From 8915cf7ff981ede38eba1dc1865456bd5e1df7ac Mon Sep 17 00:00:00 2001 From: "Carrie Warner (Mattermost)" <74422101+cwarnermm@users.noreply.github.com> Date: Thu, 14 Nov 2024 11:23:48 -0500 Subject: [PATCH] Connected workspaces rewrites & updates for Beta release (#7575) * Connected workspaces rewrites & updates for Beta release * Added config settings, page redirects * Update source/conf.py * Update source/configure/reporting-configuration-settings.rst Co-authored-by: Miguel de la Cruz * Update source/configure/reporting-configuration-settings.rst Co-authored-by: Miguel de la Cruz * Update source/configure/site-configuration-settings.rst Co-authored-by: Miguel de la Cruz * Update source/configure/site-configuration-settings.rst Co-authored-by: Miguel de la Cruz * Update source/onboard/connected-workspaces.rst Co-authored-by: Miguel de la Cruz * Update source/configure/site-configuration-settings.rst Co-authored-by: Miguel de la Cruz * Added telemetry and deprecated remote cluster config * Updated default value --------- Co-authored-by: Miguel de la Cruz --- source/about/editions-and-offerings.rst | 2 +- source/about/subscription.rst | 2 +- source/conf.py | 19 +- .../deprecated-configuration-settings.rst | 19 +- .../experimental-configuration-settings.rst | 63 +--- .../reporting-configuration-settings.rst | 32 +- .../configure/site-configuration-settings.rst | 69 +++++ .../get-started-with-administration.rst | 4 +- .../images/circle-multiple-outline_F0695.svg | 9 + source/manage/telemetry.rst | 4 +- source/onboard/connected-workspaces.rst | 285 ++++++++++++++++++ source/onboard/shared-channels.rst | 190 ------------ 12 files changed, 422 insertions(+), 276 deletions(-) create mode 100644 source/images/circle-multiple-outline_F0695.svg create mode 100644 source/onboard/connected-workspaces.rst delete mode 100644 source/onboard/shared-channels.rst diff --git a/source/about/editions-and-offerings.rst b/source/about/editions-and-offerings.rst index 562af6310fa..20abcf1ab34 100644 --- a/source/about/editions-and-offerings.rst +++ b/source/about/editions-and-offerings.rst @@ -70,7 +70,7 @@ This offering includes all the features of `Mattermost Professional <#mattermost - :doc:`Advanced configuration of playbook permissions, and analytics dashboards ` - :doc:`Channel export ` - :ref:`Enhanced compliance controls and granular audit logs with data export `. -- :doc:`Advanced collaboration with shared channels across Mattermost instances `. +- :doc:`Advanced collaboration with connected workspaces across Mattermost instances `. - :doc:`High availability support with multi-node database deployment `. - :doc:`Horizontal scaling through cluster-based deployment `. - :doc:`Advanced performance monitoring `. diff --git a/source/about/subscription.rst b/source/about/subscription.rst index 52f56711f7c..d89ca8dee63 100644 --- a/source/about/subscription.rst +++ b/source/about/subscription.rst @@ -126,7 +126,7 @@ How is a user defined for subscriptions? For the purpose of billing, a “user” is any account created in Mattermost that does not show as **Deactivated** in **System Console > User Management > Users**. Guests are also defined as users. -Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`shared channels users `, aren't counted towards the total number of activated users. +Bots, deactivated users, and synthetic users in :doc:`Microsoft Teams integrations ` and :doc:`connected workspace ` users aren't counted towards the total number of activated users. You can review your user count, for billing purposes, by going to **System Console > Site Statistics**, under **Total Activated Users**. diff --git a/source/conf.py b/source/conf.py index 1313bd8b008..f9a62a08888 100644 --- a/source/conf.py +++ b/source/conf.py @@ -1508,7 +1508,7 @@ def setup(_: Sphinx): "configure/configuration-settings.html#user-status-away-timeout": "https://docs.mattermost.com/configure/experimental-configuration-settings.html#user-status-away-timeout", "configure/configuration-settings.html#enable-shared-channels": - "https://docs.mattermost.com/configure/experimental-configuration-settings.html#enable-shared-channels", + "https://docs.mattermost.com/configure/site-configuration-settings.html#enable-connected-workspaces", "configure/configuration-settings.html#enable-bleve-indexing": "https://docs.mattermost.com/configure/experimental-configuration-settings.html#enable-bleve-indexing", "configure/configuration-settings.html#index-directory": @@ -1887,6 +1887,9 @@ def setup(_: Sphinx): "https://docs.mattermost.com/configure/environment-configuration-settings.html#elasticsearch", "configure/database-configuration-settings": "https://docs.mattermost.com/configure/environment-configuration-settings.html#database", +"configure/experimental-configuration-settings.html#enable-shared-channels": + "https://docs.mattermost.com/configure/site-configuration-settings.html#enable-connected-workspaces", + # Deploy redirects "deploy/mobile-apps-faq.html": @@ -3237,6 +3240,18 @@ def setup(_: Sphinx): "https://docs.mattermost.com/onboard/sso-saml.html", "onboard/common-sso-entraid.html": "https://docs.mattermost.com/onboard/sso-entraid.html", +"onboard/shared-channels.html": + "https://docs.mattermost.com/onboard/connected-workspaces.html", +"onboard/shared-channels.html#set-up-shared-channels": + "https://docs.mattermost.com/onboard/connected-workspaces.html#set-up-connected-workspaces", +"onboard/shared-channels.html#create-a-secure-connection-invitation": + "https://docs.mattermost.com/onboard/connected-workspaces.html#create-a-secure-connection", +"onboard/shared-channels.html#accept-a-secure-connection-invitation": + "https://docs.mattermost.com/onboard/connected-workspaces.html#accept-a-connection-invitation", +"onboard/shared-channels.html#share-channels-with-secure-connections": + "https://docs.mattermost.com/onboard/connected-workspaces.html#share-channels-with-secure-connections", +"onboard/shared-channels.html#frequently-asked-questions": + "https://docs.mattermost.com/onboard/connected-workspaces.html#frequently-asked-questions", # Overview redirects "overview/architecture.html": @@ -4046,6 +4061,8 @@ def setup(_: Sphinx): .. |add-user-icon| image:: /images/account-plus-outline_F0801.svg :alt: Account plus outline icon used to add user to a channel. :class: theme-icon +.. |shared| image:: /images/circle-multiple-outline_F0695.svg + :alt: Shared icon indicates channels and their members that are shared across connected Mattermost servers. .. |saved-icon| image:: /images/bookmark_F00C0.svg :alt: Saved icon. :class: theme-icon diff --git a/source/configure/deprecated-configuration-settings.rst b/source/configure/deprecated-configuration-settings.rst index 73399322bb1..6ac78ad710a 100644 --- a/source/configure/deprecated-configuration-settings.rst +++ b/source/configure/deprecated-configuration-settings.rst @@ -834,4 +834,21 @@ This configuration setting disables the ability to send inactivity email notific Disable Apps Bar ~~~~~~~~~~~~~~~~ -This setting disables the Apps Bar and moves all Mattermost integration icons from the vertical pane on the far right back to the channel header. This setting is enabled for all customers by default from Mattermost v8.0. \ No newline at end of file +This setting is enabled for all customers by default from Mattermost v8.0. This setting disables the Apps Bar and moves all Mattermost integration icons from the vertical pane on the far right back to the channel header. + +Remote clusters +~~~~~~~~~~~~~~~ + +*Deprecated in November 16th, 2024 release in favor of Connected Workspaces* + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Enable