ``custom.json``. +2. When starting the server, point the custom defaults environment variable to the defaults file: ``MM_CUSTOM_DEFAULTS_PATH=custom.json``. + +.. contents:: + :depth: 2 + :local: + :backlinks: entry + +About +----- + +Settings for managing the edition and license for Mattermost Enterprise Edition. + +Edition and License +~~~~~~~~~~~~~~~~~~~ + +Edition +^^^^^^^^ + +View the edition of the Mattermost deployment. + +License +^^^^^^^ + +View subscription details including the number of users and expiry date of your Mattermost license. + +License Key +^^^^^^^^^^^ + +Upload or remove license files. For more information on Mattermost Licensing, please see our `frequently asked questions about licensing `_. + +Reporting +--------- + +View statistics for your overall deployment and specific teams as well as access server logs. + +Site Statistics +~~~~~~~~~~~~~~~ + +View statistics on active users, teams, channels, sessions, webhooks, and connections. + +Team Statistics +~~~~~~~~~~~~~~~~ + +View statistics per team on number of active users, as well as Public and Private channels. + +Server Logs +~~~~~~~~~~~~ + +View logging of server-side events. + +User Management +--------------- + +Settings for managing users, user access, groups, and permissions. + +Users +~~~~~~ + +View and manage active and inactive users, and revoke all user sessions. Access individual users to view their User ID, and view the teams they are on and what their role is on a team. Additionally, add the user to other teams without direct access to the team. + +Teams (Experimental) +~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Manage group sychronization on teams. See `Using AD/LDAP Synchronized Groups to Manage Team or Private Channel Membership `__ for more details. + +Channels (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Manage group sychronization on channels. See `Using AD/LDAP Synchronized Groups to Manage Team or Private Channel Membership `__ for more details. + +Groups +~~~~~~ + +*Available in Enterprise Edition E20* + +Groups offers admins a way to manage default teams and channels by linking AD/LDAP groups to Mattermost groups. See `Groups documentation `__ for more details. + +Permissions +~~~~~~~~~~~ + +*Available in Enterprise Edition E10 and higher* + +Advanced permissions offer Admins a way to restrict actions in Mattermost to authorized users only. See `permissions documentation `__ for more details. + +Environment +----------- + +Settings for configuring the network environment in which Mattermost is deployed. + +Web Server +~~~~~~~~~~ + +Changes to properties in this section require a server restart before taking effect. + +Site URL +^^^^^^^^^ + +The URL that users will use to access Mattermost. The port number is required if it's not a standard port such as 80 or 443. + +**This field is required in Mattermost v3.8 and later.** + +In Mattermost v5.1 and later, the URL may contain a subpath, such as ``"https://example.com/company/mattermost"``. + +If Site URL is not set, the following features will not operate correctly: + + - Email notifications will contain broken links, and email batching will not work. + - Authentication via OAuth 2.0, including GitLab, Google, and Office 365, will fail. + - Plugins may not work as expected. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SiteURL": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ + +Test Live URL +^^^^^^^^^^^^^^^ + +This button confirms that the value entered into the Site URL is valid and live. + +Listen Address +^^^^^^^^^^^^^^ + +The address and port to which to bind and listen. Specifying ":8065" will bind to all network interfaces. Specifying ``127.0.0.1:8065`` will only bind to the network interface having that IP address. + +If you choose a port of a lower level (called "system ports" or "well-known ports", in the range of 0-1023), you must have permissions to bind to that port. + +On Linux you can use: ``sudo setcap cap_net_bind_service=+ep /opt/mattermost/bin/mattermost`` to allow Mattermost to bind to well-known ports. + ++-------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ListenAddress": ":8065"`` with string input. | ++-------------------------------------------------------------------------------------------+ + +Forward port 80 to 443 +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Forwards all insecure traffic from port 80 to secure port 443. + +**False**: When using a proxy such as NGINX in front of Mattermost this setting is unnecessary and should be set to ``false``. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Forward80To443": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Connection Security +^^^^^^^^^^^^^^^^^^^^ + +**None**: Mattermost will connect over an unsecure connection. + +**TLS**: Encrypts the communication between Mattermost clients and your server. See `documentation `__ for more details. + ++---------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""`` and ``"TLS"``. | ++---------------------------------------------------------------------------------------------------------------------------------------------+ + +TLS Certificate File +^^^^^^^^^^^^^^^^^^^^^ + +The path to the certificate file to use for TLS connection security. + ++------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSCertFile": ""`` with string input. | ++------------------------------------------------------------------------------------+ + +TLS Key File +^^^^^^^^^^^^ + +The path to the TLS key file to use for TLS connection security. + ++-----------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSKeyFile": ""`` with string input. | ++-----------------------------------------------------------------------------------+ + +Use Let's Encrypt +^^^^^^^^^^^^^^^^^^ + +**True**: Enable the automatic retrieval of certificates from Let's Encrypt. The certificate will be retrieved when a client attempts to connect from a new domain. This will work with multiple domains. See :doc:`../install/config-tls-mattermost` for more details on setting up Let's Encrypt. + +**False**: Manual certificate specification based on the **TLS Certificate File** and **TLS Key File** specified above. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseLetsEncrypt": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + If Let's Encrypt is enabled, forward port 80 through a firewall, with `Forward80To443 `__ ``config.json`` setting set to ``true`` to complete the Let's Encrypt certification. + +Let's Encrypt Certificate Cache File +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The path to the file where certificates and other data about the Let's Encrypt service will be stored. + ++-----------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------+ + +Read Timeout +^^^^^^^^^^^^ + +Maximum time allowed from when the connection is accepted to when the request body is fully read. + ++----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReadTimeout": 300`` with numerical input. | ++----------------------------------------------------------------------------------------+ + +Write Timeout +^^^^^^^^^^^^^ + +If using HTTP (insecure), this is the maximum time allowed from the end of reading the request headers until the response is written. If using HTTPS, it is the total time from when the connection is accepted until the response is written. + ++-----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"WriteTimeout": 300`` with numerical input. | ++-----------------------------------------------------------------------------------------+ + +Idle Timeout +^^^^^^^^^^^^ + +Set an explicit idle timeout in the HTTP server. This is the maximum time allowed before an idle connection is disconnected. + ++-----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdleTimeout": 60`` with numerical input. | ++-----------------------------------------------------------------------------------------+ + +Allow use of API v3 endpoints +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +Set to ``false`` to disable all version 3 endpoints of the REST API. Integrations that rely on API v3 will fail and can then be identified for migration to API v4. API v3 is deprecated and will be removed in the near future. See https://api.mattermost.com for details. + ++---------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAPIv3": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------+ + +Webserver Mode +^^^^^^^^^^^^^^^ + +gzip compression applies to the HTML, CSS, Javascript, and other static content files that make up the Mattermost web client. It is recommended to enable gzip to improve performance unless your environment has specific restrictions, such as a web proxy that distributes gzip files poorly. + +**gzip**: The Mattermost server will serve static files compressed with gzip to improve performance. + +**Uncompressed**: The Mattermost server will serve static files uncompressed. + +**Disabled**: The Mattermost server will not serve static files. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"WebserverMode": "gzip"`` with options ``"gzip"``, ``"uncompressed"``, and ``"disabled"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Insecure Outgoing Connections +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Outgoing HTTPS requests can accept unverified, self-signed certificates. For example, outgoing webhooks to a server with a self-signed TLS certificate, using any domain, will be allowed. + +**False**: Only secure HTTPS requests are allowed. + +**Security note:** Enabling this feature makes these connections susceptible to man-in-the-middle attacks. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableInsecureOutgoingConnections": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Managed Resource Paths +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A comma-separated list of paths within the Mattermost domain that are managed by a third party service instead of Mattermost itself. Links to these paths will be opened in a new tab/window by Mattermost apps. For example, if Mattermost is running on ``https://mymattermost.com``, setting this to ``conference`` will cause links such as ``https://mymattermost.com/conference`` to be opened in a new window. + +When using the Mattermost Desktop App, additional configuration is required to open the link within the Desktop App instead of in a browser. See `here `_ for more information. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ManagedResourcePaths": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Reload Configuration from Disk +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +The workflow for failover without downing the server is to change the database line in the ``config.json`` file, click **Reload Configuration from Disk** then click **Recycle Database Connections** in the **Advanced > Database** section. + +Purge All Caches +^^^^^^^^^^^^^^^^ + +This button purges all the in-memory caches for sessions, accounts and channels. Deployments using High Availability will attempt to purge all the servers in the cluster. Purging the caches may adversely impact performance. + +Database +~~~~~~~~ + +Changes to properties in this section require a server restart before taking effect. + +Driver Name +^^^^^^^^^^^ + +This setting can only be changed from ``config.json`` file, it cannot be changed from the System Console user interface. + +**``mysql``**: Enables driver to MySQL database. + +**``postgres``**: Enables driver to PostgreSQL database. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DriverName": "mysql"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Data Source +^^^^^^^^^^^ + +This is the connection string to the master database. When **DriverName** is set to ``postgres``, use a connection string in the form ``postgres://mmuser:password@localhost:5432/mattermost_test?sslmode=disable&connect_timeout=10``. This setting can only be changed from ``config.json`` file. + +.. note:: + To enable SSL, add ``&tls=true`` to your database connection string if your SQL driver supports it. Add ``&tls=skip-verify`` if you use self-signed certificates. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DataSource": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Idle Connections +^^^^^^^^^^^^^^^^^^^^^^^^ + +Maximum number of idle connections held open to the database. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxIdleConns": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Connection Idle Timeout +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Maximum time a database connection can remain idle. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnMaxIdleTimeMilliseconds": 5`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Open Connections +^^^^^^^^^^^^^^^^^^^^^^^^ + +Maximum number of open connections held open to the database. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxOpenConns": 300`` with numerical input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Query Timeout +^^^^^^^^^^^^^ + +The number of seconds to wait for a response from the database after opening a connection and sending the query. Errors that you see in the UI or in the logs as a result of a query timeout can vary depending on the type of query. + ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"QueryTimeout": 30`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------------------+ + +Disable Database Search +^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Disables the use of the database to perform searches. Should only be used when other `search engines `_ are configured. If this setting is set to ``true`` and another search engine is not configured, it will result in empty search results. + +**False**: Database search is not disabled. + ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DisableDatabaseSearch": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------+ + +Maximum Connection Lifetime +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Maximum lifetime for a connection to the database, in milliseconds. Use this setting to configure the maximum amount of time a connection to the database may be reused. Defaults to an hour (3,600,000 milliseconds). + ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnMaxLifetimeMilliseconds": 3600000`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------------------+ + +Minimum Hashtag Length +^^^^^^^^^^^^^^^^^^^^^^ + +Minimum number of characters in a hashtag. This must be greater than or equal to 2. MySQL databases must be configured to support searching strings shorter than three characters, see `documentation `_. + ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MinimumHashtagLength": 3`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------------------+ + +At Rest Encrypt Key +^^^^^^^^^^^^^^^^^^^ + +A 32-character key for encrypting and decrypting sensitive fields in the database. You can generate your own cryptographically random alphanumeric string, or you can go to **System Console > Environment > Database** and click **Regenerate**, which displays the value until you click **Save**. + +When using High Availability, the salt must be identical in each instance of Mattermost. + +No fields are encrypted using ``AtRestEncryptKey``. It's a legacy setting used to encrypt data stored at rest in the database. + ++------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AtRestEncryptKey": ""`` with string input. | ++------------------------------------------------------------------------------------------+ + +SQL Statement Logging (Trace) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Executing SQL statements are written to the log for development. + +**False**: SQL statements are not written to the log. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Trace": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Recycle Database Connections +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +This button reconnects to the database listed in the configuration settings. All old connections are closed after 20s. + +The workflow for failover without downing the server is to change the database line in the ``config.json`` file, click **Reload Configuration from Disk** in the **Environment > Database** section, then click **Recycle Database Connections**. + +Elasticsearch +~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Changes to properties in this section require a server restart before taking effect. + +Enable Elasticsearch Indexing +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Indexing of new posts occurs automatically. Search queries will use database search until **Enable Elasticsearch for search queries** is enabled. `Learn more about Elasticsearch in our documentation `__. + +**False**: Elasticsearch indexing is disabled and new posts are not indexed. If indexing is disabled and re-enabled after an index is created, it is recommended to purge and rebuild the index to ensure complete search results. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Server Connection Address +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. + ++------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionUrl": ""`` with string input. | ++------------------------------------------------------------------------------------------------------------------------+ + +Skip TLS Verification +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Skips the certificate verification step for TLS connections. Not recommended for production environments where TLS is required. For testing only. + +**False**: Mattermost does not skip certificate verification. + ++-------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SkipTLSVerification": false`` with boolean input. | ++-------------------------------------------------------------------------------------------------------+ + +Server Username +^^^^^^^^^^^^^^^ + +(Optional) The username to authenticate to the Elasticsearch server. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Username": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ + +Server Password +^^^^^^^^^^^^^^^^ + +(Optional) The password to authenticate to the Elasticsearch server. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Password": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ + +Enable Cluster Sniffing +^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Sniffing finds and connects to all data nodes in your cluster automatically. + +**False**: Sniffing is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Sniff": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Bulk Indexing +^^^^^^^^^^^^^ + +This button starts a bulk index of all existing posts in the database. If the indexing process is cancelled the index and search results will be incomplete. + +Purge Indexes +^^^^^^^^^^^^^ + +This button purges the entire Elasticsearch index. Typically only used if the index has corrupted and search is not behaving as expected. After purging the index a new index can be created with the **Bulk Index** button. + +Enable Elasticsearch for Search Queries +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Elasticsearch will be used for all search queries using the latest index. Search results may be incomplete until a bulk index of the existing post database is finished. + +**False**: Database search is used for search queries. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Elasticsearch for Autocomplete Queries +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Elasticsearch will be used for all autocompletion queries on users and channels using the latest index. Autocompletion results may be incomplete until a bulk index of the existing users and channels database is finished. + +**False**: Database autocomplete is used. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File Storage +~~~~~~~~~~~~ + +Mattermost currently supports storing files on the local filesystem and Amazon S3 or S3 compatible containers. + +.. note:: + We have tested Mattermost with `MinIO `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. + +File Storage System +^^^^^^^^^^^^^^^^^^^^ + ++-------------------------+-----------------------+ +| ``config.json`` setting | ``DriverName`` | ++-------------------------+-----------------------+ +| Allowed Values | ``"local"`` (default) | +| | ``"amazons3"`` | ++-------------------------+-----------------------+ + +This selects which file storage system is used: Local File System or Amazon S3. + +**Local File System**: Files and images are stored in the specified local file directory. + +**Amazon S3**: Files and images are stored on Amazon S3 based on the provided access key, bucket and region fields. The ``"amazons3"`` driver is compatible with MinIO (Beta) and Digital Ocean Spaces based on the provided access key, bucket, and region fields. + +Local Storage Directory +^^^^^^^^^^^^^^^^^^^^^^^^ + +The local directory to which files are written when the File Storage System is set to ``"local"``. This is relative to the directory Mattermost is installed to and defaults to ``"./data"`` When File Storage System is set to S3 this setting has no effect. + ++-------------------------+------------------------------------------------------------------------------------------+ +| ``config.json`` setting | ``Directory`` | ++-------------------------+------------------------------------------------------------------------------------------+ +| Allowed Values | Any directory writeable by the user Mattermost is running as. Defaults to ``"./data/"``. | ++-------------------------+------------------------------------------------------------------------------------------+ + +Maximum File Size +^^^^^^^^^^^^^^^^^^ + +Maximum file size for message attachments entered in megabytes in the System Console UI. Converted to bytes in ``config.json`` at 1048576 bytes per megabyte. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxFileSize": 104857600`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. warning:: Verify server memory can support your setting choice. Large file sizes increase the risk of server crashes and failed uploads due to network disruptions. + +.. note:: + If you use a proxy or load balancer in front of Mattermost its settings need to be adjusted accordingly. For NGINX use ``client_max_body_size``. For Apache use ``LimitRequestBody``. + +Enable Document Search by Content +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable users to search the contents of documents attached to messages. + +**True**: Documents are searchable by their content. + +.. note:: + Document content search results for files shared before upgrading to Mattermost Server 5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older files based on file name only. + +**False**: Documents aren't searchable by their content. When document content search is disabled, users can search for files by file name only. + +You can optionally install `these dependencies `__ to extend content searching support to include file formats beyond PDF, DOCX, and ODT, such as DOC, RTF, XML, HTML, and PAGES. If you choose not to install the dependencies, you will see log entries for documents that couldn't be extracted. Any documents that can't be extracted are skipped and logged so that content extraction can proceed. The search support each dependency offers is described below: + +- ``tidy``: Used to search the contents of HTML and PAGES documents. +- ``wv``: Used to search the contents of DOC documents. +- ``popplerutils``: Used to significantly improve server performance when extracting the contents of PDF documents. +- ``unrtf``: Used to search the contents of RTF documents. +- ``Justtext``: Used to search HTML documents. + +.. note:: + Document content search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older documents based on file name only. + ++---------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileSettings.ExtractContent": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + - Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. + - Searching document contents adds load to your server. + - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. + +Enable Searching Content of Documents within ZIP Files +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This configuration setting enables users to search the contents of compressed ZIP files attached to messages. + +**True**: Contents of documents within ZIP files are returned in search results. This may have an impact on server performance for large files. + +**False**: The contents of documents within ZIP files aren't returned in search results. + ++---------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileSettings.ArchiveRecursion": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + - Document content search within ZIP files is available in Mattermost Server from v5.35, with mobile support coming soon. + - Searching document contents adds load to your server. + - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. + +Amazon S3 Bucket +^^^^^^^^^^^^^^^^^ + +The name of the bucket for your S3-compatible object storage instance. + ++-------------------------+----------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Bucket`` | ++-------------------------+----------------------------------------------+ +| Allowed Values | A string with the S3-compatible bucket name. | ++-------------------------+----------------------------------------------+ + +Amazon S3 Region +^^^^^^^^^^^^^^^^^ + +The AWS region you selected when creating your S3 bucket. If no region is set, Mattermost attempts to get the appropriate region from AWS and sets it to ``"us-east-1"`` if none is found. For MinIO or Digital Ocean Spaces, leave this setting empty. + ++-------------------------+-----------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Region`` | ++-------------------------+-----------------------------------------------------+ +| Allowed Values | A string with the AWS region containing the bucket. | ++-------------------------+-----------------------------------------------------+ + +Amazon S3 Access Key ID +^^^^^^^^^^^^^^^^^^^^^^^^ + +This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the Access Key ID. + ++-------------------------+----------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3AccessKeyId`` | ++-------------------------+----------------------------------------------------------------------+ +| Allowed Values | A string with the access key for the S3-compatible storage instance. | ++-------------------------+----------------------------------------------------------------------+ + +Amazon S3 Endpoint +^^^^^^^^^^^^^^^^^^^ + +Hostname of your S3-compatible instance. Defaults to ``"s3.amazonaws.com"``. + +.. note:: + For Digital Ocean Spaces, the hostname should be set to ``".digitaloceanspaces.com"``, where ```` is the abbreviation for the region you chose when setting up the Space. It can be ``nyc3``, ``ams3``, or ``sgp1``. + ++-------------------------+-------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Endpoint`` | ++-------------------------+-------------------------------------------------------------------+ +| Allowed Values | A string with the hostname of the S3-compatible storage instance. | ++-------------------------+-------------------------------------------------------------------+ + +Amazon S3 Secret Access Key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The secret access key associated with your Amazon S3 Access Key ID. + ++-------------------------+-----------------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SecretAccessKey`` | ++-------------------------+-----------------------------------------------------------------------------+ +| Allowed Values | A string with the secret access key for the S3-compatible storage instance. | ++-------------------------+-----------------------------------------------------------------------------+ + +Enable Secure Amazon S3 Connections +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables only secure Amazon S3 connections. + +**False**: Allows insecure connections to Amazon S3. + ++-------------------------+----------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SSL`` | ++-------------------------+----------------------------------------------+ +| Allowed Values | ``true`` or ``false``. Defaults to ``true``. | ++-------------------------+----------------------------------------------+ + +Enable Server-Side Encryption for Amazon S3 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. + +**False**: Doesn't encrypt files in Amazon S3. + +.. note:: + Server-side encryption only works with Amazon S3. + ++-------------------------+-----------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SSE`` | ++-------------------------+-----------------------------------------------+ +| Allowed Values | ``true`` or ``false``. Defaults to ``false``. | ++-------------------------+-----------------------------------------------+ + +Enable Amazon S3 Debugging +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When ``true``, log additional debugging information to the system logs. Typically set to ``false`` in production. + +**False**: No Amazon S3 debugging information is included in the system logs. + ++-------------------------+-----------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Trace`` | ++-------------------------+-----------------------------------------------+ +| Allowed Values | ``true`` or ``false``. Defaults to ``false``. | ++-------------------------+-----------------------------------------------+ + +Test Connection +^^^^^^^^^^^^^^^^ + +Ensures that the user can access the server and that the settings are valid. + +Image Proxy +~~~~~~~~~~~~ + +Enable Image Proxy +^^^^^^^^^^^^^^^^^^ + +When ``true``, enables an image proxy for loading external images. The image proxy is used by the Mattermost apps to prevent them from connecting directly to remote servers. This anonymizes their connections and prevents them from accessing insecure content. + +See the :doc:`documentation ` to learn more. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ + +Image Proxy Type +^^^^^^^^^^^^^^^^^ + +The type of image proxy used by Mattermost. There are two options: + +**local**: The Mattermost server itself acts as the image proxy. This is the default option. + +**atmos/camo**: An external `atmos/camo `__ image proxy is used. + +See the `documentation `__ to learn more. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ImageProxyType": "local"``, with options ``"local"`` and ``"atmos/camo"`` for the above settings, respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Remote Image Proxy URL +^^^^^^^^^^^^^^^^^^^^^^^ + +The URL of the ``atmos/camo`` proxy. This setting is not needed when using the local image proxy. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteImageProxyURL": ""`` with string input. | ++---------------------------------------------------------------------------------------------------------------------+ + +Remote Image Proxy Options +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The URL signing key passed to an ``atmos/camo`` image proxy. This setting is not needed when using the local image proxy. + +See the `documentation `_ to learn more. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteImageProxyOptions": ""`` with string input. | ++---------------------------------------------------------------------------------------------------------------------+ + +SMTP +~~~~ + +SMTP Email Server +^^^^^^^^^^^^^^^^^ + +Location of SMTP email server used for email notifications. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPServer": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SMTP Server Port +^^^^^^^^^^^^^^^^^ + +Port of SMTP email server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPPort": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SMTP Server Timeout +^^^^^^^^^^^^^^^^^^^ + +The maximum amount of time (in seconds) allowed for establishing a TCP connection between Mattermost and the SMTP server, to be idle before being terminated. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPServerTimeout": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable SMTP Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: SMTP username and password are used for authenticating to the SMTP server. + +**False**: Mattermost doesn't attempt to authenticate to the SMTP server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSMTPAuth": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SMTP Server Username +^^^^^^^^^^^^^^^^^^^^ + +The username for authenticating to the SMTP server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPUsername": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SMTP Server Password +^^^^^^^^^^^^^^^^^^^^^ + +The password associated with the SMTP username. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPPassword": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _email-tls: + +Connection Security +^^^^^^^^^^^^^^^^^^^^ + +**None**: Send email over an unsecure connection. + +**TLS**: Communication between Mattermost and your email server is encrypted. + +**STARTTLS**: Attempts to upgrade an existing insecure connection to a secure connection using TLS. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``"TLS"``, and ``"STARTTLS"``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Skip Server Certificate Verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost will not verify the email server certificate. + +**False**: Mattermost will verify the email server certificate. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Security Alerts +^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enable System Admins to be notified by email if a relevant security fix alert is announced. Requires email to be enabled. To learn more about this feature, see :doc:`../manage/telemetry`. + +**False**: Security alerts are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSecurityFixAlert": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Push Notification Server +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable Push Notifications +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Your Mattermost server sends mobile push notifications to the server specified in **PushNotificationServer**. + +**False**: Mobile push notifications are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SendPushNotifications": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Push Notification Server +^^^^^^^^^^^^^^^^^^^^^^^^ + +Location of Mattermost Push Notification Service (MPNS), which re-sends push notifications from Mattermost to services like Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM). + +To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__: + +- For Enterprise Edition, enter ``https://push.mattermost.com`` for the push notification server hosted in the United States. If you prefer to use a push notification server hosted in Germany, enter ``https://hpns-de.mattermost.com/``. +- For Team Edition, enter ``https://push-test.mattermost.com``. + +Please review full documentation on `push notifications and mobile applications `__ including guidance on compiling your own mobile apps and MPNS before deploying to production. + +.. note:: + The ``https://push-test.mattermost.com`` server is provided for testing push notifications prior to compiling your own service. Please make sure `to read about its limitations `_. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PushNotificationServer": "https://push-test.mattermost.com"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Max Notifications Per Channel +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Maximum total number of users in a channel before @all, @here, and @channel no longer send notifications to maximize performance. + +If you want to increase this value, the recommendation is to increase it a little at a time and monitor system health with `performance monitoring metrics `__. We also recommend only increasing this value if large channels have restricted permissions for who can post to the channel (for instance, a read-only Town Square channel). + ++--------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxNotificationsPerChannel": 1000`` with numerical input. | ++--------------------------------------------------------------------------------------------------------+ + +**Troubleshooting Push Notifications** + +To confirm push notifications are working: + +1. Go to **System Console > Notifications > Environment > Push Notification Server > Enable Push Notifications** and select **Use TPNS connection to send notifications to iOS and Android apps**. +2. Set **Push Notification Server** to ``https://push.mattermost.com`` if using Enterprise Edition. If using Team Edition, set the value to ``https://push-test.mattermost.com``. +3. To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__ and log in to your team site. +4. Close the app on your device, and close any other connections to your team site. +5. Wait 5 minutes and have another team member send you a direct message, which should trigger a push notification to the Mattermost app on your mobile device. +6. You should receive a push notification on your device alerting you of the direct message. + +If you did not receive an alert: + +1. Set **System Console > Environment > Logging > File Log Level** to *DEBUG* (make sure to set this back to *INFO* after troubleshooting to save disk space). +2. Repeat the above steps. +3. Go to **System Console > Reporting > Server Logs** and copy the log output into a file. +4. For Enterprise Edition customers, `submit a support request with the file attached `__. For Team Edition users, please start a thread in the `troubleshooting forum `__ for peer-to-peer support. + +.. _high-availability: + +High Availability +~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Changes to properties in this section require a server restart before taking effect. + +When High Availability mode is enabled, the System Console is set to read-only and settings can only be changed by editing the configuration file directly. However, for testing and validating a High Availability setup, you can set ``ReadOnlyConfig`` to ``false``, which allows changes made in the System Console to be saved back to the configuration file. + +To learn more about configuring High Availability, see `High Availability Cluster `_. + +Enable High Availability Mode +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: The Mattermost server will attempt inter-node communication with the other servers in the cluster that have the same cluster name. This sets the System Console to read-only mode to keep the servers ``config.json`` files in sync. + +**False**: Mattermost High Availability is disabled. + ++-----------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------+ + +Cluster Name +^^^^^^^^^^^^ + +The cluster to join by name. Only nodes with the same cluster name will join together. This is to support Blue-Green deployments or staging pointing to the same database. + ++------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClusterName": ""`` with string input. | ++------------------------------------------------------------------------------------+ + +Override Hostname +^^^^^^^^^^^^^^^^^ + +If blank, Mattermost attempts to get the hostname from the OS or use the IP address. You can override the hostname of this server with this property. It is not recommended to override the hostname unless needed. This property can also be set to a specific IP address if needed. Also see `cluster discovery `_ for more details. + ++-----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"OverrideHostname": ""`` with string input. | ++-----------------------------------------------------------------------------------------+ + +Use IP Address +^^^^^^^^^^^^^^ + +**True**: The cluster attempts to communicate using the IP address. + +**False**: The cluster attempts to communicate using the hostname. + ++---------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseIpAddress": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------+ + +Use Gossip +^^^^^^^^^^ + +.. note:: + All cluster traffic uses the gossip protocol. From Mattermost Server v5.36 gossip clustering can no longer be disabled. + +**True**: The server attempts to communicate via the gossip protocol over the gossip port. + +**False**: The server attempts to communicate over the streaming port. + +Note that the gossip port and gossip protocol are used to determine cluster health even when this setting is ``false``. + ++--------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseExperimentalGossip": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------+ + +Enable Experimental Gossip Encryption +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: All communication through the cluster using the gossip protocol will be encrypted. + +**False**: All communication using gossip protocol remains unencrypted. + +The encryption uses AES-256 by default, and it is not kept configurable by design. However, you can manually set the ``ClusterEncryptionKey`` row value in the Systems table. A key is a byte array converted to base64. It should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. + ++--------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableExperimentalGossipEncryption": false`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------+ + +Enable Gossip Compression +^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: All communication through the cluster uses gossip compression. This is set to ``true`` by default to maintain compatibility with older servers. + +**False**: All communication using the gossip protocol remains uncompressed. Once all servers in a cluster are upgraded to Mattermost v5.33 or later, we recommend that you disable this configuration setting for better performance. + ++--------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableGossipCompression": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------+ + +Gossip Port +^^^^^^^^^^^ + +The port used for the gossip protocol. Both UDP and TCP should be allowed on this port. + ++-------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GossipPort": 8074`` with numerical input. | ++-------------------------------------------------------------------------------------------+ + +Streaming Port +^^^^^^^^^^^^^^ + +The port used for streaming data between servers. + ++----------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"StreamingPort": 8075`` with numerical input. | ++----------------------------------------------------------------------------------------------+ + +Inter-Node Listen Address +^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Deprecated. Not used in version 4.0 and later* + +The address the Mattermost Server will listen on for inter-node communication. When setting up your network you should secure the listen address so that only machines in the cluster have access to that port. This can be done in different ways, for example, using IPsec, security groups, or routing tables. + ++-----------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"InterNodeListenAddress": ":8075"`` with string input. | ++-----------------------------------------------------------------------------------------------------+ + +Inter-Node URLs +^^^^^^^^^^^^^^^ + +*Deprecated. Not used in version 4.0 and later* + +A list of all the machines in the cluster, such as ``["http://10.10.10.2", "http://10.10.10.4"]``. It is recommended to use the internal IP addresses so all the traffic can be secured. + ++--------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"InterNodeUrls": []`` with string array input consisting of the machines in the cluster. | ++--------------------------------------------------------------------------------------------------------------------------------------+ + +Rate Limiting +~~~~~~~~~~~~~~ + +Changes to properties in this section require a server restart before taking effect. + +Enable Rate Limiting +^^^^^^^^^^^^^^^^^^^^^ + +Rate limiting prevents your server from being overloaded with too many requests. This decreases the risk and impact of third-party applications or malicious attacks on your server. + +**True**: APIs are throttled at the rate specified by **PerSec**. + +**False**: APIs are not throttled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Queries per Second +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Throttle API at this number of requests per second if rate limiting is enabled. + +The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PerSec": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Burst Size +^^^^^^^^^^^^^^^^^^^^ + +Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. + +Maximum number of requests allowed beyond the per second query limit. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxBurst": 100`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Memory Store Size +^^^^^^^^^^^^^^^^^^^ + +Maximum number of user sessions connected to the system as determined by ``VaryByRemoteAddr`` and ``VaryByHeader`` variables. + +Typically set to the number of users in the system. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MemoryStoreSize": 10000`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Vary rate limit by remote address +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Rate limit API access by IP address. Recommended to set to ``true`` if you're using a proxy. + +**False**: Rate limiting does not vary by IP address. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"VaryByRemoteAddr": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Vary rate limit by user +^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Rate limit API access by user authentication token. Recommended to set to ``true`` if you're using a proxy. + +**False**: Rate limiting does not vary by user authentication token. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"VaryByUser": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Vary rate limit by HTTP header +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Vary rate limiting by HTTP header field specified (e.g. when configuring Ngnix set to ``X-Real-IP``, when configuring AmazonELB set to ``X-Forwarded-For``). Recommended to be set if you're using a proxy. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"VaryByHeader": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Advanced Logging +~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Output logs to multiple targets +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Allow any combination of console, local file, syslog, and TCP socket targets, and send log records to multiple targets. These targets have been chosen as they support the vast majority of log aggregators, and other log analysis tools, without needing additional software installed. + +System Admins can define multiple log targets to: + +- Mirror log output to files and log aggregators for redundancy. +- Log certain entries to specific destinations. For example, all errors could be routed to a specific destination for review. + +Additional configuration options include: + +- Multiple local file targets: Supports rotation and compression triggered by size and/or duration. +- Multiple syslogs: Supports local and remote syslog servers, with or without TLS transport. +- Multiple TCP sockets: TCP socket target can be configured with an IP address or domain name, port, and optional TLS certificate. + +All access to the REST API or CLI is audited. When using Advanced Logging for auditing, System Admins can capture the following auditing in the target configuration in addition to discrete log levels: + +.. code-block:: none + + "Levels": [ + {"ID": 100, "Name": "audit-api"}, + {"ID": 101, "Name": "audit-content"}, + {"ID": 102, "Name": "audit-permissions"}, + {"ID": 103, "Name": "audit-cli"}, + ], + +Where: + +- ``audit-api``: Enables output of REST API calls. +- ``audit-content``: Enables output of API calls that generate content (e.g. ``create post``, ``create reaction``). +- ``audit-permissions``: Enables output of all permissions failures. +- ``audit-cli``: Enables output of legacy CLI calls. + +.. Note:: + - Logs are recorded asynchronously to reduce latency to the caller. + - Advanced logging supports hot-reloading of logger configuration. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``LogSettings.AdvancedLoggingConfig`` which can contain a filespec to another config file, a database DSN, or JSON. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Options outlined in `this text file `__ are described in the following table. + ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **Key** | **Definition** | **Type** | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **Levels** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| ID | Unique log level identifier. Must be registered in ``mattermost/mattermost-server/shared/mlog/levels.go``. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Name | Human-readable name for the log level identifier. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Stacktrace | Set to ``true`` to generate a stacktrace. Set to ``false`` to prevent a stacktrace from being generated. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **Targets** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Type | Can be one of: ``console``, ``file``, ``syslog``, or ``tcp``. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Format | Can be either ``json`` or ``plain``. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Levels | Array of log levels. | [] | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Options | Map of options specific to the target type. | {} | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| MaxQueueSize | The number of audit records that can be queued/buffered at any point in time when writing to syslog. Default is 1000. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **Console** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Out | Can be either ``stdout`` or ``stderr``. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **File** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Filename | Path and filename for logs. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| MaxAgeDays | Number of days until a rotation is triggered. Set to ``0`` to not rotate based on age. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| MaxBackups | Maximum number of rotated files to keep where the oldest are deleted. Set to ``0`` to discard rotated files. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| MaxSizeMB | Maximum file size before a rotation is triggered. Set to ``0`` to prevent rotation based on file size. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Compress | Set to ``true`` to compress files after rotation. Set to ``false`` to not compress files after rotation. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **SysLog** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| IP | IP address or domain of the syslog server. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Port | Listening port of syslog server. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Tag | Typically the program name, machine name, or node name. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| TLS | Set to ``true`` to connect via TLS. Set to ``false`` to prevent connecting via TLS. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Cert | For TLS connections where TLS is set to ``true``, the filename of client certificate or base64-encoded certificate. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Insecure | Used for testing purposes only. Set to ``true`` to prevent a certificate check from being performed. Set to ``false`` to perform a certificate check. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| **TCP** | | | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| IP | IP address or domain of the socket server. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Port | Listening port of the socket server. | int | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| TLS | Set to ``true`` to connect via TLS. Set to ``false`` to prevent connecting via TLS. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Cert | For TLS connections where TLS is set to ``true``, the filename of client certificate or base64-encoded certificate. | string | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ +| | | | +| Insecure | Used for testing purposes only. Set to ``true`` to prevent a certificate check from being performed. Set to ``false`` to perform a certificate check. | bool | ++---------------+--------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+ + +.. Note:: + Filenames for ``AdvancedLoggingConfig`` can contain an absolute filename, a relative filename, or embedded JSON. + +See the :download:`Advanced Logging Options Sample JSON ZIP file <../samples/advanced-logging-options-sample-json.zip>` for a sample configuration file. + +Standard Logging +~~~~~~~~~~~~~~~~ + +*Available in all editions* + +Output logs to console +^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + Logs are rotated once the log file reaches a size of 100 MB or more. + +**True**: Output log messages to the console based on ``ConsoleLevel`` option. The server writes messages to the standard output stream (stdout). + +**False**: Output log messages are not written to the console. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableConsole": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Console Log Level +^^^^^^^^^^^^^^^^^ + +Level of detail at which log events are written to the console when ``EnableConsole`` = ``true``. + +**DEBUG**: Prints high detail for developers debugging issues. + +**ERROR**: Outputs only error messages. + +**INFO**: Outputs error messages and information around startup and initialization. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConsoleLevel": "DEBUG"`` with options ``"DEBUG"``, ``"ERROR"``, and ``"INFO"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Output console logs as JSON +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. + +**True**: Logged events are written in a machine-readable JSON format. + +**False**: Logged events are written in plain text. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConsoleJson": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +Colorize plain text console logs +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting can only be changed from ``config.json`` file, it cannot be changed from the System Console user interface. + +**True**: When logged events are output to the console as plain text, colorize log levels details. + +**False**: Plain text log details aren't colorized in the console. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableColor": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +Output logs to file +^^^^^^^^^^^^^^^^^^^^ + +Typically set to ``true`` in production. When ``true``, logged events are written to the ``mattermost.log`` file in the directory specified by the **FileLocation** setting. The logs are archived to a file in the same directory, and given a name with a datestamp and serial number. For example, ``mattermost.2017-03-31.001``. + +**True**: Log files are written to files specified in ``FileLocation``. + +**False**: Log files are not written. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFile": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +File Log Level +^^^^^^^^^^^^^^^ + +Level of detail at which log events are written to log files when ``EnableFile`` = ``true``. + +**ERROR**: Outputs only error messages. + +**INFO**: Outputs error messages and information around startup and initialization. + +**DEBUG**: Prints high detail for developers debugging issues. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileLevel": "INFO"`` with options ``"DEBUG"``, ``"ERROR"``, and ``"INFO"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Output file logs as JSON +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Typically set to ``true`` in production. When ``true``, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. + +**True**: Logged events are written in a machine-readable JSON format. + +**False**: Logged events are written in plain text. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileJson": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +File Log Directory +^^^^^^^^^^^^^^^^^^^ + +The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileLocation": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Webhook Debugging +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Contents of incoming webhooks are printed to log files for debugging. + +**False**: Contents of incoming webhooks are not printed to log files. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableWebhookDebugging": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Diagnostics and Error Reporting +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: To improve the quality and performance of future Mattermost updates, this option sends error reporting and diagnostic information to Mattermost, Inc. All diagnostics and error reporting is encrypted in transit and does not include personally identifiable information or message contents. To learn more about this feature, see :doc:`../manage/telemetry`. + +**False**: Diagnostics and error reporting are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableDiagnostics": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Session Lengths +~~~~~~~~~~~~~~~~ + +User sessions are cleared when a user tries to log in. Additionally, a job runs every 24 hours to clear sessions from the sessions database table. + +Extend session length with activity +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Improves user experience by extending sessions and keeping users logged in if they are active in their Mattermost apps. + +**True**: Sessions will be automatically extended when the user is active in their Mattermost client. User sessions will only expire if they are not active in their Mattermost client for the entire duration of the session lengths defined in the fields below. + +**False**: Sessions will not extend with activity in Mattermost. User sessions will immediately expire at the end of the session length or idle timeouts defined below. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExtendSessionLengthWithActivity": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Session length for email and AD/LDAP authentication (days) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Set the number of days from the last time a user entered their credentials to the expiry of the user's session on email and AD/LDAP authentication. + +After changing this setting, the new session length will take effect after the next time the user enters their credentials. + ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthWebInDays": 30`` with numerical input. | ++--------------------------------------------------------------------------------------------------------------+ + +Session length for mobile apps (days) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Set the number of days from the last time a user entered their credentials to the expiry of the user's session on mobile apps. + +After changing this setting, the new session length will take effect after the next time the user enters their credentials. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthMobileInDays": 180`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------+ + +Session length for SSO authentication (days) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defines the session length for SSO authentication, such as SAML, GitLab, and OAuth 2.0. + +Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML, GitLab, or OAuth 2.0, the user may automatically be logged back in to Mattermost if they are already logged in to SAML, GitLab, or with OAuth 2.0. + +After changing this setting, the setting will take effect after the next time the user enters their credentials. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays": 30`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Session Cache (minutes) +^^^^^^^^^^^^^^^^^^^^^^^^ + +Set the number of minutes to cache a session in memory. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionCacheInMinutes": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Session Idle Timeout (minutes) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The number of minutes from the last time a user was active on the system to the expiry of the user's session. Once expired, the user will need to log in to continue. Minimum is 5 minutes, and 0 is unlimited. + +Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. + +This setting does not take effect if ``ExtendSessionLengthWithActivity`` is set to ``true``. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes": 43200`` with numerical input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Performance Monitoring +~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Changes to properties in this section require a server restart before taking effect. + +Enable Performance Monitoring +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost enables performance monitoring collection and profiling. Please see `documentation `__ to learn more about configuring performance monitoring for Mattermost. + +**False**: Mattermost performance monitoring is disabled. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Listen Address +^^^^^^^^^^^^^^^ + +The address the Mattermost server will listen on to expose performance metrics. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"InterNodeListenAddress": ":8067"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Developer +~~~~~~~~~~ + +Enable Testing Commands +^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: ``/test`` slash command is enabled to load test accounts and test data. + +**False**: ``/test`` slash command is disabled. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableTesting": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Developer Mode +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Javascript errors are shown in a purple bar at the top of the user interface. Not recommended for use in production. + +**False**: Users are not alerted to Javascript errors. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableDeveloper": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow Untrusted Internal Connections To +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting limits the ability for the Mattermost server to make untrusted requests within its local network. A request is considered "untrusted" when it's made on behalf of a client. The following features make untrusted requests and are affected by this setting: + +- Integrations using webhooks, slash commands, or message actions. This prevents them from requesting endpoints within the local network. +- Link previews. When a link to a local network address is posted in a chat message, this prevents a link preview from being displayed. +- The `local image proxy `_. If the local image proxy is enabled, images located on the local network cannot be used by integrations or posted in chat messages. + +Requests that can only be configured by admins are considered trusted and will not be affected by this setting. Trusted URLs include ones used for OAuth login or for sending push notifications. + +.. warning:: + This setting is intended to prevent users located outside your local network from using the Mattermost server to request confidential data from inside your network. Care should be used when configuring this setting to prevent unintended access to your local network. + +Some examples of when you may want to modify this setting include: + +- When installing a plugin that includes its own images, such as `Matterpoll `__, you will need to add the Mattermost server's domain name to this list. +- When running a bot or webhook-based integration on your local network, you'll need to add the hostname of the bot/integration to this list. +- If your network is configured in such a way that publicly-accessible web pages or images are accessed by the Mattermost server using their internal IP address, the hostnames for those servers must be added to this list. + +This setting is a whitelist of local network addresses that can be requested by the Mattermost server. It's configured as a whitespace-separated list of hostnames, IP addresses, and CIDR ranges that can be accessed (such as ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``). Since v5.9, the public IP of the Mattermost application server itself is also considered a reserved IP. + +.. note:: + Use whitespaces instead of commas to list the hostnames, IP addresses, or CIDR ranges. For example: ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``. + +IP address and domain name rules are applied before host resolution. CIDR rules are applied after host resolution, and only CIDR rules require DNS resolution. We try to match IP addresses and hostnames without even resolving. If that fails, we resolve using the local resolver (by reading the ``/etc/hosts`` file first), then check for matching CIDR rules. For example, if the domain "webhooks.internal.example.com" resolves to the IP address ``10.0.16.20``, a webhook with the URL "https://webhooks.internal.example.com/webhook" can be whitelisted using ``webhooks.internal.example.com`` or ``10.0.16.16/28``, but not ``10.0.16.20``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowedUntrustedInternalConnections": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Site Configuration +------------------- + +Settings for customizing your Mattermost deployment. + +Customization +~~~~~~~~~~~~~ + +Site Name +^^^^^^^^^^^ + +Name of service shown in login screens and UI. Maximum 30 characters. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SiteName": "Mattermost"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Site Description +^^^^^^^^^^^^^^^^ + +Description of service shown in login screens and UI. When not specified, "All team communication in one place, searchable and accessible anywhere" is displayed. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CustomDescriptionText": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Custom Branding +^^^^^^^^^^^^^^^^^^^^^^^^ + +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* + +**True**: Enables custom branding to show a JPG image some custom text on the server login page. + +**False**: Custom branding is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableCustomBrand": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Custom Brand Image +^^^^^^^^^^^^^^^^^^^ + +Custom JPG image is displayed on left side of server login page. Recommended maximum image size is less than 2 MB because image will be loaded for every user who logs in. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This features has no ``config.json`` setting and must be set in the System Console user interface. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Custom Brand Text +^^^^^^^^^^^^^^^^^ + +Custom text will be shown below custom brand image on left side of server login page. Maximum 500 characters allowed. You can format this text using the same `Markdown formatting codes `__ as using in Mattermost messages. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CustomBrandText": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Ask Community Link +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: **Ask the community** link is visible in the Mattermost channel header, under the **Help** menu. When clicked, users are redirected to https://mattermost.com/pl/default-ask-mattermost-community/, where they can join the Mattermost Community to ask questions and help others troubleshoot issues. This option is not available on the mobile apps. + +**False**: The link is not visible to users. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"enable_ask_community_link": ""`` with options ``true`` and ``false``. Defaults to true. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Help link +^^^^^^^^^^^ + +Configurable link to a Help page your organization may provide to end users. By default, links to Mattermost help documentation hosted on `docs.mattermost.com `__. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"HelpLink": "https://about.mattermost.com/default-help/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Support Email +^^^^^^^^^^^^^^ + +Set an email address for feedback or support requests. + +To ensure that users can contact you for assistance, set this value to an email address your System Admin receives, such as ``"support@yourcompany.com"``. This address is displayed on email notifications and during the Getting Started tutorial. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SupportEmail": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Terms of Service link +^^^^^^^^^^^^^^^^^^^^^^ + +Configurable link to Terms of Service your organization may provide to end users on the footer of the sign-up and login pages. By default, links to a Terms of Service page hosted on about.mattermost.com. If changing the link to a different Terms of Service, make sure to include the "Mattermost Conditions of Use" notice to end users that must also be shown to users from the "Terms of Service" link. + +In version 5.17 and later, this setting does not change the terms of service link in **Main Menu > About Mattermost**, which refers to the Mattermost Terms of Service. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TermsOfServiceLink": "https://about.mattermost.com/default-terms/"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Privacy Policy link +^^^^^^^^^^^^^^^^^^^^ + +Configurable link to Privacy Policy your organization may provide to end users on the footer of the sign-up and login pages. By default, links to a Privacy Policy page hosted on about.mattermost.com. + +In version 5.17 and later, this setting does not change the privacy policy link in **Main Menu > About Mattermost**, which refers to the Mattermost Privacy Policy. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +About Link +^^^^^^^^^^^^ + +Configurable link to an About page describing your organization may provide to end users. By default, links to an About page hosted on about.mattermost.com. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AboutLink": "https://about.mattermost.com/default-about/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Report a Problem link +^^^^^^^^^^^^^^^^^^^^^^^ + +Set the link for the support website. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/"`` with string input. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +App Custom URL Schemes +^^^^^^^^^^^^^^^^^^^^^^ + +Define valid custom URL schemes for redirect links provided by custom-built mobile Mattermost apps. This ensures users are redirected to the custom-built mobile app and not Mattermost's mobile client. + +When configured, after OAuth or SAML user authentication is complete, custom URL schemes sent by mobile clients are validated to ensure they don't include default schemes such as ``http`` or ``https``. Mobile users are then redirected back to the mobile app using the custom scheme URL provided by the mobile client. We recommend that you update your mobile client values as well with valid custom URL schemes. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NativeAppSettings.AppCustomURLSchemes"`` with an array of strings as input. For example: ``[custom-app://, some-app://]``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Mattermost Apps Download Page Link +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Configurable link to a download page for Mattermost Apps. When a link is present, an option to **Download Apps** will be added in the Main Menu so users can find the download page. Leave this field blank to hide the option from the Main Menu. Defaults to a page on about.mattermost.com where users can download the iOS, Android, and Desktop clients. If you're using an `Enterprise App Store `__ for your mobile apps, change this link to point to a customized download page where users can find the correct apps. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AppDownloadLink": "https://mattermost.com/download/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Android App Download Link +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Configurable link to download the Android app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/"`` with string input. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +iOS App Download Link +^^^^^^^^^^^^^^^^^^^^^ + +Configurable link to download the iOS app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Localization +~~~~~~~~~~~~~ + +Default Server Language +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Default language for system messages and logs. + +Changes to this setting require a server restart before taking effect. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultServerLocale": "en"`` with options ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Default Client Language +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Default language for newly-created users and pages where the user hasn't logged in. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultClientLocale": "en"`` with options ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Available Languages +^^^^^^^^^^^^^^^^^^^ + +Sets which languages are available for users in **Account Settings > Display > Languages**. Leave the field blank to add new languages automatically by default, or add new languages using the dropdown menu manually as they become available. If you're manually adding new languages, the **Default Client Language** must be added before saving the setting. + +.. note:: + Servers which upgraded to v3.1 need to manually set this field blank to have new languages added by default. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AvailableLocales": ""`` with options ``""``, ``"bg"``, ``"de"``, ``"en"``, ``"es"``, ``"fr"``, ``"hu"``, ``"it"``, ``"ja"``, ``"ko"``, ``"nl"``, ``"pl"``, ``"pt-br"``, ``"ro"``, ``"ru"``, ``"sv"``, ``"tr"``, ``"zh_CN"``, and ``"zh_TW"``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Users and Teams +~~~~~~~~~~~~~~~ + +Max Users Per Team +^^^^^^^^^^^^^^^^^^^^ + +Maximum number of users per team, excluding inactive users. + +The **Max Users Per Team** refers to the size of the "team site" which is workspace a "team of people" inhabits. A team of people is considered a small organization where people work closely together towards a specific shared goal and share the same etiquette. In the physical world, a team of people could typically be seated around a single table to have a meal and discuss their project. + +The default maximum of 50 people, is at the extreme high end of a single team of people. At this point organizations are more often "multiple teams of people" and investments in explicitly defining etiquette, such as `channel organization `__ or turning on `policy features `__ in Enterprise Edition, are often used to scale the high levels of productivity found in a team of people using Mattermost to multiple teams of people. + +In terms of technical performance, `with appropriate hardware, Mattermost can easily scale to hundreds and even thousands of users `__, and provided the administrator believes the appropriate etiquette is in place, they should feel free to increase the default value. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxUsersPerTeam": 50`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Max Channels Per Team +^^^^^^^^^^^^^^^^^^^^^^ + +Maximum number of channels per team, including both active and deleted channels. + ++---------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxChannelsPerTeam": 2000`` with numerical input. | ++---------------------------------------------------------------------------------------------------+ + +Enable users to open Direct Message channels with +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**Any user on the Mattermost server**: The Direct Messages **More** menu has the option to open a Direct Message channel with any user on the server. + +**Any member of the team**: The Direct Messages **More** menu only has the option to open a Direct Message channel with users on the current team, and CTRL/CMD+K channel switcher only lists users on the current team. If a user belongs to multiple teams, Direct Messages will still be received regardless of what team they are currently on. + +This setting only affects the UI, not permissions on the server. For instance, a Direct Message channel can be created with anyone on the server regardless of this setting. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictDirectMessage": "any"`` with options ``"any"`` and ``"team"`` for the above settings, respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow Team Administrators to edit others' posts +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*This permission is stored in the database and can be modified using the System Console user interface.