this setting to add, remove, and view remote clusters for shared channels. + +**True**: System admins can manage remote clusters using the System Console. + +**False**: (**Default**) Remote cluster management is disabled. + ++------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteClusters": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------+ \ No newline at end of file diff --git a/source/configure/experimental-configuration-settings.rst b/source/configure/experimental-configuration-settings.rst index d737dc96a97..24ae195196f 100644 --- a/source/configure/experimental-configuration-settings.rst +++ b/source/configure/experimental-configuration-settings.rst @@ -598,36 +598,6 @@ This setting defines the number of seconds after which the user's status indicat | This feature's ``config.json`` setting is ``"UserStatusAwayTimeout": 300`` with numerical input. | +--------------------------------------------------------------------------------------------------+ -.. config:setting:: exp-enablesharedchannels - :displayname: Enable shared channels (Experimental) - :systemconsole: Experimental > Features - :configjson: ExperimentalSettings:EnableSharedChannels, ExperimentalSettings:EnableRemoteClusterService - :environment: N/A - - Shared channels enables the ability to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any public and private channel. - Both configuration settings must be enabled in order to share channels with secure connections. Only the **Enable Shared Channels** configuration option is available through the System Console. Default value of both settings is **false**. - -Enable shared channels -~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: ../_static/badges/ent-selfhosted-only.rst - :start-after: :nosearch: - -.. raw:: html - -

Also available in legacy Mattermost Enterprise Edition E20

- -Shared channels enables the ability to establish secure connections between Mattermost instances, and invite secured connections to shared channels where secure connections can participate as they would in any public and private channel. Enabling shared channels functionality requires a server restart. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's two ``config.json`` settings include ``"ExperimentalSettings:EnableSharedChannels": false`` with options ``true`` or ``false``, and ``"ExperimentalSettings:EnableRemoteClusterService": false`` with options ``true`` or ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. note:: - - - Both configuration settings must be enabled in order to share channels with secure connections. Only the **Enable Shared Channels** configuration option is available through the System Console. - - System admins for Cloud deployments can submit a request to have the ``EnableRemoteClusterService`` configuration setting enabled in their Cloud instance. - Disable data refetching on browser refocus ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -648,7 +618,7 @@ This setting disables attempts to detect when the computer has woken up and refe **True**: Mattermost won't attempt to detect when the computer has woken up and refetch data. This might reduce the amount of regular network traffic the app is sending. -**False**: (Default) Mattermost attempts to detect when the computer has woken up and refreshes data. +**False**: (**Default**) Mattermost attempts to detect when the computer has woken up and refreshes data. +--------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ExperimentalSettings.DisableWakeUpReconnectHandler": false`` with options ``true`` and ``false``. | @@ -1148,37 +1118,6 @@ This setting isn't available in the System Console and can only be set in ``conf | This feature's ``config.json`` setting is ``"RestrictSystemAdmin": "false"`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------------+ -.. config:setting:: exp-remoteclusters - :displayname: Remote clusters (Experimental) - :systemconsole: N/A - :configjson: RemoteClusters - :environment: N/A - - - **true**: System admins can manage remote clusters using the System Console. - - **false**: **(Default)** Remote cluster management is disabled. - -Remote clusters -~~~~~~~~~~~~~~~ - -.. include:: ../_static/badges/ent-only.rst - :start-after: :nosearch: - -.. raw:: html - -

Also available in legacy Mattermost Enterprise Edition E20

- -This setting isn't available in the System Console and can only be set in ``config.json``. - -Enable this setting to add, remove, and view remote clusters for shared channels. - -**True**: System admins can manage remote clusters using the System Console. - -**False**: Remote cluster management is disabled. - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteClusters": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - .. config:setting:: exp-enableclientcert :displayname: Enable client-side certification (Experimental) :systemconsole: N/A diff --git a/source/configure/reporting-configuration-settings.rst b/source/configure/reporting-configuration-settings.rst index 34c3ccdee13..bdf9016cf8d 100644 --- a/source/configure/reporting-configuration-settings.rst +++ b/source/configure/reporting-configuration-settings.rst @@ -19,21 +19,21 @@ Site statistics

Also available in legacy Mattermost Enterprise Edition E10 or E20

-+----------------------------------------------------------------+-------------------------------------------------------------+ -| View statistics on a wide variety of activities in Mattermost, | - System Config path: **Reporting > Site Statistics** | -| including: users, seats, teams, channels, posts, calls, | - ``config.json setting``: N/A | -| sessions, commands, webhooks, websocket and database | - Environment variable: N/A | -| connections, and collaborative playbooks, | | -+----------------------------------------------------------------+-------------------------------------------------------------+ -| **Notes**: | -| | -| - Bots, deactivated users, and synthetic users in | -| :doc:`Microsoft Teams integrations ` | -| and :doc:`shared channels users ` aren't counted towards the total number of activated users. | -| - For billing purposes, activated guest accounts do consume a licensed seat, which is returned when the guest account is | -| deactivated. This means that guest accounts count as a paid user in your Mattermost | -| :doc:`workspace `. | -+---------------------------------------------------------------+--------------------------------------------------------------+ ++----------------------------------------------------------------+---------------------------------------------------------------------+ +| View statistics on a wide variety of activities in Mattermost, | - System Config path: **Reporting > Site Statistics** | +| including: users, seats, teams, channels, posts, calls, | - ``config.json setting``: N/A | +| sessions, commands, webhooks, websocket and database | - Environment variable: N/A | +| connections, and collaborative playbooks, | | ++----------------------------------------------------------------+---------------------------------------------------------------------+ +| **Notes**: | +| | +| - Bots, deactivated users, and synthetic users in | +| :doc:`Microsoft Teams integrations ` | +| and :doc:`connected workspaces ` users aren't counted towards the total number of activated users. | +| - For billing purposes, activated guest accounts do consume a licensed seat, which is returned when the guest account is | +| deactivated. This means that guest accounts count as a paid user in your Mattermost | +| :doc:`workspace `. | ++---------------------------------------------------------------+----------------------------------------------------------------------+ ---- @@ -51,7 +51,7 @@ Team statistics +---------------------------------------------------------------+---------------------------------------------------------------+ | **Note**: Bots, deactivated users, and synthetic users in | | :doc:`Microsoft Teams integrations ` | -| and :doc:`shared channels users `, aren't counted towards the total number of active users. | +| and :doc:`connected workspaces ` users aren't counted towards the total number of active users. | +---------------------------------------------------------------+---------------------------------------------------------------+ ---- diff --git a/source/configure/site-configuration-settings.rst b/source/configure/site-configuration-settings.rst index 901a9459f28..1e641013713 100644 --- a/source/configure/site-configuration-settings.rst +++ b/source/configure/site-configuration-settings.rst @@ -16,6 +16,7 @@ Both self-hosted and Cloud admins can access the following configuration setting - `File Sharing and Downloads <#file-sharing-and-downloads>`__ - `Public Links <#public-links>`__ - `Notices <#notices>`__ +- `Connected Workspaces <#connected-workspaces>`__ ---- @@ -1722,3 +1723,71 @@ Enable end user notices | - **false**: Users will not receive in-product notices. | - ``config.json`` setting: ``AnnouncementSettings`` > ``UserNoticesEnabled`` > ``true`` | | | - Environment variable: ``MM_ANNOUNCEMENTSETTINGS_USERNOTICESENABLED`` | +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+ + +Connected workspaces +--------------------- + +.. include:: ../_static/badges/ent-cloud-selfhosted.rst + :start-after: :nosearch: + +The following settings aren't available in the System Console and can only be set in ``config.json``. +When connected workspaces are enabled, system admins can :doc:`create and manage connected workspaces ` in the System Console by going to **Site Configuration > Connected Workspaces (Beta)**. + +.. config:setting:: enable-connected-workspace + :displayname: Enable connected workspaces (Beta) + :systemconsole: Site Configuration > Connected Workspaces (Beta) + :configjson: ConnectedWorkspacesSettings.EnableSharedChannels, ConnectedWorkspacesSettings.EnableRemoteClusterService + :environment: N/A + :description: Establish secure connections between Mattermost instances, and invite secured connections to shared channels + +Enable connected workspaces +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable the ability to establish secure connections between Mattermost instances, and invite secured connections to shared channels where users can participate as they would in any public and private channel. +Both configuration settings are disabled by default and must be enabled in order to share channels with secure connections. Enabling connected workspace functionality requires a server restart. + +This feature's two ``config.json`` settings include: + +- ``ConnectedWorkspacesSettings.EnableRemoteClusterService: false`` with options ``true`` and ``false``. +- ``ConnectedWorkspacesSettings.EnableSharedChannels: false`` with options ``true`` and ``false``. + +.. note:: + + - Neither setting is available in the System Console and can only be set in ``config.json``. + - System admins for Cloud deployments can submit a request to have these required configuration settings enabled for their Cloud deployment instance. + +.. config:setting:: disable-status-sync + :displayname: Disable shared channel status sync + :systemconsole: N/A + :configjson: ConnectedWorkspacesSettings.DisableSharedChannelsStatusSync + :environment: N/A + + - **true**: Channel as well as member status and availability isn't synchronized. + - **false**: **(Default)** Channel as well as channel member status and availability is synchronized at regular intervals. + +Disable shared channel status sync +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Disable member status and availability synchronization between connected workspaces. + ++----------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------+ +| - **true**: Channel as well as member status and availability isn't synchronized. | - System Config path: N/A | +| - **false**: **(Default)** Channel as well as channel member status and availability is synchronized at regular intervals. | - ``config.json`` setting: ``ConnectedWorkspacesSettings`` > ``DisableSharedChannelsStatusSync`` > ``false`` | +| | - Environment variable: N/A | ++----------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------+ + +.. config:setting:: default-maxpostspersync + :displayname: Default maximum posts per sync + :systemconsole: N/A + :configjson: ConnectedWorkspacesSettings.DefaultMaxPostsPerSync + :environment: N/A + :description: Define the default maximum number of mesages to synchronize at a time between connected workspaces. Default is 50. + +Default maximum posts per sync +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ++---------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------+ +| Define the default maximum number of mesages to synchronize at a time. | - System Config path: N/A | +| | - ``config.json`` setting: ``ConnectedWorkspacesSettings`` > ``DefaultMaxPostsPerSync`` > ``50`` | +| Default is **50**. | - Environment variable: N/A | ++---------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------+ diff --git a/source/guides/get-started-with-administration.rst b/source/guides/get-started-with-administration.rst index fc9ea13f65e..b2a5d0c0d2b 100644 --- a/source/guides/get-started-with-administration.rst +++ b/source/guides/get-started-with-administration.rst @@ -74,14 +74,14 @@ Advanced workspace management :maxdepth: 1 :hidden: - Shared channels + Connected workspaces Statistics In-product notices User satisfaction surveys System-wide notifications Bulk export tool -* :doc:`Shared channels ` - Connect channels from multiple Mattermost servers in a federated architecture. +* :doc:`Connected workspaces ` - Connect channels from multiple Mattermost servers in a federated architecture. * :doc:`Statistics ` - Get statistics about your Mattermost server usage. * :doc:`In-product notices ` - Get notified about Mattermost updates via in-app notices. * :doc:`User satisfaction surveys ` - Learn about Mattermost user satisfaction surveys and how to configure their operation. diff --git a/source/images/circle-multiple-outline_F0695.svg b/source/images/circle-multiple-outline_F0695.svg new file mode 100644 index 00000000000..a537e234878 --- /dev/null +++ b/source/images/circle-multiple-outline_F0695.svg @@ -0,0 +1,9 @@ + \ No newline at end of file diff --git a/source/manage/telemetry.rst b/source/manage/telemetry.rst index a1718fe5cfb..2930c9103bd 100644 --- a/source/manage/telemetry.rst +++ b/source/manage/telemetry.rst @@ -89,7 +89,7 @@ Server Configuration Settings **Type values (enumerated integer and enumerated boolean)** - **ServiceSettings**: enum WebserverMode, bool EnableSecurityFixAlert, bool EnableInsecureOutgoingConnections, bool EnableIncomingWebhooks, bool EnableOutgoingWebhooks, bool EnableCommands, bool EnableDeveloper, bool EnableOnlyAdminIntegrations, bool EnablePostUsernameOverride, bool EnablePostIconOverride, bool EnableCustomEmoji, enum RestrictCustomEmojiCreation, bool EnableTesting, bool DeveloperFlags, bool EnableClientPerformanceDebugging, bool EnableMultifactorAuthentication, bool EnableOAuthServiceProvider, enum OutgoingIntegrationRequestsDefaultTimeout, enum ConnectionSecurity, bool UseLetsEncrypt, bool Forward80To443, enum ConnectionSecurity, bool TLSStrictTransport, bool EnforceMultifactorAuthentication, bool EnableUserTypingMessages, bool TimeBetweenUserTypingUpdatesMilliseconds, bool EnablePostSearch, bool EnableUserStatuses, bool EnableChannelViewMessages, bool EnableEmojiPicker, bool EnableGifPicker, bool EnableAuthenticationTransfer, enum TeammateNameDisplay, bool EnableUserAccessTokens, enum MaximumLoginAttempts, bool ExtendSessionLengthWithActivity, enum SessionLengthWebInHours, enum SessionLengthMobileInHours, enum SessionLengthSSOInHours, int SessionCacheInMinutes, enum SessionIdleTimeoutInMinutes, enum TimeBetweenUserTypingUpdatesMilliseconds, enum ClusterLogTimeoutMilliseconds, bool CloseUnusedDirectMessages, bool EnablePreviewFeatures, bool EnableTutorial, bool EnableOnboarding, bool ExperimentalEnableDefaultChannelLeaveJoinMessages, bool ExperimentalGroupUnreadChannels, bool AllowCookiesForSubdomains, bool EnableAPITeamDeletion, bool EnableAPITriggerAdminNotifications, bool EnableAPIUserDeletion, bool EnableAPIChannelDeletion, bool ExperimentalEnableHardenedMode, bool DisableLegacyMFA, bool ExperimentalStrictCSRFEnforcement, bool EnableEmailInvitations, bool ExperimentalChannelOrganization, bool EnableLegacySidebar, bool CorsAllowCredentials, bool CorsDebug, bool DisableBotsWhenOwnerIsDeactivated, bool EnableBotAccountCreation, bool RestrictLinkPreviews, bool EnablePermalinkPreviews, bool EnableSVGs, bool EnableLatex, bool EnableInlineLatex, bool EnableOpenTracing, bool Directory, bool RetentionDays, bool EnableLocalMode; **TeamSettings**: bool EnableUserCreation, bool EnableTeamCreation, bool RestrictTeamNames, bool EnableOpenServer, bool EnableUserDeactivation, bool EnableCustomBrand, bool RestrictDirectMessage, enum MaxNotificationsPerChannel, bool EnableConfirmNotificationsToChannel; enum MaxUsersPerTeam, enum MaxChannelsPerTeam, bool EnableJoinLeaveMessageByDefault, bool EnableCustomUserStatuses, bool EnableLastActiveTime, bool RefreshPostStatsRunTime, bool ExperimentalTownSquareIsReadOnly, bool ExperimentalHideTownSquareinLHS, bool EnableXToLeaveChannelsFromLHS, bool ExperimentalEnableAutomaticReplies, bool ExperimentalViewArchivedChannels, bool LockTeammateNameDisplay, bool MaxFieldSize; **ClientRequirementSettings**: enum AndroidLatestVersion; **GuestAccountsSettings**: bool Enable, bool AllowEmailAccounts, bool EnforceMultifactorAuthentication; **SqlSettings**: enum DriverName, bool Trace, enum ConnMaxIdleTimeMilliseconds, bool ConnMaxLifetimeMilliseconds; enum MaxOpenConns, enum QueryTimeout, bool DisableDatabaseSearch; **LogSettings**: bool EnableConsole, enum ConsoleLevel, bool ConsoleJson, bool EnableFile, enum FileLevel, bool FileJson, bool EnableWebhookDebugging; **NotificationLogSettings**: bool EnableConsole, bool ConsoleLevel, bool ConsoleJson, bool EnableFile, bool FileLevel, bool FileJson **PasswordSettings**: bool Lowercase, bool Number, bool Uppercase, bool Symbol, enum MinimumLength; **FileSettings**: bool EnablePublicLink, enum DriverName, enum MaxFileSize, enum FileSettings.MaxImageResolution, enum MaxImageDecoderConcurrency, bool FileSettings.ExtractContent, bool FileSettings.ArchiveRecursion, bool AmazonS3SSL, bool AmazonS3SignV2, bool AmazonS3SSE, bool AmazonS3Trace, bool MaximumPayloadSizeBytes, bool MaximumPayloadSizeBytes, bool EnableFileAttachments, bool EnableMobileUpload, bool EnableMobileDownload; **EmailSettings**: bool EnableSignUpWithEmail, bool EnableSignInWithEmail, bool EnableSignInWithUsername, bool RequireEmailVerification, bool SendEmailNotifications, bool UseChannelInEmailNotifications, bool EmailNotificationContentsType, bool EnableSMTPAuth, enum ConnectionSecurity, bool SendPushNotifications, enum PushNotificationContents, bool EnableEmailBatching, bool SkipServerCertificateVerification, enum EmailBatchingBufferSize, enum EmailBatchingInterval, bool EnablePreviewModeBanner, enum SMTPServerTimeout; **MessageExportSettings**: bool DownloadExportResults; **RateLimitSettings**: bool EnableRateLimiter, bool VaryByRemoteAddr, bool VaryByUser, enum PerSec, enum MaxBurst, enum MemoryStoreSize; **PrivacySettings**: bool ShowEmailAddress, bool ShowFullName; **ThemeSettings**: bool EnableThemeSelection, bool AllowCustomThemes; **GitLabSettings**: bool Enable; **GoogleSettings**: bool Enable; **Office365Settings**: bool Enable; **SupportSettings**: bool CustomTermsOfServiceEnabled; enum CustomTermsOfServiceReAcceptancePeriod; **LdapSettings**: bool Enable, bool EnableSync, enum ConnectionSecurity, bool SkipCertificateVerification, enum SyncIntervalMinutes, enum QueryTimeout, enum MaxPageSize, bool EnableAdminFilter; **ComplianceSettings**: bool Enable, bool EnableDaily; **LocalizationSettings**: enum DefaultServerLocale, enum DefaultClientLocale, enum AvailableLocales; **SamlSettings**: bool Enable, bool EnableSyncWithLdap, bool IgnoreGuestsLdapSync, bool EnableSyncWithLdapIncludeAuth, bool Verify, bool Encrypt, bool SignRequest, bool EnableAdminFilter; **ClusterSettings**: bool Enable, bool UseIpAddress, bool ReadOnlyConfig, bool EnableExperimentalGossipEncryption, bool EnableGossipCompression; **MetricsSettings**: bool Enable, bool EnableClientMetrics, bool EnableNotificationMetrics, enum BlockProfileRate; **WebrtcSettings** (only in v5.5 and earlier): bool Enable; **ExperimentalSettings** bool ClientSideCertEnable, bool EnablePostMetadata, bool LinkMetadataTimeoutMilliseconds, bool EnableClickToReply, bool RestrictSystemAdmin, bool CloudBilling, bool RemoteClusters, bool EnableSharedChannels, bool EnableRemoteClusterService, bool Disableappbar, bool AllowSyncedDrafts, bool YoutubeReferrerPolicy; **AnnouncementSettings**: bool EnableBanner, bool AllowBannerDismissal, bool AdminNoticesEnabled, bool UserNoticesEnabled; **ElasticsearchSettings**: bool EnableIndexing, bool EnableSearching, bool Sniff, enum PostIndexReplicas, enum PostIndexShards, enum LiveIndexingBatchSize, enum BatchSize, bool SkipTLSVerification, bool Trace; **PluginSettings**: bool Enable, bool EnableUploads, bool EnableHealthCheck, bool EnableMarketplace, bool EnableRemoteMarketplace, bool AutomaticPrepackagedPlugins, bool RequirePluginSignature; **DataRetentionSettings**: bool EnableMessageDeletion, bool MessageRetentionDays, bool AllowInsecureDownloadUrl, bool EnableFileDeletion, bool FileRetentionDays, enum DeletionJobStartTime; **MessageExportSettings**: bool EnableExport, enum ExportFormat, enum DailyRunTime, enum ExportFromTimestamp, enum BatchSize, enum GlobalRelaySettings.CustomerType; **ExperimentalAuditSettings**: bool SysLogEnabled, bool SysLogInsecure, enum SysLogMaxQueueSize, bool FileEnabled, enum FileMaxSizeMB, enum FileMaxAgeDays, bool FileMaxBackups, bool FileCompress, enum FileMaxQueueSize; **BleveSettings**: bool EnableIndexing, bool EnableSearching, bool EnableAutocomplete, enum BatchSize; bool FeatureFlags + **ServiceSettings**: enum WebserverMode, bool EnableSecurityFixAlert, bool EnableInsecureOutgoingConnections, bool EnableIncomingWebhooks, bool EnableOutgoingWebhooks, bool EnableCommands, bool EnableDeveloper, bool EnableOnlyAdminIntegrations, bool EnablePostUsernameOverride, bool EnablePostIconOverride, bool EnableCustomEmoji, enum RestrictCustomEmojiCreation, bool EnableTesting, bool DeveloperFlags, bool EnableClientPerformanceDebugging, bool EnableMultifactorAuthentication, bool EnableOAuthServiceProvider, enum OutgoingIntegrationRequestsDefaultTimeout, enum ConnectionSecurity, bool UseLetsEncrypt, bool Forward80To443, enum ConnectionSecurity, bool TLSStrictTransport, bool EnforceMultifactorAuthentication, bool EnableUserTypingMessages, bool TimeBetweenUserTypingUpdatesMilliseconds, bool EnablePostSearch, bool EnableUserStatuses, bool EnableChannelViewMessages, bool EnableEmojiPicker, bool