* + +**True**: Team Admins and System Admins can edit other users' posts. + +**False**: Only System Admins can edit other users' posts. + +.. note:: + System Admins and Team Admins can always delete other users' posts. This setting is only available for Team Edition servers. Enterprise Edition servers can use `Advanced Permissions `__ to configure this permission. + +Enable Team Directory +^^^^^^^^^^^^^^^^^^^^^ + +*Removed in May 16th, 2016 release* + +**True**: Teams that are configured to appear in the team directory will appear on the system main page. Teams can configure this setting from **Team Settings > Include this team in the Team Directory**. + +**False**: Team directory on the system main page is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableTeamListing": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Teammate Name Display +^^^^^^^^^^^^^^^^^^^^^ + +Specifies how names are displayed in the user interface by default. Please note that users can override this setting in **Account Settings > Display > Teammate Name Display**. + +**Show username**: Displays the user's username. + +**Show nickname if one exists**: Displays the user's nickname. If the user does not have a nickname, their full name is displayed. If the user does not have a full name, their username is displayed. + +**Show first and last name**: Displays the user's full name. If the user does not have a full name, their username is displayed. Recommended when using SAML or LDAP if first name and last name attributes are configured. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TeammateNameDisplay": "username"`` with options ``"username"``, ``"nickname_full_name"``, and ``"full_name"`` for the above settings, respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow Users to View Archived Channels (Beta) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allows users to view, share, and search for content of channels that have been archived. Users can only view the content in channels of which they were a member before the channel was archived. + +**False**: Users are unable to view, share, or search for content of channels that have been archived. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalViewArchivedChannels": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Show Email Address +^^^^^^^^^^^^^^^^^^^^ + +**True**: Show email address of all users. + +**False**: Hide email address of users from other users in the user interface, including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Admins will still be able to see email addresses in the UI. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ShowEmailAddress": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Show Full Name +^^^^^^^^^^^^^^^ + +**True**: Show full name of all users. + +**False**: Hide full name of users from other users including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Admins will still be able to see full names in the UI. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ShowFullName": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Custom User Statuses +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users can set descriptive status messages and optional status emojis that are visible to all users. + +**False**: Users are unable to set custom user statuses. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableCustomUserStatuses": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notifications +~~~~~~~~~~~~~~ + +Show @channel and @all confirmation dialog +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users will be prompted to confirm when posting @channel and @all in channels with over five members. + +**False**: No confirmation is required. + ++--------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableConfirmNotificationsToChannel": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------+ + +Enable Email Notifications +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables sending of email notifications. + +**False**: Disables email notifications for posts. This is useful for developers who may want to skip email setup for faster development. In order to remove the **Preview Mode: Email notifications have not been configured** banner, you should also set **Enable Preview Mode Banner** to ``false``. + +If this setting is set to ``false`` and the SMTP server is set up, account related emails (such as password, email, username, user token, MFA, and other authentication related changes) will be sent regardless of this setting. + +Email invitations and account deactivation emails are not affected by this setting. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SendEmailNotifications": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. _email-preview-mode-banner-config: + +Enable Preview Mode Banner +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Preview Mode banner is displayed to all users when ``"SendEmailNotifications": false`` so users are aware that email notifications are disabled. + +**False**: Preview Mode banner is not displayed to users. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePreviewModeBanner": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Email Batching +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users can select how often to receive email notifications, and multiple notifications within that timeframe will be combined into a single email. Batching will occur at a default interval of 15 minutes, configurable in **Account Settings > Notifications**. + +.. note:: + - Email batching cannot be enabled unless the `SiteURL `__ is configured and the `SMTP Email Server `__ is configured. + - Email batching in `High Availability mode `__ is planned but not yet supported. + +**False**: If email notifications are enabled in Account Settings, emails will be sent individually for every mention or direct message received. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableEmailBatching": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email Notification Contents +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +**Send full message contents**: Sender name and channel are included in email notifications. + +**Send generic description with only sender name**: The team name and name of the person who sent the message, with no information about channel name or message contents, is included in email notifications. Typically used for compliance reasons if Mattermost contains confidential information and policy dictates it cannot be stored in email. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailNotificationContentsType": "full"`` with options ``"full"`` and ``"generic"`` for the above settings, respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notification Display Name +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Name displayed on email account used when sending notification emails from Mattermost system. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FeedbackName": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notification From Address +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Address displayed on email account used when sending notification emails from within Mattermost. + +So you don't miss messages, please make sure to change this value to an email your system administrator receives, such as ``"admin@yourcompany.com"``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FeedbackEmail": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notification Reply-To Address +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Email address used in the Reply-To header when sending notification emails from Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReplyToAddress": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notification Footer Mailing Address +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Organization name and mailing address displayed in the footer of email notifications from Mattermost, such as "© ABC Corporation, 565 Knight Way, Palo Alto, California, 94305, USA". If the field is left empty, the organization name and mailing address will not be displayed. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FeedbackOrganization": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Push Notification Contents +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**Generic description with only sender name**: Push notifications include only the name of the person who sent the message but no information about channel name or message text. + +**Generic description with sender and channel names**: Push notifications include names of users and channels but no specific details from the message text. + +**Full message content sent in the notification payload**: Selecting **Send full message snippet** sends excerpts from messages triggering notifications with specifics and may include confidential information sent in messages. If your Push Notification Service is outside your firewall, it is HIGHLY RECOMMENDED this option only be used with an "https" protocol to encrypt the connection. + +**ID-Only Push Notifications - Full message content fetched from the server on receipt** (*Available in Enterprise Edition E20*): The notification payload relayed through the `Apple Push Notification service `_ or `Firebase Cloud Messaging `_ service contains no message content. Instead it contains a unique message ID used to fetch message content from the server when a push notification is received by a device via a `notification service app extention `_ on iOS or `an expandable notification pattern `_ on Android. If the server cannot be reached, a generic push notification message is displayed without message content or sender name. + +For customers who choose to wrap the Mattermost mobile application in a secure container, such as BlackBerry Dymanics, MobileIron, AirWatch or other solutions, the container needs to execute the fetching of message contents from the unique message ID when push notification are received. If the container is unable to execute the fetch, the push notification contents cannot be received by the customer's mobile application without passing the message contents through either the `Apple Push Notification service `_ or `Firebase Cloud Messaging `_ service. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PushNotificationContents": "full"`` with options ``"generic_no_channel"``, ``"generic"``, ``"full"``, and ``"id_loaded"`` for the above settings, respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Announcement Banner +~~~~~~~~~~~~~~~~~~~~ + +Enable Announcement Banner +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable an announcement banner across all teams. The banner is displayed at the top of the screen and is the entire width of the screen. By default, users can dismiss the banner until you either change the text of the banner or until you re-enable the banner after it has been disabled. You can prevent users from dismissing the banner, and you can control the text color and the background color. + +**True**: Enable the announcement banner. The banner is displayed only if ``BannerText`` has a value. + +**False**: Disable the announcement banner. + ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableBanner": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------+ + +Banner Text +^^^^^^^^^^^ + +The text of the announcement banner. + ++------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BannerText": ""`` with string input. | ++------------------------------------------------------------------------------------+ + +Banner Color +^^^^^^^^^^^^ + +The background color of the announcement banner. + ++---------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BannerColor": "#f2a93b"`` with string input. | ++---------------------------------------------------------------------------------------------+ + +Banner Text Color +^^^^^^^^^^^^^^^^^ + +The color of the text in the announcement banner. + ++-------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BannerTextColor": "#333333"`` with string input. | ++-------------------------------------------------------------------------------------------------+ + +Allow Banner Dismissal +^^^^^^^^^^^^^^^^^^^^^^ +**True**: Users can dismiss the banner until the next time they log in or the banner is updated. + +**False**: The banner is permanently visible until it is turned off by the System Admin. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowBannerDismissal": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------+ + +Emoji +~~~~~~ + +Enable Emoji Picker +^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables an emoji picker that allows users to select emojis to add as reactions or use in messages. Enabling the emoji picker with a large number of Custom Emojis may slow down performance. + +**False**: Emoji picker is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableEmojiPicker": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Custom Emoji +^^^^^^^^^^^^^^^^^^^^ +**True**: Enables a Custom Emoji option in the Main Menu, where users can go to create customized emoji. + +**False**: Custom Emojis are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableCustomEmoji": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Restrict Custom Emoji Creation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* + +*Available in Enterprise Edition E10 and higher* + +**Allow everyone to create custom emoji**: Allows everyone to create Custom Emoji from the **Main Menu > Custom Emoji**. + +**Allow System and Team Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System or Team Admins. + +**Only allow System Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System Admins. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictCustomEmojiCreation": "all"`` with options ``"all"``, ``"admin"``, and ``"system_admin"`` for the above settings, respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Posts +~~~~~~ + +Enable Link Previews +^^^^^^^^^^^^^^^^^^^^ + +Link previews are previews of linked website content, image links, and YouTube videos that are displayed below posts when available. + +Link previews are requested by the server, meaning the Mattermost server must be connected to the internet for previews to be displayed. This connection can be established through a `firewall or outbound proxy `__ in environments where direct internet connectivity is not given or security policies make this necessary. + +**True**: Website link previews, image link previews, and YouTube previews are enabled on the server. Users can enable or disable website previews for themselves from **Account Settings > Display > Website Link Previews**. + +**False**: Website link previews, image link previews, and YouTube previews are disabled. The server does not request metadata for any links sent in messages. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableLinkPreviews": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Disable Link Previews for Specific Domains +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Link previews are disabled for this list of comma-separated domains (e.g. “github.com, mattermost.com”). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictLinkPreviews": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable SVGs +^^^^^^^^^^^ + +**True**: Enables users to see previews of SVG file attachments and SVG image links. + +**False**: Previews of SVG file attachments and SVG image links are not displayed. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSVGs": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable LaTeX Rendering +^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables rendering of LaTeX code. + +**False**: Disables rendering of LaTeX code to prevent the app from crashing when sharing code that might outgrow assigned memory. When disabled, LaTeX code will be highlighted. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableLatex": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Local Mode +^^^^^^^^^^^^^^^^^^ + +**True**: Enables local mode for mmctl. + +**False**: Prevents local mode for mmctl. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableLocalMode": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Local Mode Socket Location +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The path for the socket that the server will create for mmctl to connect and communicate through local mode. If the default value for this key is changed, you will need to point mmctl to the new socket path when in local mode, using the ``--local-socket-path /new/path/to/socket`` flag in addition to the ``--local`` flag. + +If nothing is specified, the default path that both the server and mmctl assumes is ``/var/tmp/mattermost_local.socket``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Custom URL Schemes +^^^^^^^^^^^^^^^^^^ + +A list of URL schemes that are used for autolinking in message text. ``http``, ``https``, ``ftp``, ``tel`` and ``mailto`` always create links. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CustomUrlSchemes": []`` with string array input consisting of URL schemes, such as ``["git", "smtp"]``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Google API Key +^^^^^^^^^^^^^^^^ + +Mattermost offers the ability to embed YouTube videos from URLs shared by end users. + +Set this key and add YouTube Data API v3 as a service to your key to enable the display of titles for embedded YouTube video previews. Without the key, YouTube previews will still be created based on hyperlinks appearing in messages or comments but they will not show the video title. If Google detects the number of views is exceedingly high, they may throttle embed access. + +Should this occur, you can remove the throttle by registering for a Google Developer Key and entering it in this field following these instructions: https://www.youtube.com/watch?v=Im69kzhpR3I. Your Google Developer Key is used in client-side Javascript. + +Using a Google API Key allows Mattermost to detect when a video is no longer available and display the post with a *Video not found* label. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GoogleDeveloperKey": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File Sharing and Downloads +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Allow File Sharing +^^^^^^^^^^^^^^^^^^^ + +When ``false``, disables file sharing on the server. All file and image uploads on messages are forbidden across clients and devices, including mobile. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFileAttachments": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ + +Allow File Uploads on Mobile +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +When ``false``, disables file uploads on mobile apps. All file and image uploads on messages are forbidden across clients and devices, including mobile. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMobileUpload": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ + +Allow File Downloads on Mobile +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +When ``false``, disables file downloads on mobile apps. Users can still download files from a mobile web browser. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMobileDownload": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ + +Public Links +~~~~~~~~~~~~ + +Enable Public File Links +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allow users to generate public links to files and images for sharing outside the Mattermost system with a public URL. + +**False**: The **Get Public Link** option is hidden from the image preview user interface. + +**Note:** When switched to ``False``, anyone who tries to visit a previously generated public link will receive an error message saying public links have been disabled. When switched back to ``True``, old public links will work again unless the **Public Link Salt** has been regenerated. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePublicLink": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Public Link Salt +^^^^^^^^^^^^^^^^^^ + +32-character salt added to the URL of public links when public links are enabled. Click **Regenerate** in the System Console to create a new salt, which will invalidate all existing public links. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PublicLinkSalt": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Notices +~~~~~~~~ + +Enable Admin Notices +^^^^^^^^^^^^^^^^^^^^ + +**True**: System Admins will receive notices about available server upgrades and relevant system administration features. `Learn more `_ + +**False**: System Admins will not receive notices except those that apply to all end users (See ``UserNoticesEnabled``). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AdminNoticesEnabled": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable End User Notices +^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: All users will receive notices about available client upgrades and relevant end user features to improve user experience. `Learn more `_ + +**False**: Users will not receive notices about available client upgrades and relevant end user features. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserNoticesEnabled": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Authentication +--------------- + +Authentication settings to enable account creation and sign in with email, GitLab, Google or Office 365 OAuth, AD/LDAP, or SAML. + +Signup +~~~~~~~ + +Enable Account Creation +^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Ability to create new accounts is enabled via inviting new members or sharing the team invite link. + +**False**: Ability to create accounts is disabled. The **Create Account** button displays an error when trying to signup via an email invite or team invite link. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserCreation": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Restrict account creation to specified email domains +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Teams and user accounts can only be created by a verified email from this list of comma-separated domains (e.g. "corp.mattermost.com, mattermost.org"). + +This setting only affects email login. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Open Server +^^^^^^^^^^^^^^^^^^^ + +**True**: Users can sign up to the server from the root page without an invite. + +**False**: Users can only sign up to the server if they receive an invite. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOpenServer": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Email Invitations +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users can invite others to the Mattermost system by email. + +**False**: Email invitations are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableEmailInvitations": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Invalidate pending email invites +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This button invalidates active email invitations that have not been accepted by the user. By default email invitations expire after 48 hours. + +Enable Team Creation +^^^^^^^^^^^^^^^^^^^^^ + +*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* + +**True**: Ability to create a new team is enabled for all users. + +**False**: Only System Admins can create teams from the team selection page. The **Create A New Team** button is hidden in the Main Menu UI. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableTeamCreation": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email +~~~~~ + +Enable account creation with email +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allow team creation and account signup using email and password. + +**False**: Email signup is disabled. This limits signup to single sign-on services like OAuth or AD/LDAP. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSignUpWithEmail": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Require Email Verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Require email verification after account creation prior to allowing login. + +**False**: Users do not need to verify their email address prior to login. Developers may set this field to ``false`` to skip sending verification emails for faster development. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RequireEmailVerification": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable sign-in with email +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost allows account creation using email and password. + +**False**: Sign in with email is disabled and does not appear on the login screen. Use this value when you want to limit sign up to a Single Sign-on service like AD/LDAP, SAML, or GitLab. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSignInWithEmail": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable sign-in with username +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost allows users with email login to sign in using their username and password. This setting does not affect AD/LDAP login. + +**False**: Sign in with username is disabled and does not appear on the login screen. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``EnableSignInWithUsername": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Password +~~~~~~~~~ + +Minimum Password Length +^^^^^^^^^^^^^^^^^^^^^^^^ + +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* + +Minimum number of characters required for a valid password. Must be a whole number greater than or equal to 5 and less than or equal to 64. + ++----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MinimumLength": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------+ + +Password Requirements +^^^^^^^^^^^^^^^^^^^^^^ + +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* + +Set the required character types to be included in a valid password. Defaults to allow any characters unless otherwise specified by the checkboxes. The error messasage previewed in the System Console will appear on the account creation page if a user enters an invalid password. + +- **At least one lowercase letter**: Select this checkbox if a valid password must contain at least one lowercase letter. +- **At least one uppercase letter**: Select this checkbox if a valid password must contain at least one uppercase letter. +- **At least one number**: Select this checkbox if a valid password must contain at least one number. +- **At least one symbol**: Select this checkbox if a valid password must contain at least one symbol. Valid symbols include: ``!"#$%&'()*+,-./:;<=>?@[]^_`|~``. + +This feature's ``config.json`` settings are, respectively: + +.. list-table:: + :widths: 80 + + * - ``"Lowercase": true`` with options ``true`` and ``false``. + * - ``"Number": true`` with options ``true`` and ``false``. + * - ``"Uppercase": true`` with options ``true`` and ``false``. + * - ``"Symbol": true`` with options ``true`` and ``false``. + +Maximum Login Attempts +^^^^^^^^^^^^^^^^^^^^^^ + +Failed login attempts allowed before a user is locked out and required to reset their password via email. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaximumLoginAttempts": 10`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +MFA +~~~~ + +Configure security settings for multi-factor authentication. + +The default recommendation for secure deployment is to host Mattermost within your own private network, with VPN clients on mobile, so everything works under your existing security policies and authentication protocols, which may already include multi-factor authentication. + +If you choose to run Mattermost outside your private network, bypassing your existing security protocols, it is recommended you set up a multi-factor authentication service specifically for accessing Mattermost. + + +Enable Multi-factor Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When true, users with LDAP and email authentication will be given the option to require a phone-based passcode, in addition to their password-based authentication, to sign-in to the Mattermost server. Specifically, they will be asked to download the `Google Authenticator `__ app to their iOS or Android mobile device, connect the app with their account, and then enter a passcode generated by the app on their phone whenever they log in to the Mattermost server. + +**False**: Multi-factor authentication is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMultifactorAuthentication": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enforce Multi-factor Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +**True**: When true, `multi-factor authentication (MFA) `__ is required for login. New users will be required to configure MFA on signup. Logged in users without MFA configured are redirected to the MFA setup page until configuration is complete. If your system has users with login options other than AD/LDAP and email, MFA must be enforced with the authentication provider outside of Mattermost. + +**False**: Multi-factor authentication is optional. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP +~~~~~~~~ + +*Available in Enterprise Edition E10 and higher* + +Enable sign-in with AD/LDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost allows login using AD/LDAP or Active Directory. + +**False**: Login with AD/LDAP is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Synchronization with AD/LDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost periodically synchronizes users from AD/LDAP. + +**False**: AD/LDAP synchronization is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSync": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Server +^^^^^^^^^^^^^^^ + +The domain or IP address of the AD/LDAP server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LdapServer": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Port +^^^^^^^^^^^^^ + +The port Mattermost will use to connect to the AD/LDAP server. Defaults to ``389``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LdapPort": 389`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Connection Security +^^^^^^^^^^^^^^^^^^^^^ + +The type of connection security Mattermost uses to connect to AD/LDAP. + +**None**: No encryption, Mattermost will not attempt to establish an encrypted connection to the AD/LDAP server. + +**TLS**: Encrypts the communication between Mattermost and your server using TLS. + +**STARTTLS**: Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS. + +If the "No encryption" option is selected it is highly recommended that the AD/LDAP connection is secured outside of Mattermost, for example, by adding a stunnel proxy. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``"TLS"``, and ``"STARTTLS"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Private Key +^^^^^^^^^^^^ + +(Optional) The private key file provided by your LDAP Authentication Provider and uploaded if TLS client certificates are being used as the primary authentication mechanism. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Public Certificate +^^^^^^^^^^^^^^^^^^ + +(Optional) The public TLS certificate file provided by your LDAP Authentication Provider and uploaded if TLS client certificates are being used as the primary authentication mechanism. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + + +Skip Certificate Verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Skips the certificate verification step for TLS or STARTTLS connections. Not recommended for production environments where TLS is required. For testing only. + +**False**: Mattermost does not skip certificate verification. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SkipCertificateVerification": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Base DN +^^^^^^^^ + +The **Base Distinguished Name** of the location where Mattermost should start its search for users in the AD/LDAP tree. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BaseDN": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Bind Username +^^^^^^^^^^^^^ + +The username used to perform the AD/LDAP search. This should be an account created specifically for use with Mattermost. Its permissions should be limited to read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. When using Active Directory, **Bind Username** should specify domain in ``"DOMAIN/username"`` format. This field is required, and anonymous bind is not currently supported. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BindUsername": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Bind Password +^^^^^^^^^^^^^^ + +Password of the user given in **Bind Username**. Anonymous bind is not currently supported. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BindPassword": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +User Filter +^^^^^^^^^^^ + +(Optional) Enter an AD/LDAP Filter to use when searching for user objects (accepts `general syntax `__). Only the users selected by the query will be able to access Mattermost. + +Sample filters for Active Directory: + +- To filter out disabled users: ``(&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))``. +- To filter out by group membership, determine the distinguishedName of your group, then use the group membership general syntax format as your filter. + + * For example, if the security group distinguishedName is ``CN=group1,OU=groups,DC=example,DC=com``, then the user filter to use is: ``(memberOf=CN=group1,OU=groups,DC=example,DC=com)``. Note that the user must explicitly belong to this group for the filter to apply. + +This filter uses the permissions of the **Bind Username** account to execute the search. Administrators should make sure to use a specially created account for Bind Username with read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserFilter": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Guest Filter +^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Optional) Enter an AD/LDAP Filter to use when searching for external users who have Guest Access to Mattermost. Only the users selected by the query will be able to log in to and use Mattermost as Guests. This filter default is blank. + +See the `Guest Accounts documentation `__ for more information. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GuestFilter": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Admin Filter +^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Optional) Enter a filter to use for designating the System Admin role to users. When enabled the user is promoted to this role on their next login or at the next scheduled AD/LDAP sync. If the Admin Filter is removed, users who are currently logged in retain their Admin role. When they log out this is revoked and on their next login they will no longer have Admin privileges. + +This filter default is ``false`` and must be set to ``true`` in order for the Admin Filter to be used. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAdminFilter": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Group Filter +^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Optional) Enter an AD/LDAP Filter to use when searching for group objects (accepts `general syntax `__). Only the groups selected by the query will be able to access Mattermost. + +This filter is defaulted to ``(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))`` when blank. + +.. note:: + This filter is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GroupFilter": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Group Display Name Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Required) Enter an AD/LDAP Group Display name attribute used to populate Mattermost Group names. + +.. note:: + This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GroupDisplayNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Group Id Attribute +^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Required) Enter an AD/LDAP Group ID attribute to use as a unique identifier for Groups. This should be an AD/LDAP value that does not change. This is usually ``entryUUID`` for LDAP and ``objectGUID`` for AD. + +.. note:: + This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GroupIdAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +First Name Attribute +^^^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the AD/LDAP server used to populate the first name of users in Mattermost. When set, users cannot edit their first name, since it is synchronized with the LDAP server. When left blank, users can set their first name in Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Last Name Attribute +^^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the AD/LDAP server used to populate the last name of users in Mattermost. When set, users cannot edit their last name, since it is synchronized with the LDAP server. When left blank, users can set their last name in Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Nickname Attribute +^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the AD/LDAP server used to populate the nickname of users in Mattermost. When set, users cannot edit their nickname, since it is synchronized with the LDAP server. When left blank, users can set their nickname in Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Position Attribute +^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the AD/LDAP server used to populate the position field in Mattermost. When set, users cannot edit their position, since it is synchronized with the LDAP server. When left blank, users can set their position in Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email Attribute +^^^^^^^^^^^^^^^^^ + +The attribute in the AD/LDAP server used to populate the email address field in Mattermost. + +Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings chosen by the System Admin. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Profile Picture Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The attribute in the AD/LDAP server used to synchronize (and lock) the profile picture used in Mattermost. + +The Mattermost server will replace the user’s profile image upon login (not at the sync interval as with other attributes). The sync will not occur if the current Mattermost profile image matches the image associated with that user in AD/LDAP. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PictureAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Username Attribute +^^^^^^^^^^^^^^^^^^^ + +The attribute in the AD/LDAP server used to populate the username field in Mattermost. This may be the same as the Login ID Attribute. + +This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. + +The **Username Attribute** may be set to the same value used to sign-in to the system, called a **Login ID Attribute**, or it can be mapped to a different value. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +ID Attribute +^^^^^^^^^^^^^ + +The attribute in the AD/LDAP server used as a unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change. + +If a user's ID Attribute changes, a new Mattermost account (unassociated with the previous one) is created. To prevent this, it's recommended that a unique attribute such as ``objectGUID`` in Active Directory and ``entryUUID`` in LDAP be used instead. + +Before making any changes confirm with your LDAP provider whether these attributes are available in your environment. + +If you need to change this field after users have already logged in, use the `mattermost ldap idmigrate `__ CLI tool. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Login ID Attribute +^^^^^^^^^^^^^^^^^^^^ + +The attribute in the AD/LDAP server used to log in to Mattermost. Normally this attribute is the same as the **Username Attribute** field above. + +If your team typically uses domain\username to log in to other services with AD/LDAP, you may enter domain\username in this field to maintain consistency between sites. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginIdAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Login Field Name +~~~~~~~~~~~~~~~~~~ + +The placeholder text that appears in the login field on the login page. Typically this would be whatever name is used to refer to AD/LDAP credentials in your company, so it is recognizable to your users. Defaults to **AD/LDAP Username**. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginFieldName": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Synchronization Interval (minutes) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Set how often Mattermost accounts synchronize attributes with AD/LDAP, in minutes. + +When synchronizing, Mattermost queries AD/LDAP for relevant account information and updates Mattermost accounts based on changes to attributes (first name, last name, and nickname). + +When accounts are disabled in AD/LDAP users are made inactive in Mattermost, and their active sessions are revoked once Mattermost synchronizes attributes. To synchronize immediately after disabling an account, use the **AD/LDAP Synchronize Now** button. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SyncIntervalMinutes": 60`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + LDAP syncs cause a large number of database read queries. Ensure that you monitor database load during a sync to determine how often these syncs should happen in your environment in order to minimize performance degradation. + +Maximum Page Size +^^^^^^^^^^^^^^^^^^ + +The maximum number of users the Mattermost server will request from the AD/LDAP server at one time. Use this setting if your AD/LDAP server limits the number of users that can be requested at once. + +- A value of 0 is unlimited and does not paginate the results. +- A value of 1500 is recommended to align with the default AD/LDAP ``MaxPageSize`` setting. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxPageSize": 0`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Query Timeout (seconds) +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The timeout value for queries to the AD/LDAP server. Increase this value if you are getting timeout errors caused by a slow AD/LDAP server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"QueryTimeout": 60`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Test +^^^^^^^^^^^^^ + +This button can be used to test the connection to the AD/LDAP server. If the test is successful, it shows a confirmation message and if there is a problem with the configuration settings it will show an error message. + +AD/LDAP Synchronize Now +^^^^^^^^^^^^^^^^^^^^^^^^^ + +This button causes AD/LDAP synchronization to occur as soon as it is pressed. Use it whenever you have made a change in the AD/LDAP server you want to take effect immediately. After using the button, the next AD/LDAP synchronization will occur after the time specified by the Synchronization Interval. + +You can monitor the status of the synchronization job in the table below this button. + +.. note:: + If synchronization **Status** displays as ``Pending`` and does not complete, make sure that the **Enable Synchronization with AD/LDAP** setting is set to ``true``. + +.. figure:: ../images/ldap-sync-table.png + +.. _saml-enterprise: + +SAML +~~~~~ + +*Available in Enterprise Edition E20* + +.. note:: + In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. + +Use New SAML Library +^^^^^^^^^^^^^^^^^^^^^ + +*Removed in December 16, 2020 release* + +**True**: Enable an updated SAML Library, which does not require the XML Security Library (xmlsec1) to be installed. + +**False**: Continue using the existing implementation which uses the XML Security Library (xmlsec1). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseNewSAMLLibrary": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Login With SAML +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost allows login using SAML. Please see `documentation `__ to learn more about configuring SAML for Mattermost. + +**False**: Login with SAML is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Synchronizing SAML Accounts With AD/LDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost periodically synchronizes SAML user attributes, including user deactivation and removal, with AD/LDAP. Enable and configure synchronization settings at **Authentication > AD/LDAP**. See `documentation `__ to learn more. + +**False**: Synchronization of SAML accounts with AD/LDAP is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSyncWithLdap": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Ignore Guest Users When Synchronizing with AD/LDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Available when ``Enable Synchronizing SAML Accounts With AD/LDAP`` is set to ``true``. + +**True**: Mattermost ignores Guest Users identified by the Guest Attribute when synchronizing with AD/LDAP on user deactivation and removal. Manage guest deactivation manually via **System Console > Users**. See `documentation `__ to learn more. + +**False**: Synchronization of SAML deactivates and removes Guest Users when synchronizing with AD/LDAP. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IgnoreGuestsLdapSync": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Override SAML Bind Data with AD/LDAP Information +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost overrides the SAML ID attribute with the AD/LDAP ID attribute if configured or overrides the SAML Email attribute with the AD/LDAP Email attribute if SAML ID attribute is not present. See `documentation `__ to learn more. + +**False**: Mattermost uses the email attribute to bind users to SAML. + +.. note:: + Moving from ``true`` to ``false`` will prevent the override from happening. To prevent the disabling of user accounts, SAML IDs must match the LDAP IDs when this feature is enabled. This setting should be set to ``false`` unless LDAP sync is enabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSyncWithLdapIncludeAuth": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SAML SSO URL +^^^^^^^^^^^^^ + +The URL where Mattermost sends a SAML request to start login sequence. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdpURL": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Identity Provider Issuer URL +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The issuer URL for the Identity Provider you use for SAML requests. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdpDescriptorUrl": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Identity Provider Metadata URL +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The URL where Mattermost sends a request to obtain setup metadata from the provider. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdpMetadataUrl": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Identity Provider Public Certificate +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The public authentication certificate issued by your Identity Provider. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdpCertificateFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Verify Signature +^^^^^^^^^^^^^^^^^ + +**True**: Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL. + +**False**: Not recommended for production environments. For testing only. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Verify": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Service Provider Identifier +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The unique identifier for the Service Provider, usually the same as Service Provider Login URL. In ADFS, this must match the Relying Party Identifier. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ServiceProviderIdentifier": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Service Provider Login URL +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enter ``https:///login/sso/saml`` (example: ``https://example.com/login/sso/saml``). Make sure you use HTTP or HTTPS in your URL depending on your server configuration. This field is also known as the Assertion Consumer Service URL. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AssertionConsumerServiceURL": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SignatureAlgorithm +^^^^^^^^^^^^^^^^^^^ + +The signature algorithm used to sign the request. Supported options are `RSAwithSHA1 `_, `RSAwithSHA256 `_, and `RSAwithSHA512 `_. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SignatureAlgorithm": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +CanonicalAlgorithm +^^^^^^^^^^^^^^^^^^^ + +The canonicalization algorithm. Supported options are ``Canonical1.0`` for `Exclusive XML Canonicalization 1.0 (omit comments) `_ (``http://www.w3.org/2001/10/xml-exc-c14n#``) and ``Canonical1.1`` for `Canonical XML 1.1 (omit comments) `_ (``http://www.w3.org/2006/12/xml-c14n11``). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CanonicalAlgorithm": "Canonical1.0"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Encryption +^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate. + +**False**: Not recommended for production environments. For testing only. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Encrypt": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Service Provider Private Key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The private key used to decrypt SAML Assertions from the Identity Provider. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Service Provider Public Certificate +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The certificate file used to generate the signature on a SAML request to the Identity Provider for a service provider initiated SAML login, when Mattermost is the Service Provider. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Sign Request +^^^^^^^^^^^^^ +When ``true``, Mattermost signs the SAML request using your Service Provider Private Key. When ``false``, Mattermost does not sign the SAML request. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SignRequest": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email Attribute +^^^^^^^^^^^^^^^^^ + +The attribute in the SAML Assertion that will be used to populate the email addresses of users in Mattermost. + +Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings choosen by the System Admin. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Username Attribute +^^^^^^^^^^^^^^^^^^^ + +The attribute in the SAML Assertion that will be used to populate the username field in Mattermost user interface. This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Id Attribute +^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion used to bind users from SAML to users in Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Guest Attribute +^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Optional) The attribute in the SAML Assertion used to apply a Guest role to users in Mattermost. + +See the `Guest Accounts documentation `__ for more information. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GuestAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Admin Attribute +^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +(Optional) The attribute in the SAML Assertion for designating System Admins. The user is automatically promoted to this role on their next login. If the Admin Attribute is removed, users who are currently logged in retain their Admin role. When they log out this is revoked and on their next login they will no longer have Admin privileges. + +This attribute's default is ``false`` and must be set to ``true`` in order for the Admin Attribute to be used. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAdminAttribute": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +First Name Attribute +^^^^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion that will be used to populate the first name of users in Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Last Name Attribute +^^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion that will be used to populate the last name of users in Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Nickname Attribute +^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion that will be used to populate the nickname of users in Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Position Attribute +^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion that will be used to populate the position field for users in Mattermost (typically used to describe a person's job title or role at the company). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Preferred Language Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +(Optional) The attribute in the SAML Assertion that will be used to populate the language of users in Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LocaleAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Login Button Text +^^^^^^^^^^^^^^^^^^^ + +(Optional) The text that appears in the login button on the login page. Defaults to **SAML**. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonText": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Scoping IDP Provider Id +^^^^^^^^^^^^^^^^^^^^^^^^ + +Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Scoping IDP Name +^^^^^^^^^^^^^^^^ + +Adds the name associated with a user's Scoping Identity Provider ID. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +OAuth 2.0 +~~~~~~~~~~ + +Settings to configure OAuth login for account creation and login. + +Select OAuth 2.0 service provider +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Team Edition and Enterprise Edition E10* + +Choose whether OAuth can be used for account creation and login. Options include: + + - **Do not allow sign-in via an OAuth 2.0 provider** + - **GitLab** (see `GitLab Settings `__ for more detail) + - **Google Apps** (available in Enterprise Edition E20, see `Google Settings `__ for more detail) + - **Office 365** (available in Enterprise Edition E20, see `Office 365 Settings `__ for more detail) + +This feature's setting does not appear in ``config.json``. + +GitLab +~~~~~~ + +Enable authentication with GitLab +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allow team creation and account signup using GitLab OAuth. To configure, input the **Secret** and **Id** credentials. + +**False**: GitLab OAuth cannot be used for team creation or account signup. + +**Note**: For Enterprise, GitLab settings can be found under **OAuth 2.0** + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application ID +^^^^^^^^^^^^^^^ + +Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application Secret Key +^^^^^^^^^^^^^^^^^^^^^^^^ + +Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +User API Endpoint +^^^^^^^^^^^^^^^^^^ + +Enter ``https:///api/v3/user`` (example: ``https://example.com:3000/api/v3/user``). Use HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserApiEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Auth Endpoint +^^^^^^^^^^^^^^ +Enter ``https:///oauth/authorize`` (example: ``https://example.com:3000/oauth/authorize``). Use HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AuthEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Token Endpoint +^^^^^^^^^^^^^^^^ + +Enter ``https:///oauth/token`` (example: ``https://example.com:3000/oauth/token``). Use HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TokenEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Google +~~~~~~~~ + +*Available in Enterprise Edition E20* + +Enable authentication with Google by selecting ``Google Apps`` from **OAuth 2.0 > Select OAuth 2.0 service provider**. + +**True**: Allow team creation and account signup using Google OAuth. To configure, input the **Client ID** and **Client Secret** credentials. See `the documentation `__ for more detail. + +**False**: Google OAuth cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client ID +^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Google account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client Secret +^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Google account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +User API Endpoint +^^^^^^^^^^^^^^^^^^^ + +It is recommended to use `https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata` as the User API Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata"`` | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Auth Endpoint +^^^^^^^^^^^^^^ + +It is recommended to use ``"https://accounts.google.com/o/oauth2/v2/auth"`` as the Auth Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Token Endpoint +^^^^^^^^^^^^^^^^ + +It is recommended to use ``"https://www.googleapis.com/oauth2/v4/token"`` as the Token Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Office 365 +~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +.. note:: + In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. + +Enable authentication with Office 365 by selecting **Office 365** from **System Console > Authentication > OAuth 2.0 > Select OAuth 2.0 service provider**. + +**True**: Allow team creation and account signup using Office 365 OAuth. To configure, input the **Application ID** and **Application Secret Password** credentials. See `the documentation `__ for more detail. + +**False**: Office 365 OAuth cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application ID +^^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application Secret Password +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Directory (tenant) ID +^^^^^^^^^^^^^^^^^^^^^^ + +This value is the ID of the application's AAD directory. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DirectoryId": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +User API Endpoint +^^^^^^^^^^^^^^^^^^^ + +It is recommended to use ``"https://graph.microsoft.com/v1.0/me"`` as the User API Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://graph.microsoft.com/v1.0/me"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Auth Endpoint +^^^^^^^^^^^^^^^ + +It is recommended to use ``"https://accounts.google.com/o/oauth2/v2/auth"`` as the Auth Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Token Endpoint +^^^^^^^^^^^^^^^ + +It is recommended to use ``"https://login.microsoftonline.com/common/oauth2/v2.0/token"`` as the Token Endpoint. Otherwise, enter a custom endpoint in ``config.json`` with HTTP or HTTPS depending on how your server is configured. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Select OpenID Connect service provider +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Choose whether OpenID Connect can be used for account creation and login. Options include: + + - **Do not allow sign-in via an OpenID provider** + - **GitLab** (see `GitLab Settings `__ for more detail) + - **Google Apps** (available in Enterprise Edition E20, see `Google Settings `__ for more detail) + - **Office 365** (available in Enterprise Edition E20, see `Office 365 Settings `__ for more detail) + - **OpenID Connect (Other)** (available in Enterprise Edition E20, see `OpenID Connect Settings `__ for more detail) + +This feature's setting does not appear in ``config.json``. + +GitLab Settings +~~~~~~~~~~~~~~~ + +Enable authentication with GitLab +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allow team creation and account signup using GitLab OpenID Connect. To configure, input the **Secret**, **Id**, and **DiscoveryEndpoint** credentials. + +**False**: GitLab OpenID Connect cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application ID +^^^^^^^^^^^^^^^ + +Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a **Name**, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application Secret Key +^^^^^^^^^^^^^^^^^^^^^^^^ + +Obtain this value by logging into your GitLab account. Go to **Profile Settings > Applications > New Application**, enter a **Name**, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Discovery Endpoint +^^^^^^^^^^^^^^^^^^ + +This value is prepopulated with ``https://gitlab.com/.well-known/openid-configuration``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Google Settings +~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Enable authentication with Google by selecting ``Google Apps`` from **System Console > Authentication > OpenID Connect > Select service provider**. + +**True**: Allow team creation and account signup using Google OpenID Connect. To configure, input the **Client ID**, **Client Secret**, and **DiscoveryEndpoint** credentials. See `the documentation `__ for more detail. + +**False**: Google OpenID Connect cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client ID +^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Google account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client Secret +^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Google account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Discovery Endpoint +^^^^^^^^^^^^^^^^^^ + +This value is prepopulated with ``https://accounts.google.com/.well-known/openid-configuration``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Office 365 Settings +~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +.. note:: + In line with Microsoft ADFS guidance, we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. + +Enable authentication with Office 365 by selecting **Office 365** from **System Console > Authentication > OpenID Connect > Select service provider**. + +**True**: Allow team creation and account signup using Office 365 OpenID Connect. To configure, input the **Application ID** and **Application Secret Password** credentials. See `the documentation `__ for more detail. + +**False**: Office 365 OpenID Connect cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application ID +^^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Application Secret Password +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Discovery Endpoint +^^^^^^^^^^^^^^^^^^ + +This value is prepopulated with ``https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +OpenID Connect (Other) Settings +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Enable authentication with a service provider by selecting ``OpenID Connect (Other)`` from **System Console > Authentication > OpenID Connect > Select service provider**. + +**True**: Allow team creation and account signup using OpenID Connect. To configure, input the **Client ID**, **Client Secret**, and **DiscoveryEndpoint** credentials. See `the documentation `__ for more detail. + +**False**: OpenID Connect cannot be used for team creation or account signup. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client ID +^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your service provider account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client Secret +^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your service provider account. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Discovery Endpoint +^^^^^^^^^^^^^^^^^^ + +Obtain this value by registering Mattermost as an application in your service provider account. Should be in the format ``https://myopenid.provider.com/{my_company}/.well-known/openid-configuration`` where the value of *{my_company}* is replaced with your organization. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DiscoveryEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Button Text +^^^^^^^^^^^ + +Specify the text that displays on the OpenID login button. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ButtonText": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Button Color +^^^^^^^^^^^^ + +Specify the color of the OpenID login button for white labeling purposes. Use a hex code with a #-sign before the code, for example ``#145DBF``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ButtonColor": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Guest Access (Beta) +~~~~~~~~~~~~~~~~~~~~ + +Enable Guest Access +^^^^^^^^^^^^^^^^^^^ + +**True**: Allow guest invitations to channels within teams. Please see `Guest Accounts documentation `_ for more information. + +**False**: Email signup is disabled. This limits signup to Single sign-on services like OAuth or AD/LDAP. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Whitelisted Guest Domains +^^^^^^^^^^^^^^^^^^^^^^^^^ + +When populated, guest accounts can only be created by a verified email from this list of comma-separated domains. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enforce Multi-factor Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defaults to false and is read-only if multi-factor authentication is not enforced for regular users. + +**True**: When true, multi-factor authentication (MFA) is required for login. New guest users will be required to configure MFA on sign-up. Logged in guest users without MFA configured are redirected to the MFA setup page until configuration is complete. + +**False**: Multi-factor authentication for guests is optional. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Plugins (Beta) +-------------- + +Settings to configure plugins. + +Plugin Management +~~~~~~~~~~~~~~~~~~~ + +Enable Plugins +^^^^^^^^^^^^^^^ + +**True**: Enables plugins on your Mattermost server. Use plugins to integrate with third-party systems, extend functionality, or customize the user interface of your Mattermost server. See `documentation `__ to learn more. + +**False**: Disables plugins on your Mattermost server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Automatic Prepackaged Plugins +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Any pre-packaged plugins enabled in the configuration will be installed or upgraded automatically. If a newer version is already installed, no changes are made. + +**False**: Pre-packaged plugins are not installed or upgraded automatically but may be installed manually from the Plugin Marketplace, even when offline. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AutomaticPrepackagedPlugins": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Marketplace +^^^^^^^^^^^^^^^^^^^ + +**True**: Enables Plugin Marketplace on your Mattermost server for all System Admins. + +**False**: Disables Plugin Marketplace on your Mattermost server for all System Admins. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMarketplace": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Remote Marketplace +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: The server will attempt to connect to the configured Plugin Marketplace to show the latest plugins. If the connection fails, the Plugin Marketplace shows only pre-packaged and already installed plugins alongside a connection error. + +**False**: The server will not attempt to connect to a remote marketplace, instead showing only pre-packaged and already installed plugins. Use this setting if your server cannot connect to the internet. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableRemoteMarketplace": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Marketplace URL +^^^^^^^^^^^^^^^^ + +If the Marketplace is enabled, this setting specifies which URL should be used to query for new Marketplace plugins. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MarketplaceUrl": "https://api.integrations.mattermost.com"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Plugin Settings +^^^^^^^^^^^^^^^^ + +Settings specific to each plugin. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Plugins": {}`` with object input mapping plugin IDs as keys to objects containing plugin-specific data. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Installed Plugin State +^^^^^^^^^^^^^^^^^^^^^^ + +Lists installed plugins on your Mattermost server and whether they are enabled. Pre-packaged plugins are installed by default and can be deactivated, but not removed. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PluginStates": {}`` with object input mapping plugin IDs as keys to objects, each of which contains a key ``"Enable": false`` with options ``true`` or ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Require Plugin Signature +^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Require valid plugin signatures before starting managed or unmanaged plugins. Pre-packaged plugins are not subject to plugin signature verification. Plugins installed through the Plugin Marketplace are always subject to plugin signature verification at the time of download. + +**False**: Do not require valid plugin signatures before starting managed or unmanaged plugins. Pre-packaged plugins are not subject to plugin signature verification. Plugins installed through the Plugin Marketplace are always subject to plugin signature verification at the time of download. + ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RequirePluginSignature": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ + +Signature Public Key Files +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In addition to the Mattermost plugin signing key built into the server, each public key specified here is trusted to validate plugin signatures. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SignaturePublicKeyFiles": {}`` with with string array input consisting of contents that are relative or absolute paths to signature files. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Autolink +~~~~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Custom User Attributes +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +GitHub +~~~~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Jira +~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Net Promoter Score +~~~~~~~~~~~~~~~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Welcome Bot +~~~~~~~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Zoom +~~~~~ + +Configure this plugin directly in the ``config.json`` file. Learn more `in our documentation `_. + +Integrations +------------- + +Settings to configure webhooks, slash commands, and external integration services. + +Integration Management +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable Incoming Webhooks +^^^^^^^^^^^^^^^^^^^^^^^^^ +Developers building integrations can create webhook URLs for Public channels and Private channels. Please see our `documentation page `__ to learn about creating webhooks, view samples, and to let the community know about integrations you have built. + +**True**: Incoming webhooks will be allowed. To manage incoming webhooks, go to **Account Settings > Integrations**. The webhook URLs created in Account Settings can be used by external applications to create posts in any Public or Private channels that you have access to. + +**False**: The **Integrations > Incoming Webhooks** section of Account Settings is hidden and all incoming webhooks are disabled. + +Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableIncomingWebhooks": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Outgoing Webhooks +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Developers building integrations can create webhook tokens for Public channels. Trigger words are used to fire new message events to external integrations. For security reasons, outgoing webhooks are only available in Public channels. Please see our `documentation page `__ to learn about creating webhooks and view samples. + +**True**: Outgoing webhooks will be allowed. To manage outgoing webhooks, go to **Account Settings > Integrations**. + +**False**: The **Integrations > Outgoing Webhooks** section of Account Settings is hidden and all outgoing webhooks are disabled. + +Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOutgoingWebhooks": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Custom Slash Commands +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Slash commands send events to external integrations that send a response back to Mattermost. + +**True**: Allow users to create custom slash commands from **Main Menu > Integrations > Commands**. + +**False**: Slash commands are hidden in the **Integrations** user interface. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableCommands": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable OAuth 2.0 Service Provider +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost acts as an OAuth 2.0 service provider allowing Mattermost to authorize API requests from external applications. + +**False**: Mattermost does not function as an OAuth 2.0 service provider. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOAuthServiceProvider": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Restrict managing integrations to Admins +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*This permission has been migrated to the database and changing the ``config.json`` value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* + +**True**: When ``true``, webhooks and slash commands can only be created, edited, and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin. + +**False**: Any team members can create webhooks, slash commands` and OAuth 2.0 applications from **Main Menu > Integrations**. + +.. note:: + OAuth 2.0 applications can be authorized by all users if they have the **Client ID** and **Client Secret** for an app setup on the server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOnlyAdminIntegrations": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable integrations to override usernames +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Webhooks, slash commands, OAuth 2.0 apps, and other integrations such as `Zapier `__, will be allowed to change the username they are posting as. If no username is present, the username for the post is the same as it would be for a setting of ``False``. + +**False**: Custom slash commands can only post as the username of the user who used the slash command. OAuth 2.0 apps can only post as the username of the user who set up the integration. For incoming webhooks and outgoing webhooks, the username is "webhook". See https://mattermost.org/webhooks for more details. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePostUsernameOverride": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable integrations to override profile picture icons +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Webhooks, slash commands, and other integrations, such as `Zapier `__, will be allowed to change the profile picture they post with. + +**False**: Webhooks, slash commands, and OAuth 2.0 apps can only post with the profile picture of the account they were set up with. See https://mattermost.org/webhooks for more details. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePostIconOverride": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Personal Access Tokens +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When ``true``, users can create `personal access tokens `__ for integrations in **Account Settings > Security**. They can be used to authenticate against the API and give full access to the account. + +To manage who can create personal access tokens or to search users by token ID, go to the **System Console > Users** page. + +**False**: Personal access tokens are disabled on the server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserAccessTokens": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Bot Accounts +~~~~~~~~~~~~ + +Enable Bot Account Creation +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When ``true``, users can create bot accounts for integrations in **Integrations > Bot Accounts**. Bot accounts are similar to user accounts except they cannot be used to log in. See `documentation `_ to learn more. + +**False**: Bot accounts cannot be created through the user interface or the RESTful API. Plugins can still create and manage bot accounts. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableBotAccountCreation": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Disable bot accounts when owner is deactivated +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When a user is deactivated, disables all bot accounts managed by the user. To re-enable bot accounts, go to **Integrations > Bot Accounts**. + +**False**: When a user is deactivated, all bot accounts managed by the user remain active. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DisableBotsWhenOwnerIsDeactivated": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +GIF (Beta) +~~~~~~~~~~ + +Enable GIF Picker +^^^^^^^^^^^^^^^^^^ + +**True**: Allow users to select GIFs from the emoji picker via a Gfycat integration. + +**False**: GIFs cannot be selected in the emoji picker. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableGifPicker": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + `Link previews `_ must be enabled in order to display GIF link previews. Mattermost deployments restricted to access behind a firewall must open port 443 to both https://api.gfycat.com/v1 and https://gfycat.com/ (for all request types) for this feature to work. + +Gfycat API Key +^^^^^^^^^^^^^^^ + +When blank, uses the default API key provided by Gfycat. Alternatively, a unique API key can be requested at https://developers.gfycat.com/signup/#/. Enter the client ID you receive via email to this field. + ++-----------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GfycatApiKey": "2_KtH_W5"`` with string input. | ++-----------------------------------------------------------------------------------------------+ + +Gfycat API Secret +^^^^^^^^^^^^^^^^^^ + +The API secret generated by Gfycat for your API key. When blank, uses the default API secret provided by Gfycat. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof"`` with string input. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ + +CORS +~~~~~ + +Enable cross-origin requests from +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable HTTP cross-origin requests from specific domains separated by spaces. Type ``*`` to allow CORS from any domain or leave it blank to disable it. + +.. note:: + Please make sure you have entered your Site URL before enabling this setting to prevent losing access to the System Console after saving. If you experience lost access to the System Console after changing this setting, you can set your `Site URL `__ through the ``config.json`` file. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowCorsFrom": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +CORS Exposed Headers +^^^^^^^^^^^^^^^^^^^^^ + +Whitelist of headers that will be accessible to the requester. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CorsExposedHeaders": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +CORS Allow Credentials +^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Requests that pass validation will include the ``Access-Control-Allow-Credentials`` header. + +**False**: Requests won't include the ``Access-Control-Allow-Credentials`` header. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CorsAllowCredentials": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +CORS Debug +^^^^^^^^^^^^ + +**True**: Prints messages to the logs to help when developing an integration that uses CORS. These messages will include the structured key value pair ``"source": "cors"``. + +**False**: Debug messages not printed to the logs. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CorsDebug": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Compliance +------------ + +Data Retention Policy +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Changes to properties in this section require a server restart before taking effect. + +.. warning:: Once a message or a file is deleted, the action is irreversible. Please be careful when setting up a custom data retention policy. + +Message Retention +^^^^^^^^^^^^^^^^^^ + +Set how long Mattermost keeps messages in channels and direct messages. + +If **Keep messages for a set amount of time** is chosen, set how many days messages are kept in Mattermost. Messages, including file attachments older than the duration you set, will be deleted nightly. The minimum time is one day. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMessageDeletion": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +and + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MessageRetentionDays": 365`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File Retention +^^^^^^^^^^^^^^^^^^ + +Set how long Mattermost keeps file uploads in channels and direct messages. + +If **Keep files for a set amount of time** is chosen, set how many days file uploads are kept in Mattermost. Files older than the duration you set will be deleted nightly. The minimum time is one day. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFileDeletion": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +and + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileRetentionDays": 365`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Data Deletion Time +^^^^^^^^^^^^^^^^^^^ + +Set the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. Must be a 24-hour time stamp in the form ``HH:MM``. + +This setting is based on the local time of the server. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DeletionJobStartTime": "02:00"`` with 24-hour timestamp input in the form ``"HH:MM"``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Run Deletion Job Now +^^^^^^^^^^^^^^^^^^^^^ + +This button initiates a Data Retention deletion job immediately. + +You can monitor the status of the job in the data deletion job table below this button. + +Compliance Export (Beta) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available as an add-on to Enterprise Edition E20* + +Enable Compliance Export +^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: When ``true``, Mattermost will generate a compliance export file that contains all messages that were posted in the last 24 hours. The export task is scheduled to run once per day. See the `documentation to learn more `__. + +**False**: When ``false``, Mattermost doesn't generate a compliance export file. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableExport": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Compliance Export Time +^^^^^^^^^^^^^^^^^^^^^^^^ + +Set the start time of the daily scheduled compliance export job. Choose a time when fewer people are using your system. Must be a 24-hour time stamp in the form ``HH:MM``. + +This setting is based on the local time of the server. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DailyRunTime": 01:00`` with 24-hour timestamp input in the form ``"HH:MM"``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Export File Format +^^^^^^^^^^^^^^^^^^ + +File format of the compliance export. Corresponds to the system that you want to import the data into. + +Currently supported formats are CSV, Actiance XML, and Global Relay EML. + +If Global Relay is chosen, the following options will be presented: + +Global Relay Customer Account +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Type of Global Relay customer account your organization has, either ``A9/Type 9`` or ``A10/Type 10``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CustomerType": "A9/Type 9"`` with options ``"A9/Type 9"`` and ``"A10/Type 10"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Global Relay SMTP Username +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The username for authenticating to the Global Relay SMTP server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SmtpUsername": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Global Relay SMTP Password +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The password associated with the Global Relay SMTP username. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SmtpPassword": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Global Relay Email Address +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The email address your Global Relay server monitors for incoming compliance exports. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailAddress": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Global Relay SMTP Server Timeout +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The number of seconds that can elapse before the connection attempt to the SMTP server is abandoned. The default value is 1800 seconds. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPServerTimeout": "1800"`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Run Compliance Export Job Now +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This button initiates a compliance export job immediately. You can monitor the status of the job in the compliance export job table below this button. + +Compliance Monitoring +~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Settings used to enable and configure Mattermost compliance reports. + +Enable Compliance Reporting +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Compliance reporting is enabled in Mattermost. + +**False**: Compliance reporting is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Compliance Report Directory +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Sets the directory where compliance reports are written. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./data/"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Daily Report +^^^^^^^^^^^^^^^^^^^ + +**True**: Mattermost generates a daily compliance report. + +**False**: Daily reports are not generated. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableDaily": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Batch Size +^^^^^^^^^^ + +Set the size of the batches in which posts will be read from the database to generate the compliance report. + +This setting is currently not available in the System Console and can only be set in ``config.json``. + ++------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BatchSize": 30000`` with default value ``30000``. | ++------------------------------------------------------------------------------------------------+ + +Custom Terms of Service (Beta) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Custom Terms of Service +~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Enable Custom Terms of Service +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + + This page can only be modified using the System Console user interface. + +**True**: When ``true``, new users must accept the Terms of Service before accessing any Mattermost teams on desktop, web, or mobile. Existing users must accept them after login or a page refresh. To update the Terms of Service link displayed in account creation and login pages, go to **System Console > Legal and Support > Terms of Service Link**. + +**False**: During account creation or login, users can review Terms of Service by accessing the link configured via **System Console > Legal and Support > Terms of Service link**. + +Custom Terms of Service Text +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Text that will appear in your custom Terms of Service. Supports Markdown-formatted text. + +Re-Acceptance Period +^^^^^^^^^^^^^^^^^^^^^ + +The number of days before Terms of Service acceptance expires, and the terms must be re-accepted. + +Defaults to 365 days. 0 indicates the terms do not expire. + +Experimental +------------- + +There are a number of settings considered "experimental" that are configurable from the System Console. These may be replaced or removed in a future release. + +Collapsed Reply Threads (Beta) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Collapsed Reply Threads offers an enhanced experience for users communicating in threads and replying to messages. Collapsed Reply Threads are available in Mattermost Cloud and from Self-Managed Mattermost v5.37 as an early access beta, and are disabled by default. See our `Organizing Conversations using Collapsed Reply Threads (Beta) `__ documentation to learn more about this feature. + +System Admins can set the default appearance of collapsed reply threads for their end users by going to **System Console > Experimental > Features**, then setting **Collapsed Reply Threads** to one of the following options: + +**Enabled (Default Off)**: Enable Collapsed Reply Threads functionality on the server. Users can choose to `enable Collapsed Reply Threads `__ for their Mattermost account in **Account Settings**. + +**Disabled**: Disable Collapsed Reply Threads functionality. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ServiceSettings.CollapsedThreads": disabled`` with options ``disabled`` and ``default_off``. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Settings +~~~~~~~~~~~~~~~~ + +AD/LDAP Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the AD/LDAP login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the AD/LDAP login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +AD/LDAP Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the AD/LDAP login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +Allow Authentication Transfer (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +**True**: Users can change their sign-in method to any that is enabled on the server, either via Account Settings or the APIs. + +**False**: Users cannot change their sign-in method, regardless of which authentication options are enabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalEnableAuthenticationTransfer": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Autoclose Direct Messages in Sidebar (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Not available in Mattermost Cloud.* + +This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. + +.. note:: + + This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. + +We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. + +**True**: By default, direct message conversations with no activity for 7 days will be hidden from the sidebar. Users can disable this in **Account Settings > Sidebar**. + +**False**: Conversations remain in the sidebar until they are manually closed. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"CloseUnusedDirectMessages": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Link Metadata Timeout +^^^^^^^^^^^^^^^^^^^^^^ + +Adds a configurable timeout for requests made to return link metadata. If the metadata is not returned before this timeout expires, the message will post without requiring metadata. This timeout covers the failure cases of broken URLs and bad content types on slow network connections. + ++---------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LinkMetadataTimeoutMilliseconds": 5000`` with numerical input. | ++---------------------------------------------------------------------------------------------------------------------------------+ + +Email Settings +~~~~~~~~~~~~~~ + +Email Batching Buffer Size +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the maximum number of notifications batched into a single email. + ++--------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``EmailBatchingBufferSize": 256`` with numerical input. | ++--------------------------------------------------------------------------------------------------------------------------+ + +Email Batching Interval +^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the maximum frequency, in seconds, which the batching job checks for new notifications. Longer batching intervals will increase performance. + ++-----------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``EmailBatchingInterval": 30`` with numerical input. | ++-----------------------------------------------------------------------------------------------------------------------+ + +Email Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the email login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +Email Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the email login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +Email Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the email login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +Enable Account Deactivation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Ability for users to deactivate their own account from **Account Settings > Advanced**. If a user deactivates their own account, they will get an email notification confirming they were deactivated. + +**False**: Ability for users to deactivate their own account is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserDeactivation": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Automatic Replies (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users can enable Automatic Replies in **Account Settings > Notifications**. Users set a custom message that will be automatically sent in response to Direct Messages. + +**False**: Disables the Automatic Direct Message Replies feature and hides it from Account Settings. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalEnableAutomaticReplies": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Channel Viewed WebSocket Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting determines whether ``channel_viewed WebSocket`` events are sent, which synchronize unread notifications across clients and devices. Disabling the setting in larger deployments may improve server performance. + ++------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableChannelViewedMessages": true`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------+ + +Enable Client-Side Certification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +**True**: Enables client-side certification for your Mattermost server. See `the documentation `__ to learn more. + +**False**: Client-side certification is disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClientSideCertEnable": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Client-Side Certification Login Method +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +Used in combination with the ``ClientSideCertEnable`` setting. + +**Primary**: After the client side certificate is verified, user's email is retrieved from the certificate and is used to log in without a password. + +**Secondary**: After the client side certificate is verified, user's email is retrieved from the certificate and matched against the one supplied by the user. If they match, the user logs in with regular email/password credentials. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClientSideCertCheck": "secondary"`` with options ``"primary"`` and ``"secondary"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Default Channel Leave/Join System Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting determines whether team leave/join system messages are posted in the default ``town-square`` channel. + +**True**: Enables leave/join system messages in the default ``town-square`` channel. + +**False**: Disables leave/join messages from the default ``town-square`` channel. These system messages won't be added to the database either. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalEnableDefaultChannelLeaveJoinMessages": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Hardened Mode (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables a hardened mode for Mattermost that makes user experience trade-offs in the interest of security. + +**False**: Disables hardened mode. + +Changes made when hardened mode is enabled: + + - Failed login returns a generic error message instead of a specific message for username and password. + - If `multi-factor authentication (MFA) `__ is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. + - Password reset does not inform the user that they can not reset their SSO account through Mattermost and instead claims to have sent the password reset email. + - Mattermost sanitizes all 500 errors before returned to the client. Use the supplied ``request_id`` to match user facing errors with the server logs. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalEnableHardenedMode": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable AD/LDAP Group Sync +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +**True**: Enables AD/LDAP Group Sync configurable under **Access Controls > Groups**. + +**False**: Disables AD/LDAP Group Sync and removes the **Access Controls > Groups** from the System Console. + +For more information on AD/LDAP Group Sync, please see the `AD/LDAP Group Sync documentation `_. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalLdapGroupSync": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Preview Features (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Preview features can be enabled from **Account Settings > Advanced > Preview pre-release features**. + +**False**: Disables and hides preview features from **Account Settings > Advanced > Preview pre-release features**. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePreviewFeatures": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Theme Selection +^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +**True**: Enables the **Display > Theme** tab in Account Settings so users can select their theme. + +**False**: Users cannot select a different theme. The **Display > Theme** tab is hidden in Account Settings. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableThemeSelection": true`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------+ + +Allow Custom Themes +^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +**True**: Enables the **Display > Theme > Custom Theme** section in Account Settings. + +**False**: Users cannot use a custom theme. The **Display > Theme > Custom Theme** section is hidden in Account Settings. + ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowCustomThemes": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------+ + +Default Theme +^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +Set a default theme that applies to all new users on the system. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultTheme": "default"`` with options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Tutorial (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Users are prompted with a tutorial when they open Mattermost for the first time after account creation. + +**False**: The tutorial is disabled. Users are placed in Town Square when they open Mattermost for the first time after account creation. + ++--------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableTutorial": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable User Typing Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting determines whether "user is typing..." messages are displayed below the message box. Disabling the setting in larger deployments may improve server performance. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserTypingMessages": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Time Between User Typing Updates (User Typing Timeout) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defines how frequently "user is typing..." messages are updated, measured in milliseconds. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TimeBetweenUserTypingUpdatesMilliseconds": 5000`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable X to Leave Channels from Left-Hand Sidebar (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Not available in Mattermost Cloud.* + +This setting applies to the legacy sidebar only. You must first enable the `Enable Legacy Sidebar `__ configuration setting if you want to see and enable this functionality in the System Console. + +.. note:: + + This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. + +We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. + +**True**: Users can leave Public and Private Channels by clicking the "x" beside the channel name. + +**False**: Users must use the **Leave Channel** option from the channel menu to leave channels. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableXToLeaveChannelsFromLHS": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Primary Team (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The primary team of which users on the server are members. When a primary team is set, the options to join other teams or leave the primary team are disabled. + +If the team URL of the primary team is https://example.mattermost.com/myteam/, then set the value to ``myteam`` in ``config.json``. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalPrimaryTeam": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Enable Shared Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +Shared Channels enables the ability to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any Public and Private channel. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's two ``config.json`` settings include ``"ExperimentalSettings:EnableSharedChannels": false`` with options ``true`` or ``false``, and ``"ExperimentalSettings:EnableRemoteClusterService": false`` with options ``true`` or ``false``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + + - Both configuration settings must be enabled in order to share channels with secure connections. + - Enabling Shared Channels functionality requires a server restart. + - System Admins for Cloud deployments can submit a request to have this configuration setting enabled in their Cloud instance. + +SAML Settings +~~~~~~~~~~~~~ + +SAML Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the SAML login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +SAML Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +SAML Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the color of the SAML login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. + ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ + +Experimental Sidebar Features +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + This experimental configuration setting has been deprecated, and the ability to organize channels in the sidebar has been promoted to general availability from Mattermost v5.32. See the `Organizing Your Sidebar `__ product documentation for details on customizing the sidebar. + +**Disabled**: Users cannot access the experimental channel sidebar feature set. + +**Enabled (Default On)**: Enables the experimental sidebar features for all users on this server. Users can disable the features in **Account Settings > Sidebar > Experimental Sidebar Features**. Features include custom collapsible channel categories, drag and drop to reorganize channels, and unread filtering. + +**Enabled (Default Off)**: Users must enable the experimental sidebar features in **Account Settings**. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalChannelSidebarOrganization": off`` with options ``off``, ``default_on`` and ``default_off``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Legacy Sidebar +^^^^^^^^^^^^^^^^^^^^^ + +*Not available in Mattermost Cloud.* + +This setting re-enables the legacy sidebar functionality for all users on this server. We strongly recommend System Admins disable this setting so users can access `enhanced sidebar features `__, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. + +**False**: Users can access all new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. + +**True**: When enabled, the legacy sidebar is enabled for all users on this server and users cannot access any new channel sidebar features. The legacy channel sidebar is scheduled to be deprecated, and is only recommended if your deployment is experiencing bugs or other issues with the new channel sidebar. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableLegacySidebar": false`` with options ``true`` or ``false``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Sidebar Organization +^^^^^^^^^^^^^^^^^^^^ + +*Not available in Mattermost Cloud.* + +This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. + +.. note:: + + This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. + +We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. + +**True**: Enables channel sidebar organization options in **Account Settings > Sidebar > Channel grouping and sorting**. Includes options for grouping unread channels, sorting channels by most recent post, and combining all channel types into a single list. + +**False**: Hides the channel sidebar organization options in **Account Settings > Sidebar > Channel grouping and sorting**. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalChannelOrganization": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Timezone +^^^^^^^^^^ + +Select the timezone used for timestamps in the user interface and email notifications. + +**True**: The **Timezone** setting is visible in the Account Settings and a timezone is automatically assigned in the next active session. + +**False**: The **Timezone** setting is hidden in the Account Settings. + ++------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalTimezone": true`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------+ + +Town Square is Hidden in Left-Hand Sidebar (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +This setting applies to the legacy sidebar only. You must enable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. + +.. note:: + + This experimental setting is not recommended for production environments. The new channel sidebar matches and exceeds the feature set offered by this configuration setting. + +We strongly recommend that you leave the **Enable Legacy Sidebar** configuration setting disabled so users can access new channel sidebar features, including custom, collapsible channel categories, drag and drop, unread filtering, channel sorting options, and more. See `the documentation `_ for more information about these features. + +**True**: Hides Town Square in the left-hand sidebar if there are no unread messages in the channel. + +**False**: Town Square is always visible in the left-hand sidebar even if all messages have been read. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalHideTownSquareinLHS": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Town Square is Read-Only (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +**True**: Only System Admins can post in Town Square. Other members are not able to post, reply, upload files, emoji react, or pin messages to Town Square, nor are they able to change the channel name, header, or purpose. + +**False**: Anyone can post in Town Square. + +.. note:: + + This feature will be deprecated in a future release in favor of `channel moderation settings `_ which allow you to set any channel as read-only, including Town Square + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalTownSquareIsReadOnly": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Use Channel Name in Email Notifications (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Channel and team name appears in email notification subject lines. Useful for servers using only one team. + +**False**: Only team name appears in email notification subject line. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseChannelInEmailNotifications": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +User Status Away Timeout +^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defines the number of seconds after which the user's status indicator changes to "Away", when they are away from Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserStatusAwayTimeout": 300`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Settings configurable only in ``config.json`` +---------------------------------------------- + +There are a number of settings customizable in ``config.json`` unavailable in the System Console and require updating from the file itself. + +Service Settings +~~~~~~~~~~~~~~~~ + +Automatically Follow Threads +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting has been added as a requirement to support `Collapsed Reply Threads `_, and may affect server performance. It is recommended to review our `documentation on hardware requirements `_ to ensure your servers are appropriately scaled for the size of your user base. + +**True**: Threads a user starts, participates in, or is mentioned in are automatically followed. A new ``Threads`` table is added in the database that tracks threads and thread participants, and a ``ThreadMembership`` table tracks followed threads for each user and the read or unread state of each followed thread. + +**False**: Threads are not automatically followed and Collapsed Reply Threads cannot be enabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ThreadAutoFollow": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Data Prefetch +^^^^^^^^^^^^^^ + +*Removed in February 16, 2021 release* + +**True**: Messages in all unread channels are pre-loaded from the server whenever the client reconnects to the network to eliminate loading time when users switch to unread channels. + +**False**: Messages are fetched on-demand from the server when users switch channels. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalDataPrefetch": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable File Search +^^^^^^^^^^^^^^^^^^ + +This configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our `Enable Document Search by Content `__ documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. + +**True**: Supported document types are searchable by their filename. + +**False**: File-based searches are disabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ServiceSettings.EnableFileSearch": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +WebSocket URL +^^^^^^^^^^^^^^ + +This setting allows the server to instruct clients where they should try to connect WebSockets to. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"WebsocketURL": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +License File Location +^^^^^^^^^^^^^^^^^^^^^ + +Path and filename of the license file on disk. On startup, if Mattermost cannot find a valid license in the database from a previous upload, it looks here. It can be an absolute path or a path relative to the ``mattermost`` directory. + ++---------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LicenseFileLocation": ""`` with string input. | ++---------------------------------------------------------------------------------------------+ + +TLS Minimum Version +^^^^^^^^^^^^^^^^^^^^ + +The minimum TLS version used by the Mattermost server. TLS v1.2 is default given insecurities for TLS 1.0 and 1.1. + +This setting only takes effect if you are using the built-in server binary directly, and not using a reverse proxy layer such as NGINX. + ++-------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSMinVer": "1.2"`` with string input. | ++-------------------------------------------------------------------------------------+ + +Trusted Proxy IP Header +^^^^^^^^^^^^^^^^^^^^^^^^ + +Specified headers that will be checked one by one for IP addresses (order is important). All other headers are ignored. + +Starting with v5.12, new configs will have this set by default to ``[]``, meaning that no header will be trusted. Configs created prior to v5.12 without this config entry will have it set to ``["X-Forwarded-For", "X-Real-Ip"]`` on upgrade in order to maintain backwards compatibility. + +We recommend keeping the default setting when Mattermost is running without a proxy, to avoid the client sending the headers and bypassing rate limiting and/or the audit log. For environments that use a reverse proxy this problem does not exist, provided that the headers are set by the reverse proxy. In those environments, only explicitly whitelist the header that is set by the reverse proxy and no additional values. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TrustedProxyIPHeader": []`` with string array input consisting of header names, such as ``["X-Forwarded-For", "X-Real-Ip"]``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Strict Transport Security (HSTS) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Adds the Strict Transport Security (HSTS) header to all responses, forcing the browser to request all resources via HTTPS. Learn more `here `__. + +**False**: No restrictions on TLS transport. Strict Transport Security (HSTS) header is not added to responses. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSStrictTransport": false`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Secure TLS Transport Expiry +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The time in seconds that the browser remembers a site is only to be accessed using HTTPS. After this period, a site can be accessed using HTTP unless ``TLSStrictTransport`` is set to ``true``. Defaults to two years. Learn more `here `__. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSStrictTransportMaxAge": 63072000`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------+ + +TLS Cipher Overwrites +^^^^^^^^^^^^^^^^^^^^^^ + +Set TLS ciphers overwrites to meet requirements from legacy clients which don't support modern ciphers, or to limit the types of accepted ciphers. + +If none specified, the Mattermost server assumes a set of currently considered secure ciphers, and allows overwrites in the edge case. See the ``ServerTLSSupportedCiphers`` variable in `/model/config.go `__ for the list of ciphers considered secure. + +This setting only takes effect if you are using the built-in server binary directly, and not using a reverse proxy layer such as NGINX. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TLSStrictTransportMaxAge": 63072000`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------+ + +Go Routine Health Threshold +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Set a threshold on the number of goroutines when the Mattermost system is considered to be in a healthy state. When goroutines exceed this limit, a warning is returned in the server logs. + +To turn off checking for the threshold, set this value to ``-1``. + ++----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GoroutineHealthThreshold": -1`` with numerical input. | ++----------------------------------------------------------------------------------------------------------+ + +Allow Cookies for Subdomains +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allows cookies for subdomains by setting the domain parameter on Mattermost cookies. + +**False**: Cookies not allowed for subdomains. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowCookiesForSubdomains": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Cluster Log Timeout +^^^^^^^^^^^^^^^^^^^^ + +This setting defines the frequency of cluster request time logging for :doc:`../scale/performance-monitoring`, measured in milliseconds. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClusterLogTimeoutMilliseconds": 2000`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Read Only Config +^^^^^^^^^^^^^^^^ + +**True**: Changes made to settings in the System Console are ignored. + +**False**: Changes made to settings in the System Console are written to ``config.json``. + ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReadOnlyConfig": true`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------+ + +Enable Searching of Posts +^^^^^^^^^^^^^^^^^^^^^^^^^ + +If this setting is enabled, users can search messages. Disabling search can result in a performance increase, but users get an error message when they attempt to use the search box. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePostSearch": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------+ + +Enable User Status Updates +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Turn status updates off to improve performance. When status updates are off, users appear online only for brief periods when posting a message, and only to members of the channel in which the message is posted. + ++---------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserStatuses": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------+ + +Segment Write Key +^^^^^^^^^^^^^^^^^^^ + +*Removed in March 16, 2017 release* + +For deployments seeking additional tracking of system behavior using Segment.com, you can enter a Segment ``WRITE_KEY`` using this field. This value works like a tracking code and is used in client-side JavaScript and will send events to Segment.com attributed to the account you used to generate the ``WRITE_KEY``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SegmentDeveloperKey": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +WebSocket Secure Port +^^^^^^^^^^^^^^^^^^^^^^ + +(Optional) This setting defines the port on which the secured WebSocket will listen using the ``wss`` protocol. Defaults to ``443``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"WebsocketSecurePort": 443`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +WebSocket Port +^^^^^^^^^^^^^^^^ + +(Optional) This setting defines the port on which the unsecured WebSocket will listen using the ``ws`` protocol. Defaults to ``80``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``WebsocketPort": 80`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable API Team Deletion +^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: The ``api/v4/teams/{teamid}?permanent=true`` API endpoint can be called by Team and System Admins to permanently delete a team. + +**False**: The API endpoint cannot be called. Note that ``api/v4/teams/{teamid}`` can still be used to soft delete a team. + +mmctl local mode ignores this setting and behaves as though ``EnableAPITeamDeletion`` is set to ``true``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAPITeamDeletion": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable API User Deletion +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: The ``api/v4/users/{userid}?permanent=true`` API endpoint can be called by System Admins, or users with appropriate permissions, to permanently delete a user. + +**False**: The API endpoint cannot be called. Note that ``api/v4/users/{userid}`` can still be used to soft delete a user. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAPIUserDeletion": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +mmctl local mode ignores this setting and behaves as though ``EnableAPIUserDeletion`` is set to ``true``. + +Enable API Channel Deletion +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: The ``api/v4/channels/{channelid}?permanent=true`` API endpoint can be called by System Admins, or users with appropriate permissions, to permanently delete a channel. + +**False**: The API endpoint cannot be called. Note that ``api/v4/channels/{channelid}`` can still be used to soft delete a channel. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAPIChannelDeletion": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +mmctl local mode ignores this setting and behaves as though ``EnableAPIChannelDeletion`` is set to ``true``. + +Enable OpenTracing +^^^^^^^^^^^^^^^^^^^ + +**True**: A Jaeger client is instantiated and is used to trace each HTTP request as it goes through App and Store layers. Context is added to App and Store and is passed down the layer chain to create OpenTracing 'spans'. + +By default, in order to avoid leaking sensitive information, no method parameters are reported to OpenTracing. Only the name of the method is reported. + +**False**: OpenTracing is not enabled. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOpenTracing": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Import Settings Default Directory +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The directory where the imported files are stored. The path is relative to the ``FileSettings`` directory. By default, imports are stored under ``./data/import``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``Directory: ./import`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Import Settings Default Retention Days +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The number of days to retain the imported files before deleting them. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``RetentionDays: 30`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Export Settings Default Directory +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The directory where the exported files are stored. The path is relative to the ``FileSettings`` directory. By default, exports are stored under ``./data/export``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``Directory: ./export`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Export Settings Default Retention Days +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The number of days to retain the exported files before deleting them. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``RetentionDays: 30`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +SQL Settings +~~~~~~~~~~~~ + +Read Replicas +^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +Specifies the connection strings for the read replica databases. Each string must be in the same form as used for the `Data Source`_ setting. + +Changes to this setting require a server restart before taking effect. + ++---------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DataSourceReplicas": []`` with string array input consisting of database connection strings. | ++---------------------------------------------------------------------------------------------------------------------------------------------+ + +Search Replicas +^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +Specifies the connection strings for the search replica databases. A search replica is similar to a read replica, but is used only for handling search queries. Each string must be in the same form as used for the `Data Source`_ setting. + +Changes to this setting require a server restart before taking effect. + ++---------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DataSourceSearchReplicas": []`` with string array input consisting of database connection strings. | ++---------------------------------------------------------------------------------------------------------------------------------------------------+ + +Replica Lag Settings +^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +Specifies a connection string and user-defined SQL queries on the database to measure replica lag for a single replica instance. These settings monitor absolute lag based on binlog distance/transaction queue length, and the time taken for the replica to catch up. + ++-------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ReplicaLagSettings": []`` with string array input. | ++-------------------------------------------------------------------------------------------------------+ + +String array input consists of: + +- ``DataSource``: The DB credentials to connect to the replica instance. +- ``QueryAbsoluteLag``: A plain SQL query that must return a single row. The first column must be the node value of the Prometheus metric, and the second column must be the value of the lag used to measure absolute lag. +- ``QueryTimeLag``: A plain SQL query that must return a single row. The first column must be the node value of the Prometheus metric, and the second column must be the value of the lag used to measure the time lag. + +Examples: + +For AWS Aurora instances, ``QueryAbsoluteLag`` can be: + +.. code-block:: sh + + select server_id, highest_lsn_rcvd-durable_lsn as bindiff from aurora_global_db_instance_status() where server_id=<> + +And for AWS Aurora instances, ``QueryTimeLag`` can be: + +.. code-block:: sh + + select server_id, visibility_lag_in_msec from aurora_global_db_instance_status() where server_id=<> + +For MySQL Group Replication, the absolute lag can be measured from the number of pending transactions in the applier queue: + +.. code-block:: sh + + select member_id, count_transactions_remote_in_applier_queue FROM performance_schema.replication_group_member_stats where member_id=<> + +File Settings +~~~~~~~~~~~~~~ + +Initial Font +^^^^^^^^^^^^^^ + +Font used in auto-generated profile pics with colored backgrounds. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"InitialFont": "luximbi.ttf"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Amazon S3 Bucket Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Set an endpoint URL for Amazon S3 buckets. + +*Removed in November 16th, 2016 release* + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3BucketEndpoint": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Amazon S3 Location Constraint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: S3 region is location constrained. + +**False**: S3 region is not location constrained. + +*Removed in November 16th, 2016 release* + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3LocationConstraint": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Amazon S3 Lowercase Bucket +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: S3 bucket names are fully lowercase. + +**False**: S3 bucket names may contain uppercase and lowercase letters. + +*Removed in November 16th, 2016 release* + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3LowercaseBucket": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Amazon S3 Signature V2 +^^^^^^^^^^^^^^^^^^^^^^ + +By default, Mattermost uses Signature V4 to sign API calls to AWS, but under some circumstances, V2 is required. For more information about when to use V2, see https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html. + +**True**: Use Signature Version 2 Signing Process. + +**False**: Use Signature Version 4 Signing Process. + ++------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3SignV2": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------+ + +Amazon S3 Path +^^^^^^^^^^^^^^^ + +Allows using the same S3 bucket for multiple deployments. + ++------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"AmazonS3PathPrefix: ""`` with string input. | ++------------------------------------------------------------------------------------------------------------+ + + +GitLab Settings +~~~~~~~~~~~~~~~ + +Scope +^^^^^^ + +Standard setting for OAuth to determine the scope of information shared with OAuth client. Not currently supported by GitLab OAuth. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Scope": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Google Settings +~~~~~~~~~~~~~~~ + +Scope +^^^^^^ + +Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``profile email``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Scope": "profile email"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Office 365 Settings +~~~~~~~~~~~~~~~~~~~~ + +Scope +^^^^^^ + +Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``User.Read``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Scope": "User.Read"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Cluster Settings +~~~~~~~~~~~~~~~~ + +Maximum Idle Connections +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The maximum number of idle connections held open from one server to all others in the cluster. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxIdleConns": 100`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Maximum Idle Connections per Host +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The maximum number of idle connections held open from one server to another server in the cluster. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxIdleConnsPerHost": 128`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Idle Connection Timeout (in Milliseconds) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The number of milliseconds to leave an idle connection open between servers in the cluster. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdleConnTimeoutMilliseconds": 90000`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Network Interface +^^^^^^^^^^^^^^^^^ + +An IP address used to identify the device that does automatic IP detection in High Availability clusters. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NetworkInterface": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Bind Address +^^^^^^^^^^^^^ + +An IP address used to bind cluster traffic to a specific network device. This setting is used primarily for servers with multiple network devices or different Bind Address and Advertise Address like in deployments that involve NAT (Network Address Translation). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BindAddress": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Advertise Address +^^^^^^^^^^^^^^^^^^ + +The IP address used to access the server from other nodes. This settings is used primary when cluster nodes are not in the same network and involve NAT (Network Address Translation). + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AdvertiseAddress": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Metrics Settings +~~~~~~~~~~~~~~~~~ + +Block Profile Rate +^^^^^^^^^^^^^^^^^^ + +Value that controls the `fraction of goroutine blocking events reported in the blocking profile `__. + +The profiler aims to sample an average of one blocking event per rate nanoseconds spent blocked. + +To include every blocking event in the profile, set the rate to ``1``. To turn off profiling entirely, set the rate to ``0``. + +Changes to this setting require a server restart before taking effect. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BlockProfileRate": 0`` with options ``0`` and ``1``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Experimental Settings only in ``config.json`` +--------------------------------------------- + +Audit settings +~~~~~~~~~~~~~~ + +The audit settings output audit records to syslog (local or remote server via TLS) and/or to a local file. Both are disabled by default. They can be enabled simultaneously. + +Enable Reliable Websockets +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable this setting to make websocket messages more reliable by buffering messages during a connection loss and then re-transmitting all unsent messages when the connection is revived. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Remote Clusters +~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Enable this setting to add, remove, and view remote clusters for shared channels. + +**True**: When ``true`` System Admins can manage remote clusters using the System Console. + +**False**: Remote cluster management is disabled. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteClusters": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog configuration options +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable this setting to write audit records to a local or remote syslog, specifying the IP, port, user-generated fields, and certificate settings. + +**True**: When ``true`` syslog output is enabled. + +**False**: Syslog output is disabled. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogEnabled": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog IP +^^^^^^^^^ + +The IP address or domain of the syslog server. Use ``localhost`` for local syslog. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogIP": "localhost"`` with string input consisting of an IP address or domain name. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog port +^^^^^^^^^^^^^^ + +The port that the syslog server is listening on. The default port is 6514. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogPort": 6514`` with numeric input consisting of a port number. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog tag +^^^^^^^^^^ + +The syslog metadata tag field. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogTag": ""`` with string input consisting of a user-defined tag field. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog cert +^^^^^^^^^^^^^^ + +This is the path to the syslog server certificate for TLS connections (``.crt`` or ``.pem``). + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogCert": ""`` with string input consisting of the path to the certificate. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog insecure +^^^^^^^^^^^^^^^ + +This setting controls whether a client verifies the server's certificate chain and host name. If ``true``, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. + +**Note:** This should be used only for testing and not in a production environment. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogInsecure": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Syslog max queue size +^^^^^^^^^^^^^^^^^^^^^ + +This setting determines how many audit records can be queued/buffered at any point in time when writing to syslog. The default is 1000 records. + +This setting can be left as default unless you are seeing audit write failures in the server log and need to adjust the number accordingly. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SysLogMaxQueueSize": 1000`` with numerical input. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File configuration options +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable this setting to write audit files locally, specifying size, backup interval, compression, and maximum age to manage file rotation. + +**True**: When ``true`` file output is enabled. + +**False**: File output is disabled. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileEnabled": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File name +^^^^^^^^^^ + +This is the path to the output file location. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileName": ""`` with string input consisting of a user-defined path (e.g. ``/var/log/mattermost_audit.log``). | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File max size MB +^^^^^^^^^^^^^^^^ + +This is the maximum size (measured in megabytes) that the file can grow before triggering rotation. The default setting is 100. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileMaxSizeMB": 100`` with numerical input. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File max age days +^^^^^^^^^^^^^^^^^ + +This is the maximum age in days a file can reach before triggering rotation. The default value is 0, indicating no limit on the age. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileMaxAgeDays": 0`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File max backups +^^^^^^^^^^^^^^^^ + +This is the maximum number of rotated files kept; the oldest is deleted first. The default value is 0, indicating no limit on the number of backups. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileMaxBackups": 0`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File compress +^^^^^^^^^^^^^ + +When ``true`` rotated files are compressed using ``gzip``. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileCompress": false`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File max queue size +^^^^^^^^^^^^^^^^^^^ + +This setting determines how many audit records can be queued/buffered at any point in time when writing to a file. The default is 1000 records. + +This setting can be left as default unless you are seeing audit write failures in the server log and need to adjust the number accordingly. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileMaxQueueSize": 1000`` with numerical input. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Advanced Audit Logging Configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Output logs to multiple targets +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Send log records to multiple targets: + +- Multiple local file targets +- Multiple syslogs +- Multiple TCP sockets + +Allow any combination of local file, syslog, and TCP socket targets. + +File target supports rotation and compression triggered by size and/or duration. Syslog target supports local and remote syslog servers, with or without TLS transport. TCP socket target can be configured with an IP address or domain name, port, and optional TLS certificate. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``ExperimentalAuditSettings.AdvancedLoggingConfig`` which can contain a filespec to another config file, a database DSN, or JSON. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Options are outlined in this text file: `Log Settings Options `_. Sample config: `Advanced Logging Options Sample.json.zip `_. + +Service Settings +~~~~~~~~~~~~~~~~ + +Group Unread Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting applies to the new sidebar only. You must disable the `Enable Legacy Sidebar `__ configuration setting to see and enable this functionality in the System Console. + +**Default Off**: Disables the unread channels sidebar section for all users by default. Users can enable it in **Account Settings > Sidebar > Group unread channels separately**. + +**Default On**: Enables the unread channels sidebar section for all users by default. Users can disable it in **Account Settings > Sidebar > Group unread channels separately**. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalGroupUnreadChannels": "default_off"`` with options ``"default_off"`` and ``"default_on"``. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Strict CSRF Token Enforcement (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables CSRF protection tokens for additional hardening compared to the currently used custom header. When the user logs in, an additional cookie is created with the CSRF token contained. + +**False**: Disables CSRF protection tokens. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalStrictCSRFEnforcement": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Limit Access to Config Settings Prior to Login +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in December 16, 2018 release* + +Enable this setting to limit the number of config settings sent to users prior to login. + +Supported for Mattermost server v5.1.0 and later, and Mattermost Mobile apps v1.10.0 and later. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalLimitClientConfig": "false"`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Disable Legacy MFA API Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Disables the legacy ``checkMfa`` endpoint, which is only required for Mattermost Mobile Apps on version 1.16 or earlier when using multi-factor authentication (MFA). Recommended to set to ``true`` for additional security hardening. + +**False**: Keeps the legacy ``checkMfa`` endpoint enabled to support mobile versions 1.16 and earlier. Keeping the endpoint enabled creates an information disclosure about whether a user has set up MFA. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DisableLegacyMFA": true,`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Restrict System Admin (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Restricts the System Admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the System Admin role to users but restricting certain actions only for Cloud Admins. + +**False**: No restrictions are applied to the System Admin role. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictSystemAdmin": "false"`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Team Settings +~~~~~~~~~~~~~~ + +Teammate Name Display +^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +Control Teammate Name Display at the system level. + +**True**: Allows System Admins to control Teammate Name Display at the system level. + +**False**: System Admins cannot control Teammate Name Display at the system level. + ++------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LockTeammateNameDisplay": []`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------+ + +Default Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Default channels every user is added to automatically after joining a new team. Only applies to Public channels, but affects all teams on the server. + +When not set, every user is added to the ``off-topic`` and ``town-square`` channels by default. + +Note that even if ``town-square`` is not listed, every user is added to that channel after joining a new team. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalDefaultChannels": []`` with string array input consisting of channel names, such as ``["announcement", "developers"]``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email Settings +~~~~~~~~~~~~~~ + +Client Requirement Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Latest Android Version +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The latest version of the Android React Native app that is recommended for use. + ++----------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum Android Version +^^^^^^^^^^^^^^^^^^^^^^^^ + +The minimum version of the Android React Native app that is required to be used. + ++-------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------+ + +Latest Desktop Version +^^^^^^^^^^^^^^^^^^^^^^^ + +The latest version of the desktop app that is recommended for use. + ++----------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DesktopLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum Destop Version +^^^^^^^^^^^^^^^^^^^^^^^ + +The minimum version of the desktop app that is required to be used. + ++-------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DesktopMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------+ + +Latest iOS Version +^^^^^^^^^^^^^^^^^^^ + +The latest version of the iOS app that is recommended for use. + ++------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosLatestVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++------------------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum iOS Version +^^^^^^^^^^^^^^^^^^^^^ + +The minimum version of the iOS React Native app that is required to be used. + ++---------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosMinVersion": ""`` with string input corresponding to a version string, such as ``"1.2.0"``. | ++---------------------------------------------------------------------------------------------------------------------------------------------+ + +Push Notification Buffer +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Used to control the buffer of outstanding Push Notification messages to be sent. If the number of messages exceeds that number, then the request making the Push Notification will be blocked until there's room. + ++---------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"PushNotificationBuffer": 1000"`` with numerical input. | ++---------------------------------------------------------------------------------------------------------------------------------------------+ + +Theme Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Allowed Themes +^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E10 and higher* + +Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowedThemes": []`` with string array input consisting of the options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``, such as ``["mattermostDark", "windows10"]``. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Display Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Supported Timezones Path +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in April 16, 2019 release* + +Set the path of the JSON file that lists supported timezones when ``ExperimentalTimezone`` is set to ``true``. + +The file must be in the same directory as your ``config.json`` file if you set a relative path. Defaults to ``timezones.json``. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SupportedTimezonesPath": "timezones.json"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Experimental Settings +~~~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E20* + +Disable Post Metadata +^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Disabling post metadata is only recommended if you are experiencing a significant decrease in performance around channel and post load times. + +**False**: Load channels with more accurate scroll positioning by loading post metadata. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DisablePostMetadata": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Analytics Settings +~~~~~~~~~~~~~~~~~~~ + +*Available in Enterprise Edition E10 and higher* + +Maximum Users for Statistics +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Sets the maximum number of users on the server before statistics for total posts, total hashtag posts, total file posts, posts per day, and active users with posts per day are disabled. + +This setting is used to maximize performance for large Enterprise deployments. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxUsersForStatistics": 2500`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Elasticsearch Settings +~~~~~~~~~~~~~~~~~~~~~~~~ + +Post Index Replicas +^^^^^^^^^^^^^^^^^^^^^ + +The number of replicas to use for each post index. If this setting is changed, it only applies to newly-created indexes. To apply the change to existing indexes, purge and rebuild the index after changing this setting. + ++---------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PostIndexReplicas": 2`` with numerical input. | ++---------------------------------------------------------------------------------------------------+ + +Post Index Shards +^^^^^^^^^^^^^^^^^^ + +The number of shards to use for each post index. If this setting is changed, it only applies to newly-created indexes. To apply the change to existing indexes, purge and rebuild the index after changing this setting. + ++-------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PostIndexShards": 1`` with numerical input. | ++-------------------------------------------------------------------------------------------------+ + +Aggregate Search Indexes +^^^^^^^^^^^^^^^^^^^^^^^^ + +Elasticsearch indexes over the age specified by this setting will be aggregated during the daily scheduled job. + +.. note:: + If you're using `data retention `_ and `ElasticSearch `_, ensure the `ElasticSearch aggregate search indexes `_ setting is set to a value that is greater than your data retention policy in days. + ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AggregatePostsAfterDays": 365`` with numerical input. | ++-----------------------------------------------------------------------------------------------------------+ + +Post Aggregator Start Time +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The start time of the daily scheduled aggregator job. Must be a 24-hour time stamp in the form ``HH:MM``. + +This setting is based on the local time of the server. + ++--------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PostsAggregatorJobStartTime": "03:00"`` with 24-hour timestamp input in the form ``"HH:MM"``. | ++--------------------------------------------------------------------------------------------------------------------------------------------+ + +Index Prefix +^^^^^^^^^^^^ + +Prefix on the Elasticsearch index name. Enables the use of Mattermost Elasticsearch on a shared Elasticsearch cluster. + ++----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IndexPrefix": ""`` with string input. | ++----------------------------------------------------------------------------------------+ + +.. note:: + When this setting is used, all Elasticsearch indexes created by Mattermost are given this prefix. You can set different prefixes so that multiple Mattermost deployments can share an Elasticsearch cluster without the index names colliding. + +Live Indexing Batch Size +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Determines how many new posts are batched together before they are added to the Elasticsearch index. It may be necessary to increase this value to avoid hitting the rate limit of your Elasticsearch cluster on installs handling multiple messages per second. + ++--------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LiveIndexingBatchSize": 1`` with numerical input. | ++--------------------------------------------------------------------------------------------------------+ + +Request Timeout +^^^^^^^^^^^^^^^^ + +Timeout in seconds for Elasticsearch calls. + ++-------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RequestTimeoutSeconds": 30`` with numerical input. | ++-------------------------------------------------------------------------------------------------------+ + +Bulk Indexing Time Window +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting servers as a performance optimisation for installs with over ~10 million posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BulkIndexingTimeWindowSeconds": 3600`` with numerical input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Trace +^^^^^^ + +Options for printing Elasticsearch trace errors. Accepts ``error``, ``all``, or empty. ``error`` will create the error trace when initialising the Elasticsearch client and will print any template creation or search query that returns an error as part of the error message. ``all`` will create the three traces (error, trace and info) for the driver and will not print the queries because they will be part of the trace log level of the driver. + ++-------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Trace": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------+ + +Bleve Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Index Dir +^^^^^^^^^^ + +Directory path to use for storing bleve indexes. + +.. tip:: + + The bleve index directory path isn't required to exist within the ``mattermost`` directory. When it exists outside of the ``mattermost`` directory, no additional steps are needed to preserve or reindex these files as part of a Mattermost upgrade. See our `Upgrading Mattermost Server `__ documentation for details. + ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------+ + +Enable Indexing +^^^^^^^^^^^^^^^ + +**True**: The indexing of new posts occurs automatically. Search queries will not use bleve search until **Enable Bleve for search queries** is enabled. + +**False**: The indexing of new posts does not occur automatically. + ++------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------+ + +Enable Searching +^^^^^^^^^^^^^^^^^ + +**True**: Search queries will use bleve search. + +**False**: Search queries will not use bleve search. + ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------+ + +Enable Autocomplete +^^^^^^^^^^^^^^^^^^^^ + +**True**: Autocomplete queries will use bleve search. + +**False**: Autocomplete queries will not use bleve search. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------+ + +Bulk Indexing Time Window Seconds +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting serves as a performance optimization for installs with over ~10 million posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BulkIndexingTimeWindowSeconds": 3600`` with numerical input. | ++-------------------------------------------------------------------------------------------------------------+ + +Message Export Settings +~~~~~~~~~~~~~~~~~~~~~~~ + +Export From Timestamp +^^^^^^^^^^^^^^^^^^^^^^ + +Set the Unix timestamp (seconds since epoch, UTC) to export data from. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExportFromTimestamp": 0`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +File Location +^^^^^^^^^^^^^^^ + +Set the file location of the compliance exports. + +By default, they are written to the ``exports`` subdirectory of the configured `Local Storage directory `_. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Batch Size +^^^^^^^^^^^ + +Determines how many new posts are batched together to a compliance export file. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BatchSize": 10000`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Plugin Settings (Beta) +~~~~~~~~~~~~~~~~~~~~~~ + +Enable Plugin Uploads +^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables plugin uploads by System Admins at **Plugins > Management**. If you do not plan to upload a plugin, set to ``false`` to control which plugins are installed on your server. See `documentation `__ to learn more. + +**False**: Disables plugin uploads on your Mattermost server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUploads": false`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow Insecure Download URL +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables downloading and installing a plugin from a remote URL. + +**False**: Disables downloading and installing a plugin from a remote URL. + ++-----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowInsecureDownloadUrl": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Plugin Health Check +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. + +The health check runs every 30 seconds. If the plugin is detected to fail 3 times within an hour, the Mattermost server attempts to restart it. If the restart fails 3 successive times, it's automatically disabled. + +**False**: Disables plugin health check on your Mattermost server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableHealthCheck": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Directory +^^^^^^^^^^ + +The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Client Directory +^^^^^^^^^^^^^^^^^^ + +The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./client/plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ + +Jobs +~~~~~ + +Settings to configure how Mattermost schedules and completes periodic tasks such as the deletion of old posts with Data Retention enabled or indexing posts with Elasticsearch. These settings control which Mattermost servers are designated as a Scheduler, a server that queues the tasks at the correct times, and as a Worker, a server that completes the given tasks. + +When running Mattermost on a single machine, both ``RunJobs`` and ``RunScheduler`` should be enabled. Without both of these enabled, Mattermost will not function properly. + +When running Mattermost in High Availability mode, ``RunJobs`` should be enabled on one or more servers while ``RunScheduler`` should be enabled on all servers under normal circumstances. A High Availability cluster will have one Scheduler and one or more Workers. See the below sections for more information. + +Run Jobs +^^^^^^^^ + +Set whether or not this Mattermost server will handle tasks created by the Scheduler. + +When running Mattermost on a single machine, this setting should always be enabled. + +When running Mattermost in High Availablity mode, one or more servers should have this setting enabled. It is recommended that a High Availability cluster has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. + ++------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------------------+ + +Run Scheduler +^^^^^^^^^^^^^^ + +Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. + +When running Mattermost on a single machine, this setting should always be enabled. + +When running Mattermost in High Availablity mode, this setting should always be enabled. In a High Availability cluster, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See `High Availability documentation `__ for more details. + +.. warning:: + + It is strongly recommended not to change this setting from the default setting of ``true`` as this prevents the ``ClusterLeader`` from being able to run the scheduler. As a result, recurring jobs such as LDAP sync, Compliance Export, and data retention will no longer be scheduled. + +In previous Mattermost Server versions, and this documentation, the instructions stated to run the Job Server with ``RunScheduler: false``. The cluster design has evolved and this is no longer the case. + ++-----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RunScheduler": true`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------------------------------+ + +Shared Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Available in Enterprise Edition E20* + +**True**: Enables users from multiple Mattermost instances to collaborate with one another using shared channels. + +**False**: Disables channel sharing. + ++---------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSharedChannels": false`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------------------+ + +Deprecated Configuration Settings +----------------------------------- + +Policy +~~~~~~~ + +*Removed in June 16, 2018 release* + +.. note:: + + Permission policy settings are available in Enterprise Edition E10 and E20. From v5.0, these settings are found in the `Advanced Permissions `__ page instead of configuration settings. + +Enable sending team invites from +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Set policy on who can invite others to a team using the **Send Email Invite**, **Get Team Invite Link**, and **Add Members to Team** options on the Main Menu. If **Get Team Invite Link** is used to share a link, you can expire the invite code from **Team Settings > Invite Code** after the desired users have joined the team. Options include: + +**All team members**: Allows any team member to invite others using an email invitation, team invite link, or by adding members to the team directly. + +**Team and System Admins**: Hides the email invitation, team invite link, and the add members to team buttons in the Main Menu from users who are not Team Admins or System Admins. + +**System Admins**: Hides the email invitation, team invite link, and add members to team buttons in the Main Menu from users who are not System Admins. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictTeamInvite": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable public channel creation for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to create public channels. + +**All team members**: Allow all team members to create public channels. + +**Team Admins and System Admins**: Restrict creating public channels to Team Admins and System Admins. + +**System Admins**: Restrict creating public channels to System Admins. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelCreation": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable public channel renaming for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to rename and set the header or purpose for Public channels. + +**All channel members**: Allow all channel members to rename Public channels. + +**Channel Admins, Team Admins, and System Admins**: Restrict renaming Public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. + +**Team Admins and System Admins**: Restrict renaming Public channels to Team Admins and System Admins who are members of the channel. + +**System Admins**: Restrict renaming Public channels to System Admins who are members of the channel. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelManagement": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable public channel deletion for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to delete Public channels. Deleted channels can be recovered from the database using a `command line tool `__. + +**All channel members**: Allow all channel members to delete Public channels. + +**Channel Admins, Team Admins, and System Admins**: Restrict deleting Public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. + +**Team Admins and System Admins**: Restrict deleting Public channels to Team Admins and System Admins who are members of the channel. + +**System Admins**: Restrict deleting Public channels to System Admins who are members of the channel. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelDeletion": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable private channel creation for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to create Private channels. + +**All team members**: Allow all team members to create Private channels. + +**Team Admins and System Admins**: Restrict creating Private channels to Team Admins and System Admins. + +**System Admins**: Restrict creating Private channels to System Admins. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelCreation": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable private channel renaming for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to rename and set the header or purpose for Private channels. + +**All channel members**: Allow all channel members to rename Private channels. + +**Channel Admins, Team Admins, and System Admins**: Restrict renaming Private channels to Channel Admins, Team Admins, and System Admins who are members of the Private channel. + +**Team Admins and System Admins**: Restrict renaming Private channels to Team Admins and System Admins who are members of the private channel. + +**System Admins**: Restrict renaming Private channels to System Admins who are members of the Private channel. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManagement": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable managing of private channel members for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Set policy on who can add and remove members from Private channels. + +**All team members**: Allow all team members to add and remove members. + +**Team Admins, Channel Admins, and System Admins**: Allow only Team Admins, Channel Admins, and System Admins to add and remove members. + +**Team Admins, and System Admins**: Allow only Team Admins and System Admins to add and remove members. + +**System Admins**: Allow only System Admins to add and remove members. + ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManageMembers": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable private channel deletion for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to delete Private channels. Deleted channels can be recovered from the database using a `command line tool `__. + +**All channel members**: Allow all channel members to delete Private channels. + +**Channel Admins, Team Admins, and System Admins**: Restrict deleting Private channels to Channel Admins, Team Admins, and System Admins who are members of the Private channel. + +**Team Admins and System Admins**: Restrict deleting private channels to Team Admins and System Admins who are members of the Private channel. + +**System Admins**: Restrict deleting Private channels to System Admins who are members of the Private channel. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelDeletion": "all"`` with options ``"all"``, ``"channel_admin"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow which users to delete messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Restrict the permission level required to delete messages. Team Admins, Channel Admins, and System Admins can delete messages only in channels where they are members. Messages can be deleted any time. + +**Message authors can delete their own messages, and Administrators can delete any message**: Allow authors to delete their own messages, and allow Team Admins, Channel Admins, and System Admins to delete any message. + +**Team Admins and System Admins**: Allow only Team Admins and System Admins to delete messages. + +**System Admins**: Allow only System Admins to delete messages. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPostDelete": "all"`` with options ``"all"``, ``"team_admin"``, and ``"system_admin"`` for the above settings, respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow users to edit their messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in June 16, 2018 release* + +.. note:: + + From v5.0 this has been replaced by advanced permissions which offers Admins a way to restrict actions in Mattermost to authorized users only. See the `Advanced Permissions documentation `_ for more details. + +Set the time limit that users have to edit their messages after posting. + +**Any time**: Allow users to edit their messages at any time after posting. + +**Never**: Do not allow users to edit their messages. + +**{n} seconds after posting**: Users can edit their messages within the specified time limit after posting. The time limit is applied using the ``config.json`` setting ``PostEditTimeLimit`` described below. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowEditPost": "always"`` with options ``"always"``, ``"never"``, and ``"time_limit"`` for the above settings, respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Post edit time limit +^^^^^^^^^^^^^^^^^^^^ + +When post editing is permitted, setting this to ``-1`` allows editing any time, and setting this to a positive integer restricts editing time in seconds. If post editing is disabled, this setting does not apply. + ++--------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PostEditTimeLimit": -1`` with numerical input. | ++--------------------------------------------------------------------------------------------------+ + +Images +~~~~~~ + +Attachment Thumbnail Width +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +Width of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ThumbnailWidth": 120`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Attachment Thumbnail Height +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +Height of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ThumbnailHeight": 100`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Image Preview Width +^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +Maximum width of preview image. Updating this value changes how preview images render in future, but does not change images created in the past. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PreviewWidth": 1024`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Image Preview Height +^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +Maximum height of preview image. Setting this value to ``0`` instructs Mattermost to auto-size the preview image height based on the source image aspect ratio and the preview image width. Updating this value changes how preview images render in future, but does not change images created in the past. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PreviewHeight": 0`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Profile Picture Width +^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +The width to which profile pictures are resized after being uploaded via Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ProfileWidth": 128`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Profile Picture Height +^^^^^^^^^^^^^^^^^^^^^^^ + +*Removed in July 16th, 2017 release* + +The height to which profile pictures are resized after being uploaded via Account Settings. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ProfileHeight": 128`` with numerical input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From 36f17e708dce30b9a19f91d896a4537f8d242472 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 4 Aug 2021 09:58:32 -0400 Subject: [PATCH 07/16] Re-added the correct file that was deleted in error --- source/configure/configuration-settings.rst | 48 +++++++++------------ 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst index 76d3b1da1c2..4434e990f04 100644 --- a/source/configure/configuration-settings.rst +++ b/source/configure/configuration-settings.rst @@ -13,7 +13,7 @@ On new installations starting from v5.14, the ``default.json`` file used to crea Configuration in Database -------------------------- -Storing configuration in the database is supported in v5.10 and later. Please see more information on how to set this up `here `_. +Storing configuration in the database is supported in v5.10 and later. Please see more information on how to set this up `here `_. Environment Variables --------------------- @@ -34,7 +34,7 @@ For any setting that is not set in ``config.json`` or in environment variables, If a setting is set through an environment variable and any other changes are made in the System Console, the value stored of the environment variable will be written back to the ``config.json`` as that setting's value. .. warning:: - Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see `Configuration In Database `_. + Environment variables for Mattermost settings that are set within the active shell will take effect when migrating configuration. For more information, see `Configuration In Database `_. .. warning:: Database connection strings for the database read and search replicas need to be formatted using `URL encoding `__. Incorrectly formatted strings may cause some characters to terminate the string early, resulting in issues when the connection string is parsed. @@ -85,7 +85,7 @@ View subscription details including the number of users and expiry date of your License Key ^^^^^^^^^^^ -Upload or remove license files. For more information on Mattermost Licensing, please see our `frequently asked questions about licensing `_. +Upload or remove license files. For more information on Mattermost Licensing, please see our `frequently asked questions about licensing `_. Reporting --------- @@ -482,7 +482,7 @@ Changes to properties in this section require a server restart before taking eff Enable Elasticsearch Indexing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Indexing of new posts occurs automatically. Search queries will use database search until **Enable Elasticsearch for search queries** is enabled. `Learn more about Elasticsearch in our documentation `__. +**True**: Indexing of new posts occurs automatically. Search queries will use database search until **Enable Elasticsearch for search queries** is enabled. `Learn more about Elasticsearch in our documentation `__. **False**: Elasticsearch indexing is disabled and new posts are not indexed. If indexing is disabled and re-enabled after an index is created, it is recommended to purge and rebuild the index to ensure complete search results. @@ -493,7 +493,7 @@ Enable Elasticsearch Indexing Server Connection Address ^^^^^^^^^^^^^^^^^^^^^^^^^ -The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. +The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. +------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ConnectionUrl": ""`` with string input. | @@ -577,7 +577,7 @@ File Storage Mattermost currently supports storing files on the local filesystem and Amazon S3 or S3 compatible containers. .. note:: - We have tested Mattermost with `MinIO `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. + We have tested Mattermost with `MinIO `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. File Storage System ^^^^^^^^^^^^^^^^^^^^ @@ -628,7 +628,7 @@ Enable users to search the contents of documents attached to messages. **True**: Documents are searchable by their content. .. note:: - Document content search results for files shared before upgrading to Mattermost Server 5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older files based on file name only. + Document content search results for files shared before upgrading to Mattermost Server 5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older files based on file name only. **False**: Documents aren't searchable by their content. When document content search is disabled, users can search for files by file name only. @@ -641,7 +641,7 @@ You can optionally install `these dependencies `__. If this command is not run, users can search older documents based on file name only. + Document content search results for files shared before upgrading to Mattermost Server v5.35 may be incomplete until an `extraction command is executed using the CLI `__. If this command is not run, users can search older documents based on file name only. +---------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"FileSettings.ExtractContent": true`` with options ``true`` and ``false``. | @@ -650,7 +650,7 @@ You can optionally install `these dependencies `__, and test enabling this feature in a staging environment before enabling it in a production environment. + - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. Enable Searching Content of Documents within ZIP Files ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -668,7 +668,7 @@ This configuration setting enables users to search the contents of compressed ZI .. note:: - Document content search within ZIP files is available in Mattermost Server from v5.35, with mobile support coming soon. - Searching document contents adds load to your server. - - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. + - For large deployments, or teams that share many large, text-heavy documents, we recommended you review our `hardware requirements `__, and test enabling this feature in a staging environment before enabling it in a production environment. Amazon S3 Bucket ^^^^^^^^^^^^^^^^^ @@ -695,7 +695,7 @@ The AWS region you selected when creating your S3 bucket. If no region is set, M Amazon S3 Access Key ID ^^^^^^^^^^^^^^^^^^^^^^^^ -This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the Access Key ID. +This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the Access Key ID. +-------------------------+----------------------------------------------------------------------+ | ``config.json`` setting | ``AmazonS3AccessKeyId`` | @@ -746,7 +746,7 @@ Enable Server-Side Encryption for Amazon S3 *Available in Enterprise Edition E20* -**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. +**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. **False**: Doesn't encrypt files in Amazon S3. @@ -995,7 +995,7 @@ Changes to properties in this section require a server restart before taking eff When High Availability mode is enabled, the System Console is set to read-only and settings can only be changed by editing the configuration file directly. However, for testing and validating a High Availability setup, you can set ``ReadOnlyConfig`` to ``false``, which allows changes made in the System Console to be saved back to the configuration file. -To learn more about configuring High Availability, see `High Availability Cluster `_. +To learn more about configuring High Availability, see `High Availability Cluster `_. Enable High Availability Mode ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1020,7 +1020,7 @@ The cluster to join by name. Only nodes with the same cluster name will join tog Override Hostname ^^^^^^^^^^^^^^^^^ -If blank, Mattermost attempts to get the hostname from the OS or use the IP address. You can override the hostname of this server with this property. It is not recommended to override the hostname unless needed. This property can also be set to a specific IP address if needed. Also see `cluster discovery `_ for more details. +If blank, Mattermost attempts to get the hostname from the OS or use the IP address. You can override the hostname of this server with this property. It is not recommended to override the hostname unless needed. This property can also be set to a specific IP address if needed. Also see `cluster discovery `_ for more details. +-----------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"OverrideHostname": ""`` with string input. | @@ -4307,7 +4307,7 @@ System Admins can set the default appearance of collapsed reply threads for thei **Disabled**: Disable Collapsed Reply Threads functionality. +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ServiceSettings.CollapsedThreads": disabled`` with options ``disabled`` and ``default_off``. | +| This feature's ``config.json`` setting is ``"ServiceSettings.CollapsedThreads": disabled`` with options ``disabled`` and ``default-off``. | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ AD/LDAP Settings @@ -4650,15 +4650,14 @@ Enable Shared Channels (Experimental) *Available in Enterprise Edition E20* -Shared Channels enables the ability to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any Public and Private channel. +Enable Shared Channels to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any Public and Private channel. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's two ``config.json`` settings include ``"ExperimentalSettings:EnableSharedChannels": false`` with options ``true`` or ``false``, and ``"ExperimentalSettings:EnableRemoteClusterService": false`` with options ``true`` or ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` settings are ``"ExperimentalSettings:EnableSharedChannels": false ""`` with options ``true`` or ``false``, and ``"ExperimentalSettings:EnableRemoteClusterService": false ""`` with options ``true`` or ``false``. Both configuration settings must be enabled in order to share channels with secure connections. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ .. note:: - - Both configuration settings must be enabled in order to share channels with secure connections. - Enabling Shared Channels functionality requires a server restart. - System Admins for Cloud deployments can submit a request to have this configuration setting enabled in their Cloud instance. @@ -4695,8 +4694,7 @@ Specify the color of the SAML login button text for white labeling purposes. Use Experimental Sidebar Features ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -.. note:: - This experimental configuration setting has been deprecated, and the ability to organize channels in the sidebar has been promoted to general availability from Mattermost v5.32. See the `Organizing Your Sidebar `__ product documentation for details on customizing the sidebar. +This configuration setting has been deprecated in favor of `Enable Legacy Sidebar `__. **Disabled**: Users cannot access the experimental channel sidebar feature set. @@ -5885,11 +5883,7 @@ Bleve Settings (Experimental) Index Dir ^^^^^^^^^^ -Directory path to use for storing bleve indexes. - -.. tip:: - - The bleve index directory path isn't required to exist within the ``mattermost`` directory. When it exists outside of the ``mattermost`` directory, no additional steps are needed to preserve or reindex these files as part of a Mattermost upgrade. See our `Upgrading Mattermost Server `__ documentation for details. +Directory path to use for storing bleve indexes. +-----------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | From c7d1739c7bcd6c93840a1d75629cf6719466befb Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Mon, 9 Aug 2021 09:24:27 -0400 Subject: [PATCH 08/16] MM-36779 - Add ChimeraOAuthProxyURL config option (#4928) * MM-36779 - Add ChimeraOAuthProxyURL config option Documentation for: https://github.com/mattermost/mattermost-server/pull/17888 Updated: - Set Up, Manage, Onboard, and Comply > Set Up Mattermost > Self-Managed Deployments > Configuration Settings > Plugins (Beta) - Added the Chimera OAuth Proxy URL configuration setting * Added ChimeraOAuthProxyUrl to Telemetry * added note about the setting being available only via config.json * Update source/configure/configuration-settings.rst Co-authored-by: Justine Geffen * Update source/configure/configuration-settings.rst Co-authored-by: Justine Geffen Co-authored-by: Justine Geffen --- source/configure/configuration-settings.rst | 19 ++++++++++++++++--- source/manage/telemetry.rst | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst index 4434e990f04..caf53e86972 100644 --- a/source/configure/configuration-settings.rst +++ b/source/configure/configuration-settings.rst @@ -3803,9 +3803,22 @@ Signature Public Key Files In addition to the Mattermost plugin signing key built into the server, each public key specified here is trusted to validate plugin signatures. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SignaturePublicKeyFiles": {}`` with with string array input consisting of contents that are relative or absolute paths to signature files. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SignaturePublicKeyFiles": {}`` with string array input consisting of contents that are relative or absolute paths to signature files. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Chimera OAuth Proxy URL +^^^^^^^^^^^^^^^^^^^^^^^ + +Specify the `Chimera `__ URL used by Mattermost plugins to connect with pre-created OAuth applications. + ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ChimeraOAuthProxyUrl": {}`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------+ + +.. note:: + + This setting isn't available in the System Console and can only be set in ``config.json``. Autolink ~~~~~~~~ diff --git a/source/manage/telemetry.rst b/source/manage/telemetry.rst index d48be5e8456..44658fca650 100644 --- a/source/manage/telemetry.rst +++ b/source/manage/telemetry.rst @@ -81,7 +81,7 @@ Server Configuration Settings **True/false (boolean)** value whether setting remains default (true) or non-default (false). **NOTE: No input data is used**: - **ServiceSettings**: bool SiteURL, bool WebsocketURL, bool TLSCertFile, bool TLSKeyFile, bool ReadTimeout, bool WriteTimeout,bool IdleTimeout, bool GoogleDeveloperKey, bool AllowCorsFrom, bool CorsExposedHeaders, bool AllowedUntrustedInternalConnections, bool GfycatApiKey, bool GfycatApiSecret, bool ManagedResourcePaths, bool CollapsedThreads; **TeamSettings**: bool SiteName, bool CustomBrandText, bool CustomDescriptionText, bool UserStatusAwayTimeout, bool ExperimentalPrimaryTeam; **DisplaySettings**: bool CustomUrlSchemes; **GuestAccountSettings**: bool RestrictCreationToDomains; **LogSettings**: bool FileLocation; **NotificationLogSettings**: bool FileLocation; **EmailSettings**: bool FeedbackName, bool FeedbackEmail, bool FeedbackOrganization, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool ImageProxyType, bool ImageProxyURL, bool ImageProxyOptions; **RateLimitSettings**: bool VaryByHeader; **SupportSettings**: bool TermsOfServiceLink, bool PrivacyPolicyLink, bool AboutLink, bool HelpLink, bool ReportAProblemLink, bool AppCustomURLSchemes, bool SupportEmail; **ThemeSettings**: bool DefaultTheme; **TimeZoneSettings**: bool SupportedTimezonesPath; **LdapSettings**: bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool IdAttribute, bool PositionAttribute, bool LoginFieldName, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool GroupFilter, bool GroupDisplayNameAttribute, bool GroupIdAttribute, bool GuestFilter, bool AdminFilter; **SamlSettings**: bool SignatureAlgorithm, bool CanonicalAlgorithm, bool ScopingIDPProviderId, bool ScopingIDPName, bool IdAttribute, bool GuestAttribute, bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool LocaleAttribute, bool PositionAttribute, bool LoginIdAttribute, bool LoginButtonText, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool AdminFilter; **NativeAppSettings**: bool AppDownloadLink, bool AndroidAppDownloadLink, bool IosAppDownloadLink; **WebrtcSettings** (only in v5.5 and earlier): bool StunURI, bool TurnURI; **ClusterSettings**: bool NetworkInterface, bool BindAddress, bool AdvertiseAddress; **MetricsSettings**: bool BlockProfileRate; **AnalyticsSettings**: bool MaxUsersForStatistics; **ExperimentalSettings** bool ClientSideCertCheck; **AnnouncementSettings**: bool BannerColor, bool BannerTextColor; **ElasticsearchSettings**: bool ConnectionUrl, bool Username, bool Password, bool IndexPrefix; **PluginSettings**: bool MarketplaceUrl, bool SignaturePublicKeyFiles; **MessageExportSettings**: bool GlobalRelaySettings.SmtpUsername, bool GlobalRelaySettings.SmtpPassword, bool GlobalRelaySettings.EmailAddress + **ServiceSettings**: bool SiteURL, bool WebsocketURL, bool TLSCertFile, bool TLSKeyFile, bool ReadTimeout, bool WriteTimeout,bool IdleTimeout, bool GoogleDeveloperKey, bool AllowCorsFrom, bool CorsExposedHeaders, bool AllowedUntrustedInternalConnections, bool GfycatApiKey, bool GfycatApiSecret, bool ManagedResourcePaths, bool CollapsedThreads; **TeamSettings**: bool SiteName, bool CustomBrandText, bool CustomDescriptionText, bool UserStatusAwayTimeout, bool ExperimentalPrimaryTeam; **DisplaySettings**: bool CustomUrlSchemes; **GuestAccountSettings**: bool RestrictCreationToDomains; **LogSettings**: bool FileLocation; **NotificationLogSettings**: bool FileLocation; **EmailSettings**: bool FeedbackName, bool FeedbackEmail, bool FeedbackOrganization, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool ImageProxyType, bool ImageProxyURL, bool ImageProxyOptions; **RateLimitSettings**: bool VaryByHeader; **SupportSettings**: bool TermsOfServiceLink, bool PrivacyPolicyLink, bool AboutLink, bool HelpLink, bool ReportAProblemLink, bool AppCustomURLSchemes, bool SupportEmail; **ThemeSettings**: bool DefaultTheme; **TimeZoneSettings**: bool SupportedTimezonesPath; **LdapSettings**: bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool IdAttribute, bool PositionAttribute, bool LoginFieldName, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool GroupFilter, bool GroupDisplayNameAttribute, bool GroupIdAttribute, bool GuestFilter, bool AdminFilter; **SamlSettings**: bool SignatureAlgorithm, bool CanonicalAlgorithm, bool ScopingIDPProviderId, bool ScopingIDPName, bool IdAttribute, bool GuestAttribute, bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool LocaleAttribute, bool PositionAttribute, bool LoginIdAttribute, bool LoginButtonText, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool AdminFilter; **NativeAppSettings**: bool AppDownloadLink, bool AndroidAppDownloadLink, bool IosAppDownloadLink; **WebrtcSettings** (only in v5.5 and earlier): bool StunURI, bool TurnURI; **ClusterSettings**: bool NetworkInterface, bool BindAddress, bool AdvertiseAddress; **MetricsSettings**: bool BlockProfileRate; **AnalyticsSettings**: bool MaxUsersForStatistics; **ExperimentalSettings** bool ClientSideCertCheck; **AnnouncementSettings**: bool BannerColor, bool BannerTextColor; **ElasticsearchSettings**: bool ConnectionUrl, bool Username, bool Password, bool IndexPrefix; **PluginSettings**: bool MarketplaceUrl, bool SignaturePublicKeyFiles, bool ChimeraOAuthProxyUrl; **MessageExportSettings**: bool GlobalRelaySettings.SmtpUsername, bool GlobalRelaySettings.SmtpPassword, bool GlobalRelaySettings.EmailAddress Commercial License Information (Enterprise Edition Only) Information about commercial license key purchased or trial license key used for Enterprise Edition servers: Company ID, license ID, license issue date, license start date, license expiry date, number of licensed users, license short name (E10 vs E20), list of unlocked Enterprise features. From 9c3f20264ff1e2109ba15ac57e8e14b630a141ed Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Mon, 9 Aug 2021 09:24:45 -0400 Subject: [PATCH 09/16] Reliable Websockets: default to true (#4918) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Documentation for: mattermost/mattermost-server#17890 Updated: - Set Up, Manage, Onboard, and Comply > Set Up Mattermost > Self-Managed Deployments > Configuration Settings > Experimental Settings only in config.json > Enable Reliable Websockets - Updated the default value of the config setting to ``true`` --- source/configure/configuration-settings.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst index caf53e86972..cbc918b69e8 100644 --- a/source/configure/configuration-settings.rst +++ b/source/configure/configuration-settings.rst @@ -5392,7 +5392,7 @@ Enable Reliable Websockets Enable this setting to make websocket messages more reliable by buffering messages during a connection loss and then re-transmitting all unsent messages when the connection is revived. +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": false`` with options ``true`` and ``false``. | +| This feature's ``config.json`` setting is ``"EnableReliableWebsockets": true`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Remote Clusters From 9dc0ca4cdea424fb46d529c3c0d62aebd2529ab4 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Mon, 9 Aug 2021 09:25:40 -0400 Subject: [PATCH 10/16] Added functionality to archive/unarchive teams from system console (#4927) * Added functionality to archive/unarchive teams from system console Documentation for: https://github.com/mattermost/mattermost-webapp/pull/8129 Updated: - Set Up, Manage, Onboard, and Comply > Manage Mattermost > Self-Managed Deployments > Managing Team and Channel Members (E20) > Team Profile - Updated section to include details on how to archive/unarchive the team * Added archive/unarchive updates to Cloud-specific page * Updated LHS - Moved self-managed topic from all instances to self-managed - Added Cloud-specific topic * added mmctl equivalent for team restore * added mmctl equivalent for team restore (self-managed) * Update source/manage/cloud-team-and-channel.rst Co-authored-by: Justine Geffen * Update source/manage/team-channel-members.rst Co-authored-by: Justine Geffen --- source/guides/setup-onboard-manage-comply.rst | 5 +++-- source/manage/cloud-team-and-channel.rst | 18 ++++++++++++++++-- source/manage/team-channel-members.rst | 18 +++++++++++++++++- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/source/guides/setup-onboard-manage-comply.rst b/source/guides/setup-onboard-manage-comply.rst index ad635acface..a32dbf5d04e 100644 --- a/source/guides/setup-onboard-manage-comply.rst +++ b/source/guides/setup-onboard-manage-comply.rst @@ -98,7 +98,6 @@ All Mattermost Instances :glob: /manage/generating-support-packet.rst - /manage/team-channel-members.rst /manage/mmctl-command-line-tool.rst /manage/user-satisfaction-surveys.rst @@ -109,6 +108,7 @@ Self-Managed Deployments :maxdepth: 1 :glob: + /manage/team-channel-members.rst /manage/command-line-tools.rst /manage/scripts.rst /manage/statistics.rst @@ -124,6 +124,7 @@ Cloud Workspaces :maxdepth: 1 :glob: + /manage/cloud-team-channel.rst /manage/cloud-billing.rst /manage/cloud-reporting.rst @@ -154,4 +155,4 @@ Cloud Workspaces /comply/cloud-compliance-and-oversight.rst /comply/cloud-compliance-export.rst /comply/cloud-data-retention-policy.rst - /comply/cloud-custom-terms-of-service.rst \ No newline at end of file + /comply/cloud-custom-terms-of-service.rst diff --git a/source/manage/cloud-team-and-channel.rst b/source/manage/cloud-team-and-channel.rst index bac61fff318..02717bc8391 100644 --- a/source/manage/cloud-team-and-channel.rst +++ b/source/manage/cloud-team-and-channel.rst @@ -1,5 +1,3 @@ -:orphan: - Managing Team and Channel Members ================================= @@ -23,6 +21,22 @@ Team Profile The name and description of the team. +System Admins can archive or unarchive the team from within **User Management > Teams > Team Management**. Archiving a team makes its contents inaccessible for all users. All related information is archived, including posts from the database. Before archiving a team, we recommend that you perform a database backup. + +Archiving a Team +^^^^^^^^^^^^^^^^ + +Select **Archive Team**, then select **Save**. Select **Archive** when prompted to confirm the team archive. + +Alternatively, System Admins can use the mmctl ``mmctl team archive`` to archive teams. See the `mmctl product documentation `__ for details. + +Unarchiving a Team +^^^^^^^^^^^^^^^^^^ + +Select **Unarchive Team**, then select **Save**. + +Alternatively, System Admins can use the mmctl ``mmctl team restore`` to unarchive teams. See the `mmctl product documentation `__ for details. + Team Management ~~~~~~~~~~~~~~~ diff --git a/source/manage/team-channel-members.rst b/source/manage/team-channel-members.rst index 2f8c668c2cf..38d13cebf66 100644 --- a/source/manage/team-channel-members.rst +++ b/source/manage/team-channel-members.rst @@ -19,7 +19,23 @@ Select a team to view its configuration options. Team Profile ~~~~~~~~~~~~ -The name and description of the team. +The name and description of the team. + +System Admins can archive or unarchive the team from within **User Management > Teams > Team Management**. Archiving a team makes its contents inaccessible for all users. All related information is archived, including posts from the database. Before archiving a team, we recommend that you perform a database backup. + +Archiving a Team +^^^^^^^^^^^^^^^^ + +Select **Archive Team**, then select **Save**. Select **Archive** when prompted to confirm the team archive. + +Alternatively, System Admins can use the mmctl ``mmctl team archive`` to archive teams. See the `mmctl product documentation `__ for details. + +Unarchiving a Team +^^^^^^^^^^^^^^^^^^ + +Select **Unarchive Team**, then select **Save**. + +Alternatively, System Admins can use the mmctl ``mmctl team restore`` to archive teams. See the `mmctl product documentation `__ for details. Team Management ~~~~~~~~~~~~~~~ From 5cb1f233599a9f9c3a11fea2e07fe5a035e6e051 Mon Sep 17 00:00:00 2001 From: Katie Wiersgalla <39744472+wiersgallak@users.noreply.github.com> Date: Wed, 11 Aug 2021 09:23:21 -0500 Subject: [PATCH 11/16] Update data-retention-policy.rst (#4937) * Update data-retention-policy.rst Adding docs for custom data retention policies. * Update data-retention-policy.rst * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update data-retention-policy.rst * Update data-retention-policy.rst * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update source/comply/data-retention-policy.rst Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> --- source/comply/data-retention-policy.rst | 53 +++++++++++++++---------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/source/comply/data-retention-policy.rst b/source/comply/data-retention-policy.rst index d5b5fa4db3d..69976be30fb 100644 --- a/source/comply/data-retention-policy.rst +++ b/source/comply/data-retention-policy.rst @@ -5,23 +5,40 @@ Data Retention Policy (E20) By default, Mattermost stores all message history providing an unlimited search history to admins and end users. -In Mattermost Enterprise E20, you can set a custom policy to manage how long messages and file uploads are kept in Mattermost channels and direct messages. +In Mattermost Enterprise E20, you can set a global retention policy as well as custom retention policies to manage how long messages and file uploads are kept in Mattermost channels and Direct Messages .. warning:: - Once a message or a file is deleted, the action is irreversible. Please use caution when setting up a custom data retention policy. + Once a message or a file is deleted, the action is irreversible. Please use caution when setting up global or custom data retention policies. -Configuring a Data Retention Policy ------------------------------------- +Configuring a Global Data Retention Policy +------------------------------------------- -To set a custom data retention policy: +To set a global data retention policy in Mattermost v5.38 and later: -1. Go to **System Console > Compliance > Data Retention Policy**. -2. Select a **Message Retention** option. When a time is specified, messages, including file attachments, older than the duration you set will be deleted at the specified time. The minimum retention period is one day. -3. Select a **File Retention** option. When a time is specified uploaded files which are older than the duration you set will be deleted from your file storage system (either from your local disk or your Amazon S3 service as specified in **System Console > Environment > File Storage** at the specified time. The minimum retention period is one day. -4. Set the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. Must be a 24-hour time stamp in the form HH:MM. +1. Go to **System Console > Compliance > Data Retention Policies**. +2. Select **Edit** from the menu located to the right of the **Global retention policy** table. +3. Specify a global retention policy for channel messages and Direct Messages by selecting a **Channel & direct message retention** option from the dropdown, then set how long to keep those messages. When a time is set, messages and file attachments older than the duration you set will be deleted. The minimum retention period is one day. +4. Select a **File retention** option from the dropdown. Set the number of days or ears to keep files. When a time is set, uploaded files which are older than the duration you set will be deleted from your file storage system (either from your local disk or your Amazon S3 service as specified in **System Console > Environment > File Storage**. The minimum retention period is one day. The global file policy deletes all files regardless of whether they're in a direct message, private, or public channel. +5. Under the **Policy log** section, select **Edit** to specify the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. -Save the settings and restart your server. Messages and files older than the duration you set will be deleted at the specified server time, if applicable. +Select **Save**. Messages and files older than the duration you set will be deleted at the specified server time, as applicable. +Configuring a Custom Data Retention Policy +------------------------------------------- + +To set a custom data retention policy in Mattermost v5.38 and later: + +1. Go to **System Console > Compliance > Data Retention Policies**. +2. Select **Add policy** to the right of the **Custom retention policies** table. +3. Specify a name for your policy. +4. Specify a custom retention policy for channel and Direct Messages by selecting a **Channel & direct message retention** option from the dropdown, then set how long to keep uploaded files. When a time is set, messages and file attachments older than the duration you set will be deleted. The minimum retention period is one day. +5. Assign teams and channels to this policy by selecting **Add teams** and searching for a specific team, or by selecting **Add channels** and searching for a specific channel. If only teams are specified, all channels for selected teams will be included in the a policy. +6. Under the **Policy log** section, select **Edit** to specify the start time of the daily scheduled data retention job. Choose a time when fewer people are using your system. If a time is already set for a global retention policy, then the same time applies to custom data retention policies. + +Save the settings. Messages and files older than the duration you set will be deleted at the specified server time, as applicable. + +Running a Deletion Job Manually +-------------------------------- You can also run the deletion job manually at any time by selecting **Run Deletion Job Now** in **System Console > Compliance > Data Retention Policy**. .. note:: @@ -33,12 +50,14 @@ Frequently Asked Questions (FAQs) What happens when a message is deleted? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The message is removed from the Mattermost user interface and deleted from the ``Posts`` table. The message is no longer searchable and cannot be retrieved in pinned posts or saved posts lists. +The message is removed from the Mattermost user interface and deleted from the ``Posts`` table. The message is no longer searchable and cannot be retrieved in pinned posts or saved posts lists. Replies that did not exceed the message duration are still displayed in the user interface. However, further replies are no longer possible. -What happens when a file is deleted? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +If there was a file attached to the message, it will be removed from the user interface only. + +What happens when a file is deleted by the file retention policy? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The file attachment is removed from the Mattermost user interface, deleted from the ``FileInfo`` table, and from your local disk or Amazon S3 service as specified in **System Console > Environment > File Storage**. @@ -59,14 +78,6 @@ Why do I see ``Pending`` in the deletion job table with no details? This usually means another data retention job is in progress. You can verify this in the deletion job table in **System Console > Compliance > Data Retention Policy**. -If no jobs are in progress and the job has stayed ``Pending`` for more than 2 minutes, then you may not have restarted your server after enabling the data retention policy. Restart your server and try again. - -How do I set a custom policy per team or channel? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Setting custom policies for each team and channel are in the roadmap but not yet supported. - -If you are interested in this feature, consider upvoting the `existing feature proposal `__ and share your feedback in the comments. How is data retention handled in the mobile apps? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 76ba6a7831420b9b6f46238d18d50efec14c402f Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Wed, 11 Aug 2021 12:34:35 -0400 Subject: [PATCH 12/16] Update important-upgrade-notes.rst (#4811) * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Update important-upgrade-notes.rst * Fix typos --- source/upgrade/important-upgrade-notes.rst | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/source/upgrade/important-upgrade-notes.rst b/source/upgrade/important-upgrade-notes.rst index e026b082590..7084c696a07 100644 --- a/source/upgrade/important-upgrade-notes.rst +++ b/source/upgrade/important-upgrade-notes.rst @@ -3,12 +3,22 @@ Important Upgrade Notes .. important:: - Support for Mattermost Server v5.31 `Extended Support Release `_ will come to the end of its life cycle on October 15, 2021. Upgrading to Mattermost Server v5.37 `Extended Support Release `_ or later is required. - - In the v5.38 release (August 16, 2021), we will deprecate "config watcher" (the mechanism that automatically reloads the ``config.json file``), in favor of an mmctl command that will need to be run to apply configuration changes after they are made. This change will improve configuration performance and robustness. - The deprecations `listed here `_ are planned for the Mattermost v6.0 release, which is scheduled for September 15, 2021. This list is subject to change prior to the release. + - Upgrading Mattermost can result in an error “ERROR: default for column "column_name" cannot be cast automatically to type jsonb” if you have non-JSON data in a column. This can also happen if the database data has been manipulated by external processes (e.g. plugins) and in cases where improper input data could get silently truncated due to varchar limits. The data in the affected database column has to be manually fixed. +----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | If you’re upgrading from a version earlier than... | Then... | +====================================================+==================================================================================================================================================================+ +| v5.38.0 | The “config watcher” (the mechanism that automatically reloads the ``config.json`` file) has been removed in favor of the ``mmctl config`` command that will | +| | need to be run to apply configuration changes after they are made. This change improves configuration performance and robustness. | +| +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| | v5.38 adds fixes for some of the incorrect mention counts and unreads around threads and channels since the introduction of Collapsed Reply Threads (Beta). This | +| | fix is done through a SQL migration, and it may take several minutes to complete for large databases. The ``fixCRTChannelMembershipCounts`` fix takes 1 minute | +| | and 20 seconds for a database containing approximately 4 million channel memberships and about 130,000 channels. The ``fixCRTThreadCountsAndUnreads`` fix takes | +| | about 3 minutes and 30 seconds for a database containing 56367 threads, 124587 thread memberships, and 220801 channel memberships. These are on MySQL v5.6.51. | +| +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| | Focalboard v0.8.0 (released with Mattermost v5.38.0) requires Mattermost v5.37 due to the new database connection system. | ++----------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | v5.37.0 | The ``platform`` binary and “--platform” flag have been removed. If you are using the “--platform” flag or are using the ``platform`` binary directly to run | | | the Mattermost server application via a systemd file or custom script, you will be required to use only the mattermost binary. | | +------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From aaad4098df8648dbed9f0c86efa8cbcffeb46d19 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 11 Aug 2021 15:02:34 -0400 Subject: [PATCH 13/16] MM-36547 Renamed 'Mute Channel' and 'Edit Channel Header' menus (#4941) Documentation for: mattermost/mattermost-webapp#8313 Updated: - Messaging > Manage Teams, Channels, and Members > Managing Channels > Creating a Direct or Group Message - Updated section to include mute, unmute, and edit header options for group and direct messages --- source/messaging/managing-channels.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source/messaging/managing-channels.rst b/source/messaging/managing-channels.rst index 8aa5b385c6a..71e4b9c32a6 100644 --- a/source/messaging/managing-channels.rst +++ b/source/messaging/managing-channels.rst @@ -26,6 +26,10 @@ In the **Direct Messages** popup, identify your most recent conversations by rel .. image:: ../images/recent-direct-group-messages.png :alt: Write a Direct Message or Group Message. +Modify the header of any Direct or Group Message by selecting **Edit Conversation Header** from the channel name drop-down menu. + +Mute or unmute a conversation by selecting **Mute Conversation** or **Unmute Conversation** from the channel name drop-down menu. + Joining a channel ----------------- From 8631109334c8f2559bc00f3d918fc6c6663e7259 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Wed, 11 Aug 2021 15:18:07 -0400 Subject: [PATCH 14/16] MM-35722: CRT, post click open thread (#4942) Documentation for: https://github.com/mattermost/mattermost-webapp/pull/8342 Updated: - Messages > Work with Messages > Organizing Conversations using Collapsed Reply Threads (Beta) > Start or Reply to Threads - Updated Tip bullet point #1 to clarify that uses can click anywhere in a message in the center pane to view it/reply to it --- source/messaging/organizing-conversations.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/messaging/organizing-conversations.rst b/source/messaging/organizing-conversations.rst index 01090e9fb92..5027b135950 100644 --- a/source/messaging/organizing-conversations.rst +++ b/source/messaging/organizing-conversations.rst @@ -33,7 +33,7 @@ Replies are collapsed under the first message of a thread. To reply to a thread, .. tip:: - - Select anywhere on a message in a channel to view it, or reply to it, on the right-hand side. + - Select anywhere on a message in a channel in the center pane to view it, or reply to it, on the right-hand side. - In channels, a dot next to the thread participants indicates there are unread replies. You'll only see unreads for threads you're following. .. image:: ../images/crt-new-unread-threads.png From e178bff5dfe72244949e30530fcfd618c5138538 Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Fri, 13 Aug 2021 08:46:16 -0400 Subject: [PATCH 15/16] MM-35470 Disable config watching logic (#4951) * MM-35470 Disable config watching logic Documentation for: https://github.com/mattermost/mattermost-server/pull/17913 Updated: - Set Up, Manage, Onboard, and Comply > Set Up Mattermost > Self-Managed Deployments > Configuration Settings - Updated introductory content to remove < v5.12 legacy note and add config watcher note and link to mmctl command * Update source/configure/configuration-settings.rst Co-authored-by: Justine Geffen --- source/configure/configuration-settings.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source/configure/configuration-settings.rst b/source/configure/configuration-settings.rst index cbc918b69e8..acf7aecb6b0 100644 --- a/source/configure/configuration-settings.rst +++ b/source/configure/configuration-settings.rst @@ -1,14 +1,15 @@ Configuration Settings ====================== -.. note:: - The order of the configuration settings below are reflective of a reorganization of the System Console in version 5.12 released on June 16th, 2019. To view the configuration settings based on the organization of the System Console in versions prior to version 5.12, please see `this documentation `_ instead. - Mattermost configuration settings are maintained in the ``config.json`` configuration file, located in the ``mattermost/config`` directory. You can modify the configuration file using the System Console, or by using a text editor to modify it directly. -Mattermost must have write permissions to ``config.json``, otherwise changes made in the System Console will have no effect. +.. important:: + + Mattermost must have write permissions to ``config.json``, otherwise changes made in the System Console will have no effect. + + On new installations from v5.14, the ``default.json`` file used to create the initial ``config.json`` has been removed from the binary and replaced with a build step that generates a fresh ``config.json``. This is to ensure the initial configuration file has all the correct defaults provided in the server code. Existing ``config.json`` files are not affected by this change. -On new installations starting from v5.14, the ``default.json`` file used to create the initial ``config.json`` has been removed from the binary and replaced with a build step that generates a fresh ``config.json``. This is to ensure the initial configuration file has all the correct defaults provided in the server code. Existing ``config.json`` files are not affected by this change. + From Mattermost v5.38 (released August 16, 2021), the “config watcher” (the mechanism that automatically reloads the ``config.json`` file) has been deprecated in favor of the mmctl command `mmctl config reload `__ that must be run to apply configuration changes after they're made. This change will improve configuration performance and robustness. Configuration in Database -------------------------- From 4836f33873ec8f60ee239d7c800a23e0bae835d2 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Fri, 13 Aug 2021 09:51:35 -0400 Subject: [PATCH 16/16] v5.38.0 Changelog (#4810) * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md * Apply suggestions from code review Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> * Update self-managed-changelog.md * Update self-managed-changelog.md * Update self-managed-changelog.md Co-authored-by: Carrie Warner (Mattermost) <74422101+cwarnermm@users.noreply.github.com> --- source/install/self-managed-changelog.md | 151 ++++++++++++++++++++++- 1 file changed, 148 insertions(+), 3 deletions(-) diff --git a/source/install/self-managed-changelog.md b/source/install/self-managed-changelog.md index c52dbf91a0f..28d3d26911a 100644 --- a/source/install/self-managed-changelog.md +++ b/source/install/self-managed-changelog.md @@ -5,13 +5,158 @@ This changelog summarizes updates to [Mattermost Team Edition](https://mattermos Also see [changelog in progress](https://bit.ly/2nK3cVf) for the next release. Lastest Mattermost Releases: +- [Release v5.38 - Feature Release](#release-v5-38-feature-release) - [Release v5.37 - Extended Support Release](#release-v5-37-extended-support-release) - [Release v5.36 - Feature Release](#release-v5-36-feature-release) - [Release v5.35 - Feature Release](#release-v5-35-feature-release) - [Release v5.34 - Feature Release](#release-v5-34-feature-release) -- [Release v5.33 - Feature Release](#release-v5-33-feature-release) -- [Release v5.32 - Feature Release](#release-v5-32-feature-release) -- [Release v5.31 - Extended Support Release](#release-v5-31-esr) +- [Release v5.31 - ESR](#release-v5-31-esr) + +## Release v5.38 - [Feature Release](https://docs.mattermost.com/administration/release-definitions.html#feature-release) + +**Release Day: 2021-08-16** + +Mattermost v5.38.0 contains low to medium level security fixes. [Upgrading](https://docs.mattermost.com/administration/upgrade.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.org/responsible-disclosure-policy/). + +### Deprecations + - The “config watcher” (the mechanism that automatically reloads the ``config.json`` file) has been removed in favor of the ``mmctl config`` command that will need to be run to apply configuration changes after they are made. This change improves configuration performance and robustness. + +### Important Upgrade Notes + - v5.38 adds fixes for some of the incorrect mention counts and unreads around threads and channels since the introduction of Collapsed Reply Threads (Beta). This fix is done through a SQL migration, and it may take several minutes to complete for large databases. The ``fixCRTChannelMembershipCounts`` fix takes 1 minute and 20 seconds for a database containing approximately 4 million channel memberships and about 130,000 channels. The ``fixCRTThreadCountsAndUnreads`` fix takes about 3 minutes and 30 seconds for a database containing 56367 threads, 124587 thread memberships, and 220801 channel memberships. These are on MySQL v5.6.51. + - Focalboard v0.8.0 (released with Mattermost v5.38.0) requires Mattermost v5.37 due to the new database connection system. + +**IMPORTANT:** If you upgrade from a release earlier than v5.37, please read the other [Important Upgrade Notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html). + +### Highlights + +#### Granular Data Retention Policies (Enterprise E20) + - A ``data_retention`` type job can now be run even if the global policy is disabled. The granular (i.e. team and channel-specific) policies will be executed when the data retention job is run. Please note there is a known issue where deleted posts get displayed in channels without new activity after the retention job is run. This issue is tracked with [this ticket](https://mattermost.atlassian.net/browse/MM-36574). + +#### Enhanced User Onboarding Experience + - To help new users get started with Mattermost, new Getting Started steps have been added to the onboarding experience. These steps help users to complete their profile, name their teams, configure desktop notifications, and invite others to join their team. Additionally, once the onboarding is complete, users are provided with helpful tips to get started with channels, plugins, and more. + +#### Playbooks Updates + - ``Incident Collaboration`` was rebranded to ``Playbooks``. Also the channel right-hand sidebar is redesigned, our own playbooks are shared as templates, and more triggers and actions were added. + +#### Focalboard Updates + - Added created-by property and improved performance with shared database connections. Focalboard 0.8.0 requires Mattermost v5.37+ due to a new database connection system. + +### Improvements + +#### User Interface (UI) + - Upgraded German language back to an official language. + - Markdown formatting is now stripped from push notifications. + - Enabled the **Set Status** button if the custom status hasn't changed from currently set status. + - Improved default rendering of images inserted via the GIF picker. + - Small text changes were added to Direct and Group Message menus: **Mute channel** and **Edit Channel Header** now reads as **Mute Conversation** and **Edit Conversation Header**. + +#### Performance + - Improved performance of components that show reactions on posts. + - Improved performance of certain components when viewing non-Direct Message channels. + - Added minor improvements to performance of messages posted in the right-hand side. + - Improved typing performance in affected environments by reducing the frequency in which drafts are saved. + +#### Integrations + - Added icons to apps in the Marketplace. + - Apps can now add arbitrary markdown in between fields on forms. + - Added support for markdown in apps forms, interactive dialogs field descriptions, errors, and slash commands. + - Improved user and channel selector for app commands. + - Added support for ``react-intl`` and ```` usage in plugins. + - Added plugin API methods for user access tokens and OAuth apps. + +#### Administration + - Added a new feature to archive and unarchive teams through **System Console** > **Teams**. + +### Bug Fixes + - Fixed an issue where the "Find channel" channel switcher text overflowed beyond the button for some languages. + - Fixed an issue where inter-plugin requests without a body didn't work. + - Fixed an issue with opening a dialog from an interactive message when returning an empty response. + - Fixed an issue where the **Add Members** modal was incorrectly themed on the Mattermost Dark Theme. + - Fixed a panic in the ``getPrevTrialLicense`` API request when loading the System Console on Team Edition. + - Fixed an issue where admin advisor notifications were accidentally re-enabled in a previous release. + - Fixed various bugs for the Collapsed Reply Threads (Beta) feature, including: + - Fixed an issue where an error occurred while following a thread with no replies. + - Fixed an issue where ``reply_count`` of 0 was always returned for GET single Post on ``/posts/`` API. + - Fixed an issue where following a single message returned a status 500. + - Fixed an issue where when replying in a thread after unfollowing it, the thread was not auto-followed again. + - Fixed an issue where when enabling Collapsed Reply Threads, channels that had no new activity were showing as unread. + - Fixed an issue with thread unreads when the feature was enabled by a user. + - Fixed an issue where self replies were marking threads as unread. + - Unread threads are now correctly displayed on app load for teams in the sidebar when Collapsed Reply Threads feature is enabled. + - Fixed an issue where "Thread" in the thread viewer was displayed vertically in some languages. + - Fixed an issue where opening global threads containing a root post markdown image crashed the app. + - Fixed an issue where the app crashed when switching to the Threads view after leaving a channel. + - Fixed an issue where replying to a thread from the global threads screen marked the channel as read. + - The **Mark all as unread** button is now no longer disabled for Collapsed Reply Threads. + - Fixed root posts not being shown as followed for the post creator after receiving the first reply that affected servers with Collapsed Reply Threads enabled and database read replicas configured. + +### config.json +Multiple setting options were added to ``config.json``. Below is a list of the additions and their default values on install. The settings can be modified in ``config.json``, or the System Console when available. + +#### Changes to Team Edition and Enterprise Edition: + - Under ``PluginSettings`` in ``config.json``: + - Added ``ChimeraOAuthProxyURL`` to allow specifying Chimera URL that can be used by plugins to connect with pre-created OAuth applications. + - The config setting ``EnableReliableWebSockets`` now defaults to ``true``. + +### API Changes + - Added ``CreateChannelSidebarCategory``, ``GetChannelSidebarCategories`` and ``UpdateChannelSidebarCategories`` to the Plugin API. + - Add a new Plugin API method that allows files to register dropdown menu actions. + +### Go Version + - v5.38 is built with Go ``1.16.0``. + +### Open Source Components + - Added ``classnames`` and ``react-window`` to https://github.com/mattermost/mattermost-webapp/. + - Added ``@react-native-community/datetimepicker``, ``array.prototype.flat``, and ``base-64`` to https://github.com/mattermost/mattermost-mobile/. + +### Upcoming Deprecations in Mattermost v6.0 + +The following deprecations are planned for the Mattermost v6.0 release, which is scheduled for 2021/09/15. This list is subject to change prior to the release. + +1. [Legacy Command Line Tools](https://docs.mattermost.com/manage/command-line-tools.html). All commands have been fully replaced by [mmctl](https://docs.mattermost.com/manage/mmctl-command-line-tool.html) and new commands have been added over the last few months, making this tool a full and robust replacement. + +2. [Slack Import via the web app](https://docs.mattermost.com/onboard/migrating-to-mattermost.html#migrating-from-slack-using-the-mattermost-web-app). The Slack import tool accessible via the Team Setting menu is being replaced by the [mmetl](https://docs.mattermost.com/onboard/migrating-to-mattermost.html#migrating-from-slack-using-the-mattermost-mmetl-tool-and-bulk-import) tool that is much more comprehensive for the types of data it can assist in uploading. + +3. MySQL versions below 5.7.7. Minimum support will now be for 5.7.12. This version introduced a native JSON data type that lets us improve performance and scalability of several database fields (most notably Users and Posts props). Additionally, version 5.6 (our current minimum version) reached [EOL in February 2021](https://www.mysql.com/support/eol-notice.html). + +4. Elasticsearch 5 and 6 - [versions 5.x reached EOL in March of 2019, and versions 6.x reached EOL in November 2020](https://www.elastic.co/support/eol). Our minimal supported version with Mattermost v6.0 will be Elasticsearch version 7.0. + +5. Windows 7 reached [EOL in January 2020](https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962). We will no longer provide support for Mattermost Desktop App issues on Windows 7. + +6. [DisableLegacyMFAEndpoint](https://docs.mattermost.com/configure/configuration-settings.html#disable-legacy-mfa-api-endpoint) configuration setting. + +7. [Experimental Timezone](https://docs.mattermost.com/configure/configuration-settings.html#timezone) configuration setting. + +8. All legacy channel sidebar experimental configuration settings. We encourage customers using these settings to upgrade to v5.32 or later to access [custom, collapsible channel categories](https://mattermost.com/blog/custom-collapsible-channel-categories/) among many other channel organization features. The settings being deprecated include: + + - [EnableLegacySidebar](https://docs.mattermost.com/configure/configuration-settings.html#enable-legacy-sidebar) + - [ExperimentalTownSquareIsReadOnly](https://docs.mattermost.com/configure/configuration-settings.html#town-square-is-read-only-experimental) + - [ExperimentalHideTownSquareinLHS](https://docs.mattermost.com/configure/configuration-settings.html#town-square-is-hidden-in-left-hand-sidebar-experimental) + - [EnableXToLeaveChannelsFromLHS](https://docs.mattermost.com/configure/configuration-settings.html#enable-x-to-leave-channels-from-left-hand-sidebar-experimental) + - [CloseUnusedDirectMessages](https://docs.mattermost.com/configure/configuration-settings.html#autoclose-direct-messages-in-sidebar-experimental) + - [ExperimentalChannelOrganization](https://docs.mattermost.com/configure/configuration-settings.html#sidebar-organization) + - [ExperimentalChannelSidebarOrganization](https://docs.mattermost.com/configure/configuration-settings.html#experimental-sidebar-features) + +9. [All configuration settings previously marked as “Deprecated”](https://docs.mattermost.com/configure/configuration-settings.html#deprecated-configuration-settings). + +10. Changes to ``mattermost-server/model`` for naming consistency. + +### Known Issues + - Deleted posts get displayed in channels without new activity after the data retention job is run [MM-36574](https://mattermost.atlassian.net/browse/MM-36574). + - Known issues related to the new collapsed reply threads (Beta) are [listed here](https://docs.mattermost.com/messaging/organizing-conversations.html#known-issues). + - Adding an at-mention at the start of a post draft and pressing the leftwards or rightwards arrow can clear the post draft and the undo history [MM-33823](https://mattermost.atlassian.net/browse/MM-33823). + - Emoji counter in the center channel doesn't always update immediately when a reaction is added in the right-hand side [MM-31994](https://mattermost.atlassian.net/browse/MM-31994). + - Fields on the right column in a message attachment render unevenly [MM-36943](https://mattermost.atlassian.net/browse/MM-36943). + - Pinned posts are no longer highlighted. + - Google login fails on the Classic mobile apps. + - Status may sometimes get stuck as **Away** or **Offline** in High Availability mode with IP Hash turned off. + - Searching stop words in quotation marks with Elasticsearch enabled returns more than just the searched terms. + - The team sidebar on the desktop app does not update when channels have been read on mobile. + - Slack import through the CLI fails if email notifications are enabled. + - Push notifications don't always clear on iOS when running Mattermost in High Availability mode. + +### Contributors + - [abdulsmapara](https://github.com/abdulsmapara), [abdusabri](https://github.com/abdusabri), [Adovenmuehle](https://github.com/Adovenmuehle), [aeomin](https://github.com/aeomin), [agarciamontoro](https://github.com/agarciamontoro), [agnivade](https://github.com/agnivade), [ahmaddanialmohd](https://github.com/ahmaddanialmohd), [aidapira](https://github.com/aidapira), [ali-farooq0](https://github.com/ali-farooq0), [amyblais](https://github.com/amyblais), [amynicol1985](https://github.com/amynicol1985), [angeloskyratzakos](https://github.com/angeloskyratzakos), [ankallio](https://github.com/ankallio), [arvinDarmawan](https://github.com/arvinDarmawan), [asaadmahmood](https://github.com/asaadmahmood), [ashishbhate](https://github.com/ashishbhate), [AugustasV](https://github.com/AugustasV), [avasconcelos114](https://github.com/avasconcelos114), [BaaaZen](https://github.com/BaaaZen), [bbodenmiller](https://github.com/bbodenmiller), [bill2004158](https://github.com/bill2004158), [bradjcoughlin](https://github.com/bradjcoughlin), [calebroseland](https://github.com/calebroseland), [catalintomai](https://github.com/catalintomai), [chakatz](https://github.com/chakatz), [chenilim](https://github.com/chenilim), [chikei](https://github.com/chikei), [coltoneshaw](https://github.com/coltoneshaw), [cpanato](https://github.com/cpanato), [cpoile](https://github.com/cpoile), [crspeller](https://github.com/crspeller), [ctlaltdieliet](https://github.com/ctlaltdieliet), [cwarnermm](https://github.com/cwarnermm), [danielhelfand](https://github.com/danielhelfand), [DanielSz50](https://github.com/DanielSz50), [dantepippi](https://github.com/dantepippi), [darkLord19](https://github.com/darkLord19), [Dartui](https://github.com/Dartui), [dbejanishvili](https://github.com/dbejanishvili), [deanwhillier](https://github.com/deanwhillier), [denniskamp](https://github.com/denniskamp), [devinbinnie](https://github.com/devinbinnie), [ditsemto](https://github.com/ditsemto), [djanda97](https://github.com/djanda97), [dpanic](https://github.com/dpanic), [emilyhollinger](https://github.com/emilyhollinger), [enahum](https://github.com/enahum), [enelson720](https://github.com/enelson720), [ericjaystevens](https://github.com/ericjaystevens), [esadur](https://github.com/esadur), [esethna](https://github.com/esethna), [ethervoid](https://github.com/ethervoid), [ewwollesen](https://github.com/ewwollesen), [faase](https://github.com/faase), [fakela](https://github.com/fakela), [flynbit](https://github.com/flynbit), [fmunshi](https://github.com/fmunshi), [Francois-D](https://github.com/Francois-D), [gabrieljackson](https://github.com/gabrieljackson), [ghasrfakhri](https://github.com/ghasrfakhri), [gigawhitlocks](https://github.com/gigawhitlocks), [grubbins](https://github.com/grubbins), [gruceqq](https://translate.mattermost.com/user/gruceqq/), [hahmadia](https://github.com/hahmadia), [hannaparks](https://github.com/hannaparks), [hanzei](https://github.com/hanzei), [harshilsharma63](https://github.com/harshilsharma63), [hectorskypl](https://github.com/hectorskypl), [hhhhugi](https://github.com/hhhhugi), [hmhealey](https://github.com/hmhealey), [hryuk](https://github.com/hryuk), [ialorro](https://github.com/ialorro), [icelander](https://github.com/icelander), [iomodo](https://github.com/iomodo), [isacikgoz](https://github.com/isacikgoz), [it33](https://github.com/it33), [jakubnovak998](https://github.com/jakubnovak998), [jasonblais](https://github.com/jasonblais), [javimox](https://github.com/javimox), [jaydeland](https://github.com/jaydeland), [jespino](https://github.com/jespino), [jfrerich](https://github.com/jfrerich), [johnsonbrothers](https://github.com/johnsonbrothers), [josephbaylon](https://github.com/josephbaylon), [joshuabezaleel](https://github.com/joshuabezaleel), [jprusch](https://github.com/jprusch), [jseiser](https://github.com/jseiser), [JtheBAB](https://github.com/JtheBAB), [Jukie](https://github.com/Jukie), [jupenur](https://github.com/jupenur), [justinegeffen](https://github.com/justinegeffen), [jwilander](https://github.com/jwilander), [kaakaa](https://github.com/kaakaa), [kamre](https://github.com/kamre), [kayazeren](https://github.com/kayazeren), [kayron8](https://github.com/kayron8), [khos2ow](https://github.com/khos2ow), [kirkjaa](https://github.com/kirkjaa), [larkox](https://github.com/larkox), [levb](https://github.com/levb), [lfbrock](https://github.com/lfbrock), [lieut-data](https://github.com/lieut-data), [lindalumitchell](https://github.com/lindalumitchell), [lindy65](https://github.com/lindy65), [liusy182](https://github.com/liusy182), [Lyimmi](https://github.com/Lyimmi), [lynn915](https://github.com/lynn915), [M-ZubairAhmed](https://github.com/M-ZubairAhmed), [majdydaood](https://github.com/majdydaood), [marianunez](https://github.com/marianunez), [matthew.williams](https://translate.mattermost.com/user/matthew-w/), [metanerd](https://github.com/metanerd), [mgdelacroix](https://github.com/mgdelacroix), [michaelschiffmm](https://github.com/michaelschiffmm), [mickmister](https://github.com/mickmister), [migbot](https://github.com/migbot), [mlongo4290](https://github.com/mlongo4290), [mrckndt](https://github.com/mrckndt), [mustafayildirim](https://github.com/mustafayildirim), [N3rdP1um23](https://github.com/N3rdP1um23), [natalie-hub](https://github.com/natalie-hub), [nathanaelhoun](https://github.com/nathanaelhoun), [nevyangelova](https://github.com/nevyangelova), [nickmisasi](https://github.com/nickmisasi), [nicolailang](https://github.com/nicolailang), [nikolaizah](https://github.com/nikolaizah), [ofpiyush](https://github.com/ofpiyush), [openmohan](https://github.com/openmohan), [papanireal](https://github.com/papanireal),[phommasy](https://github.com/phommasy), [prapti](https://github.com/prapti), [qerosi](https://github.com/qerosi), [reflog](https://github.com/reflog), [rmatev](https://github.com/rmatev), [rodcorsi](https://github.com/rodcorsi), [ruzaq](https://github.com/ruzaq), [rvillablanca](https://github.com/rvillablanca), [sakaitsu](https://translate.mattermost.com/user/sakaitsu/), [saturninoabril](https://github.com/saturninoabril), [sbishel](https://github.com/sbishel), [scottjr632](https://github.com/scottjr632), [ShehryarShoukat96](https://github.com/ShehryarShoukat96), [shred86](https://github.com/shred86), [skaramanlis](https://github.com/skaramanlis), [sowmiyamuthuraman](https://github.com/sowmiyamuthuraman), [sridhar02](https://github.com/sridhar02), [srkgupta](https://github.com/srkgupta), [stevemudie](https://github.com/stevemudie), [streamer45](https://github.com/streamer45), [stylianosrigas](https://github.com/stylianosrigas), [sudheerDev](https://github.com/sudheerDev), [svelle](https://github.com/svelle), [Szymongib](https://github.com/Szymongib), [TheoVitkovskiy](https://github.com/TheoVitkovskiy), [thePanz](https://github.com/thePanz), [TQuock](https://github.com/TQuock), [TRUNGTar](https://github.com/TRUNGTar), [tsabi](https://translate.mattermost.com/user/tsabi/), [utkuufuk](https://github.com/utkuufuk), [Vars-07](https://github.com/Vars-07), [venhaus](https://github.com/venhaus), [vijaynag-bs](https://github.com/vijaynag-bs), [webchick](https://github.com/webchick), [wget](https://github.com/wget), [wiersgallak](https://github.com/wiersgallak), [wiggin77](https://github.com/wiggin77), [Willyfrog](https://github.com/Willyfrog), [yedamao](https://github.com/yedamao), [Yohannesseifu](https://github.com/Yohannesseifu), [YushiOMOTE](https://github.com/YushiOMOTE) ## Release v5.37 - [Extended Support Release](https://docs.mattermost.com/administration/extended-support-release.html)