EnableGifPicker, bool EnableAuthenticationTransfer, enum TeammateNameDisplay, bool EnableUserAccessTokens, enum MaximumLoginAttempts, bool ExtendSessionLengthWithActivity, enum SessionLengthWebInHours, enum SessionLengthMobileInHours, enum SessionLengthSSOInHours, int SessionCacheInMinutes, enum SessionIdleTimeoutInMinutes, enum TimeBetweenUserTypingUpdatesMilliseconds, enum ClusterLogTimeoutMilliseconds, bool CloseUnusedDirectMessages, bool EnablePreviewFeatures, bool EnableTutorial, bool EnableOnboarding, bool ExperimentalEnableDefaultChannelLeaveJoinMessages, bool ExperimentalGroupUnreadChannels, bool AllowCookiesForSubdomains, bool EnableAPITeamDeletion, bool EnableAPITriggerAdminNotifications, bool EnableAPIUserDeletion, bool EnableAPIChannelDeletion, bool ExperimentalEnableHardenedMode, bool DisableLegacyMFA, bool ExperimentalStrictCSRFEnforcement, bool EnableEmailInvitations, bool ExperimentalChannelOrganization, bool EnableLegacySidebar, bool CorsAllowCredentials, bool CorsDebug, bool DisableBotsWhenOwnerIsDeactivated, bool EnableBotAccountCreation, bool RestrictLinkPreviews, bool EnablePermalinkPreviews, bool EnableSVGs, bool EnableLatex, bool EnableInlineLatex, bool EnableOpenTracing, bool Directory, bool RetentionDays, bool EnableLocalMode; **TeamSettings**: bool EnableUserCreation, bool EnableTeamCreation, bool RestrictTeamNames, bool EnableOpenServer, bool EnableUserDeactivation, bool EnableCustomBrand, bool RestrictDirectMessage, enum MaxNotificationsPerChannel, bool EnableConfirmNotificationsToChannel; enum MaxUsersPerTeam, enum MaxChannelsPerTeam, bool EnableJoinLeaveMessageByDefault, bool EnableCustomUserStatuses, bool EnableLastActiveTime, bool RefreshPostStatsRunTime, bool ExperimentalTownSquareIsReadOnly, bool ExperimentalHideTownSquareinLHS, bool EnableXToLeaveChannelsFromLHS, bool ExperimentalEnableAutomaticReplies, bool ExperimentalViewArchivedChannels, bool LockTeammateNameDisplay, bool MaxFieldSize; **ClientRequirementSettings**: enum AndroidLatestVersion; **GuestAccountsSettings**: bool Enable, bool AllowEmailAccounts, bool EnforceMultifactorAuthentication; **SqlSettings**: enum DriverName, bool Trace, enum ConnMaxIdleTimeMilliseconds, bool ConnMaxLifetimeMilliseconds; enum MaxOpenConns, enum QueryTimeout, bool DisableDatabaseSearch; **LogSettings**: bool EnableConsole, enum ConsoleLevel, bool ConsoleJson, bool EnableFile, enum FileLevel, bool FileJson, bool EnableWebhookDebugging; **NotificationLogSettings**: bool EnableConsole, bool ConsoleLevel, bool ConsoleJson, bool EnableFile, bool FileLevel, bool FileJson **PasswordSettings**: bool Lowercase, bool Number, bool Uppercase, bool Symbol, enum MinimumLength; **FileSettings**: bool EnablePublicLink, enum DriverName, enum MaxFileSize, enum FileSettings.MaxImageResolution, enum MaxImageDecoderConcurrency, bool FileSettings.ExtractContent, bool FileSettings.ArchiveRecursion, bool AmazonS3SSL, bool AmazonS3SignV2, bool AmazonS3SSE, bool AmazonS3Trace, bool MaximumPayloadSizeBytes, bool MaximumPayloadSizeBytes, bool EnableFileAttachments, bool EnableMobileUpload, bool EnableMobileDownload; **EmailSettings**: bool EnableSignUpWithEmail, bool EnableSignInWithEmail, bool EnableSignInWithUsername, bool RequireEmailVerification, bool SendEmailNotifications, bool UseChannelInEmailNotifications, bool EmailNotificationContentsType, bool EnableSMTPAuth, enum ConnectionSecurity, bool SendPushNotifications, enum PushNotificationContents, bool EnableEmailBatching, bool SkipServerCertificateVerification, enum EmailBatchingBufferSize, enum EmailBatchingInterval, bool EnablePreviewModeBanner, enum SMTPServerTimeout; **MessageExportSettings**: bool DownloadExportResults; **RateLimitSettings**: bool EnableRateLimiter, bool VaryByRemoteAddr, bool VaryByUser, enum PerSec, enum MaxBurst, enum MemoryStoreSize; **PrivacySettings**: bool ShowEmailAddress, bool ShowFullName; **ThemeSettings**: bool EnableThemeSelection, bool AllowCustomThemes; **GitLabSettings**: bool Enable; **GoogleSettings**: bool Enable; **Office365Settings**: bool Enable; **SupportSettings**: bool CustomTermsOfServiceEnabled; enum CustomTermsOfServiceReAcceptancePeriod; **LdapSettings**: bool Enable, bool EnableSync, enum ConnectionSecurity, bool SkipCertificateVerification, enum SyncIntervalMinutes, enum QueryTimeout, enum MaxPageSize, bool EnableAdminFilter; **ComplianceSettings**: bool Enable, bool EnableDaily; **LocalizationSettings**: enum DefaultServerLocale, enum DefaultClientLocale, enum AvailableLocales; **SamlSettings**: bool Enable, bool EnableSyncWithLdap, bool IgnoreGuestsLdapSync, bool EnableSyncWithLdapIncludeAuth, bool Verify, bool Encrypt, bool SignRequest, bool EnableAdminFilter; **ClusterSettings**: bool Enable, bool UseIpAddress, bool ReadOnlyConfig, bool EnableExperimentalGossipEncryption, bool EnableGossipCompression; **MetricsSettings**: bool Enable, bool EnableClientMetrics, bool EnableNotificationMetrics, enum BlockProfileRate; **WebrtcSettings** (only in v5.5 and earlier): bool Enable; **ExperimentalSettings** bool ClientSideCertEnable, bool EnablePostMetadata, bool LinkMetadataTimeoutMilliseconds, bool EnableClickToReply, bool RestrictSystemAdmin, bool CloudBilling, bool AllowSyncedDrafts, bool YoutubeReferrerPolicy; **AnnouncementSettings**: bool EnableBanner, bool AllowBannerDismissal, bool AdminNoticesEnabled, bool UserNoticesEnabled; **ElasticsearchSettings**: bool EnableIndexing, bool EnableSearching, bool Sniff, enum PostIndexReplicas, enum PostIndexShards, enum LiveIndexingBatchSize, enum BatchSize, bool SkipTLSVerification, bool Trace; **PluginSettings**: bool Enable, bool EnableUploads, bool EnableHealthCheck, bool EnableMarketplace, bool EnableRemoteMarketplace, bool AutomaticPrepackagedPlugins, bool RequirePluginSignature; **DataRetentionSettings**: bool EnableMessageDeletion, bool MessageRetentionDays, bool AllowInsecureDownloadUrl, bool EnableFileDeletion, bool FileRetentionDays, enum DeletionJobStartTime; **MessageExportSettings**: bool EnableExport, enum ExportFormat, enum DailyRunTime, enum ExportFromTimestamp, enum BatchSize, enum GlobalRelaySettings.CustomerType; **ExperimentalAuditSettings**: bool SysLogEnabled, bool SysLogInsecure, enum SysLogMaxQueueSize, bool FileEnabled, enum FileMaxSizeMB, enum FileMaxAgeDays, bool FileMaxBackups, bool FileCompress, enum FileMaxQueueSize; **BleveSettings**: bool EnableIndexing, bool EnableSearching, bool EnableAutocomplete, enum BatchSize; bool FeatureFlags **Counts (integer)** @@ -97,7 +97,7 @@ Server Configuration Settings **True/false (boolean)** value whether setting remains default (true) or non-default (false). **NOTE: No input data is used**: - **ServiceSettings**: bool SiteURL, bool WebsocketURL, bool TLSCertFile, bool TLSKeyFile, bool ReadTimeout, bool WriteTimeout,bool IdleTimeout, bool GoogleDeveloperKey, bool AllowCorsFrom, bool CorsExposedHeaders, bool AllowedUntrustedInternalConnections, bool ManagedResourcePaths, bool CollapsedThreads, bool PostPriority, bool AllowPersistentNotifications, bool PersistentNotificationMaxCount, bool PersistentNotificationIntervalMinutes, bool PersistentNotificationMaxRecipients; **TeamSettings**: bool SiteName, bool CustomBrandText, bool CustomDescriptionText, bool UserStatusAwayTimeout, bool ExperimentalPrimaryTeam; **DisplaySettings**: bool CustomUrlSchemes, bool MaxMarkdownNodes; **GuestAccountSettings**: bool RestrictCreationToDomains, bool EnforceMultifactorAuthentication, bool HideTags; **LogSettings**: bool FileLocation; **NotificationLogSettings**: bool FileLocation; **EmailSettings**: bool FeedbackName, bool FeedbackEmail, bool FeedbackOrganization, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool ImageProxyType, bool ImageProxyURL, bool ImageProxyOptions; **RateLimitSettings**: bool VaryByHeader; **SupportSettings**: bool TermsOfServiceLink, bool PrivacyPolicyLink, bool AboutLink, bool HelpLink, bool ReportAProblemLink, bool AppCustomURLSchemes, bool MobileExternalBrowser bool SupportEmail; **ThemeSettings**: bool DefaultTheme; **LdapSettings**: bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool IdAttribute, bool PositionAttribute, bool LoginFieldName, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool GroupFilter, bool GroupDisplayNameAttribute, bool GroupIdAttribute, bool GuestFilter, bool AdminFilter; **SamlSettings**: bool SignatureAlgorithm, bool CanonicalAlgorithm, bool ScopingIDPProviderId, bool ScopingIDPName, bool IdAttribute, bool GuestAttribute, bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool LocaleAttribute, bool PositionAttribute, bool LoginIdAttribute, bool LoginButtonText, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool AdminFilter; **NativeAppSettings**: bool AppDownloadLink, bool AndroidAppDownloadLink, bool IosAppDownloadLink; **WebrtcSettings** (only in v5.5 and earlier): bool StunURI, bool TurnURI; **ClusterSettings**: bool NetworkInterface, bool BindAddress, bool AdvertiseAddress; **MetricsSettings**: bool BlockProfileRate; **AnalyticsSettings**: bool MaxUsersForStatistics; **ExperimentalSettings** bool ClientSideCertCheck; **AnnouncementSettings**: bool BannerColor, bool BannerTextColor; **ElasticsearchSettings**: bool ConnectionUrl, bool Username, bool Password, bool IndexPrefix; **PluginSettings**: bool MarketplaceUrl, bool SignaturePublicKeyFiles, bool ChimeraOAuthProxyUrl; **MessageExportSettings**: bool GlobalRelaySettings.SmtpUsername, bool GlobalRelaySettings.SmtpPassword, bool GlobalRelaySettings.EmailAddress + **ServiceSettings**: bool SiteURL, bool WebsocketURL, bool TLSCertFile, bool TLSKeyFile, bool ReadTimeout, bool WriteTimeout,bool IdleTimeout, bool GoogleDeveloperKey, bool AllowCorsFrom, bool CorsExposedHeaders, bool AllowedUntrustedInternalConnections, bool ManagedResourcePaths, bool CollapsedThreads, bool PostPriority, bool AllowPersistentNotifications, bool PersistentNotificationMaxCount, bool PersistentNotificationIntervalMinutes, bool PersistentNotificationMaxRecipients; **TeamSettings**: bool SiteName, bool CustomBrandText, bool CustomDescriptionText, bool UserStatusAwayTimeout, bool ExperimentalPrimaryTeam; **DisplaySettings**: bool CustomUrlSchemes, bool MaxMarkdownNodes; **GuestAccountSettings**: bool RestrictCreationToDomains, bool EnforceMultifactorAuthentication, bool HideTags; **LogSettings**: bool FileLocation; **NotificationLogSettings**: bool FileLocation; **EmailSettings**: bool FeedbackName, bool FeedbackEmail, bool FeedbackOrganization, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool ImageProxyType, bool ImageProxyURL, bool ImageProxyOptions; **RateLimitSettings**: bool VaryByHeader; **SupportSettings**: bool TermsOfServiceLink, bool PrivacyPolicyLink, bool AboutLink, bool HelpLink, bool ReportAProblemLink, bool AppCustomURLSchemes, bool MobileExternalBrowser bool SupportEmail; **ThemeSettings**: bool DefaultTheme; **LdapSettings**: bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool IdAttribute, bool PositionAttribute, bool LoginFieldName, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool GroupFilter, bool GroupDisplayNameAttribute, bool GroupIdAttribute, bool GuestFilter, bool AdminFilter; **SamlSettings**: bool SignatureAlgorithm, bool CanonicalAlgorithm, bool ScopingIDPProviderId, bool ScopingIDPName, bool IdAttribute, bool GuestAttribute, bool FirstNameAttribute, bool LastNameAttribute, bool EmailAttribute, bool UserNameAttribute, bool NicknameAttribute, bool LocaleAttribute, bool PositionAttribute, bool LoginIdAttribute, bool LoginButtonText, bool LoginButtonColor, bool LoginButtonBorderColor, bool LoginButtonTextColor, bool AdminFilter; **NativeAppSettings**: bool AppDownloadLink, bool AndroidAppDownloadLink, bool IosAppDownloadLink; **WebrtcSettings** (only in v5.5 and earlier): bool StunURI, bool TurnURI; **ClusterSettings**: bool NetworkInterface, bool BindAddress, bool AdvertiseAddress; **MetricsSettings**: bool BlockProfileRate; **AnalyticsSettings**: bool MaxUsersForStatistics; **ExperimentalSettings** bool ClientSideCertCheck; **AnnouncementSettings**: bool BannerColor, bool BannerTextColor; **ElasticsearchSettings**: bool ConnectionUrl, bool Username, bool Password, bool IndexPrefix; **PluginSettings**: bool MarketplaceUrl, bool SignaturePublicKeyFiles, bool ChimeraOAuthProxyUrl; **MessageExportSettings**: bool GlobalRelaySettings.SmtpUsername, bool GlobalRelaySettings.SmtpPassword, bool GlobalRelaySettings.EmailAddress; **ConnectedWorkspacesSettings**: bool EnableSharedChannels, bool EnableRemoteClusterService, bool DisableSharedChannelsStatusSync, bool DefaultMaxPostsPerSync. Commercial License Information (Enterprise Edition only) Information about commercial license key purchased or trial license key used for Enterprise Edition servers: Company ID, license ID, license issue date, license start date, license expiry date, number of licensed users, license name, list of unlocked subscription features. diff --git a/source/onboard/connected-workspaces.rst b/source/onboard/connected-workspaces.rst new file mode 100644 index 00000000000..ba98f64ec1b --- /dev/null +++ b/source/onboard/connected-workspaces.rst @@ -0,0 +1,285 @@ +Connected workspaces (Beta) +============================== + +.. include:: ../_static/badges/ent-cloud-selfhosted.rst + :start-after: :nosearch: + +Communicate across organizations, as well as external partners and vendors using Mattermost by synchronizing messages, emoji reactions, and file sharing in real-time through secured, connected Mattermost workspaces. + +Connected workspaces in Mattermost behave like regular public and private channels and offer the same user experience and functionality. All members using secure connections, including local members and remote members, can :doc:`send and receive channel messages `, :doc:`use emojis ` to react to messages, :doc:`share files `, and :doc:`search message history `. Content is synchronized across all participating Mattermost instances. + +.. important:: + + The ability to create a direct or group message with remote users through connected workspaces isn't supported. However, to maintain backwards compatibility with experimental shared channels functionality available prior to Mattermost v10.2, system admins must enable the ``EnableSharedChannelsDMs`` feature flag to continue creating direct messages with remote users across connected workspaces. + +A channel’s permissions and access continues to be governed by each server separately. :ref:`Advanced access control ` permissions can be applied to a shared channel, and be in effect on the local Mattermost server while not being in effect on a remote Mattermost server. + +Set up connected workspaces +--------------------------- + +The process of connecting Mattermost workspaces involves the following 4 steps: + +1. Each system admin of a Mattermost instance who wants to connect to another Mattermost workspaces must `enable the connected workflows functionality <#enable-connected-workflows>`__. + +2. Using the System Console or slash commands, system admins create a secure and trusted connection with other Mattermost Enterprise instances. This process involves creating a password-protected, encrypted invitation, creating a strong decryption password, then sending the invitation and password to the system admin of a remote Mattermost instance. + +3. Using the System Console or slash commands, a remote system admin receives the invitation and `accepts the invitation <#accept-a-secure-connection-invitation>`__. + +4. Once a trusted relationship is established between 2 Mattermost servers, system admins can `share specific public or private channels <#share-channels-with-secure-connections>`__ with secure connections. + +.. note:: + + - System admins can only create secure connections with other Mattermost Enterprise instances, and can only share channels with secured connections. + - System admins must use Mattermost to generate a password-protected encrypted invitation code. However, sending secure connection invitations is not completed using Mattermost. System admins must have an independent way to extend the secure connection invitation, such as by email. + - A channel shared by a host organization cannot be shared from the receiving organization to another organization. Organizations can't share a channel originating from another organization. + +Enable connected workflows +--------------------------- + +System admins must enable connected workspaces functionality for their Mattermost instance. Ensure the following configuration settings are set to ``true`` in ``config.json``: + +- ``ConnectedWorkspacesSettings.EnableRemoteClusterService = true`` +- ``ConnectedWorkspacesSettings.EnableSharedChannels = true`` + +See the :ref:`Site Configuration Settings ` documentation for details. + +Create a secure connection +--------------------------- + +.. tab:: System Console + + Only system admins can create workspace connections using the System Console. + + 1. Go to **Site Configuration > Connected Workspaces (Beta)**. + 2. Under **Connected Workspaces**, select **Add a connection**, and then select **Create a connection**. + 3. Specify the **Organization Name** for this connection. The remote system admin must specify this name when accepting a connection invitation. + 4. Select the **Destination Team** as the default team where shared channels will be added. + 5. Select **Save**. + + An invitation consisting of a password-protected AES 256-bit encrypted code blob is generated. The connection is labeled as **Connection Pending** until the remote system admin accepts the invitation. + +.. tab:: Slash Commands + + By default, only system admins can use slash commands to create workspace connections. You can grant the ability to **Manage Shared Channels** and **Managed Secure Connections** to Mattermost users by modifying permissions of the :ref:`system scheme ` or :ref:`team override scheme `. + + System admins can :doc:`run the following slash command ` to create a secure connection invitation: + + ``/secure-connection create --name <--displayname> --password`` + + For example: + + ``/secure-connection create --name AcmeUS --displayname “AcmeUSA” --password examplepassword`` + + This slash command creates an invitation consisting of a password-protected AES 256-bit encrypted code blob for a remote Mattermost entity known locally as ``AcmeUS`` with a password of ``examplepassword``. Within Mattermost, this shared connection displays to the local system admin based on the ``name`` and ``displayname`` provided. + +Extend the invitation +~~~~~~~~~~~~~~~~~~~~~~ + +.. important:: + + - You must use a system, other than Mattermost, to share invitation codes and passwords. We strongly recommend sharing invitation codes separately from passwords to ensure that no one has all of the data necessary to take action if the message were compromised. + - Ensure the remote Mattermost instance can access your Mattermost workspace URL. + +.. tab:: System Console + + Once you've created a connection in the System Console, you're prompted to share the invitation code and password with the system admin of the remote Mattermost server you want to connect with. Copy both the invitation code and password to a safe location, then select **Done**. + +.. tab:: Slash Commands + + Copy the invitation code blob in the System message, then share the code blob and the decryption password to the remote Mattermost system admin you want to securely connect with. + +Accept a connection invitation +------------------------------- + +.. tab:: System Console + + 1. Go to **Site Configuration > Connected Workspaces (Beta)**. + 2. Under **Connected Workspaces**, select **Add a connection**, and then select **Accept an invitation**. + 3. Specify the **Organization Name** for this invitation. This must be the same name specified when creating the connection. + 4. Select the team where shared channels will be added. + 5. Paste the encrypted invitation code and password you've been provided to connect with the remote workspace. + 6. Select **Accept**. + + The system admin who accepts the connection invitation is automatically added to all shared channels. + +.. tab:: Slash Commands + + Run the following slash command to accept a secure connection invitation from a remote Mattermost instance: + + ``/secure-connection accept --name --displayname --password --invite [code blob]`` + + For example: + + ``/secure-connection accept --name AcmeUS --displayname “AcmeUSA” --password examplepassword --invite [code-blob]`` + + This slash command accepts a secure connection invitation from ``AcmeUS``. + +Share channels with secure connections +-------------------------------------- + +Once a connection is established between two Mattermost servers, system admins can share channels across secured workspaces. + +.. tab:: System Console + + 1. Under **Shared Channels**, select **Add channels**. + 2. Specify the channels you want to share between Mattermost servers. + + Shared channels and members of those shared channels display a shared |shared| icon to distinguish them from channels and channel members of the local server. + +.. tab:: Slash Commands + + Run the following slash command to specify the public or private channels to share: + + ``/share-channel invite --connectionID <--readonly>`` + + You can extend an invitation that permits remote members to participate in the channel based on their channel and member permissions. + + Alternatively, you can extend a read-only invitation to a secure connection by appending the optional ``--readonly`` parameter to this command. Remote members can’t post or reply to messages within shared read-only channels. + + .. tip:: + + To convert a read-only shared channel to a participation channel, remove the original secured connection from the channel, then re-extend an invitation to that secure connection while omitting the optional ``--readonly`` parameter. For example: + + ``/share-channel invite --connectionID`` + + This slash command invites the shared connection to the current channel based on its ``connectionID``. + + See `Reviewing Secure Connection Status <#review-secure-connection-status>`_ to find the ``connectionID`` for a shared connection. + +Manage connections and invitations +---------------------------------- + +System admins can `edit <#edit-a-connected-workspace>`__ or `delete <#delete-a-connected-workspace>`__ a connected workspace, and `review connection status <#review-connection-status>`__, and `regenerate invitation codes and passwords <#regenerate-invitation-codes-for-pending-connections>`__ for pending connections. + +Edit a connected workspace +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. tab:: System Console + + In the System Console, system admins can change the **Organization Name**, the **Destination Team**, or channels shared with a remote Mattermost instance as well as channels shared with your local Mattermost instance. + + 1. Under **Connected Workspaces**, identify the connected workspace you want to change. + 2. Select the **More** |more-icon| icon to the right of the connected workspace, and then select **Edit**. + +.. tab:: Slash Commands + + Run the following slash command to remove all secure connections from the current channel: + + ``/share-channel unshare`` + + This slash command removes all secure connections from the current channel. A System message notifies you that the channel is no longer shared. Secure connections may continue to be invited to other shared channels. + + Unsharing a shared channel stops synchronizing the channel with the remote Mattermost server; however, the channel continues to function for local users as expected. + +Delete a connected workspace +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. tab:: System Console + + Deleting a connected server severs the trust relationship between the local Mattermost server and the remote Mattermost server. + + 1. Under **Connected Workspaces**, identify the connected workspace you want to remove. + 2. Select the **More** |more-icon| icon to the right of the connected workspace, and then select **Delete**. + +.. tab:: Slash Commands + + Using slash commands, you can uninvite or delete a secure connection from your Mattermost instance. + + Run the following slash command to uninvite a secure connection: + + ``/share-channel uninvite --connectionID`` + + This slash command removes a secure connection from the current channel based on its ``connectionID``. The channel continues to function for local users as expected, and the secure connection may continue to be invited to other shared channels. + + Run the following slash command to delete a secure connection: + + ``/secure-connection remove --connectionID`` + + For example: + + ``/secure-connection remove --connectionID`` + + This slash command severs the trust relationship between the local Mattermost server and a remote Mattermost server based on its ``connectionID`` and removes the secure connection from all shared Mattermost channels. + +Review connection status +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. tab:: System Console + + Under **Connected Workspaces**, you can review all connected workspaces and their current status as one of: **Connected**, **Offline**, or **Connection Pending**. + +.. tab:: Slash Commands + + Run the following slash command to review the current status of all secure connections established for your Mattermost instance: + + ``/secure-connection status`` + + Status details include: + + - Connection ID + - Connection URL + - Description + - Invite accepted (Yes/No) + - Online (Yes/No) + - Last ping timestamp (UTC) + - Deleted + +Regenerate invitation codes for pending connections +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When using the System Console to manage connected workspaces, system admins can re-generate invitation codes and passwords for pending connections. + +1. Under **Connected Workspaces**, identify the pending connection whose invitation and password you want to regenerate. +2. Select the **More** |more-icon| icon to the right of the connected workspace, and then select **Regenerate invitation code**. + +.. note:: + + Regenerating doesn't invalidate the existing password, and the existing password can continue to be used in addition to the newly-generated password. Once a connection invitation is accepted and the workspace displays a status of **Connected**, invitation codes and passwords can't be regenerated. + +Frequently Asked Questions +--------------------------- + +Why is this feature in beta? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This feature is considered beta while we recruit customer testing partners. Mattermost QA has tested this feature, but we want to work with system admins to iterate on the most optimal connected workspace experience. + +Are special characters supported in secure connection names? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +No. When using slash commands, ``--name`` can include periods, hyphens, and/or underscores. You must surround ``--name`` using quotation marks (“ “) when the value contains spaces. + +What happens if two Mattermost instances contain different emojis? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In cases where one Mattermost instance has different emojis than another instance, emoji text displays in place of a missing emoji image. + +Is a Display Name required for all secure connections? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +No. When using slash commands, ``--displayname`` is optional. When omitted, ``--name`` is displayed and used instead. + +What information is synchronized between connected workspaces? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +By default, member status and availability for all members of shared channels is synchronized between connected workspaces. + +When a user is added to a shared channel, member status is synchronized within a few seconds of the member's status changing. Status updates aren't immediate and don't necessarily display in real-time. + +When using Mattermost in a web browser, Mattermost polls the server every minute. Refreshing the browser page triggers immediate synchronization. + +By default, a maximum of 50 messages are synchronized at a time, and :ref:`this value is configurable `. + +Channel as well as member status and availability synchronization :ref:`can be disabled `. + +Do connection interruptions affect message synchronization? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Yes. A System message is posted in the channel visible to all channel members when message synchronization is interrupted for more than 5 minutes. Once connectivity is restored, a full synchronization will happen for all missed messages, including direct messages and channel links. + +What happens if two secure connections share the same usernames? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In cases where members share the same usernames across Mattermost secure connections, usernames on the local server instance are appended with the secure connection name of the remote server. + +For example, if multiple members named John Smith exist after two Mattermost instances establish a secure connection with one another, all remote John Smith members include their Secure Connection ID following their username to help differentiate members across multiple Mattermost instances. \ No newline at end of file diff --git a/source/onboard/shared-channels.rst b/source/onboard/shared-channels.rst deleted file mode 100644 index b179a5b4046..00000000000 --- a/source/onboard/shared-channels.rst +++ /dev/null @@ -1,190 +0,0 @@ -Shared channels (Experimental) -============================== - -.. include:: ../_static/badges/ent-cloud-selfhosted.rst - :start-after: :nosearch: - -Communicate across organizations, as well as external partners and vendors using Mattermost by synchronizing messages, emoji reactions, and file sharing in real-time through secured connections and shared channels. - -Shared channels in Mattermost behave like regular channels, offering the same user experience and functionality as public and private channels. All members using secure connections, including local members and remote members, can :doc:`send and receive messages `, :doc:`use emojis ` to react to messages, :doc:`share files `, and :doc:`search message history `. Content is synchronized in real-time across all participating Mattermost instances. - -A channel’s permissions and access continues to be governed by each server separately. :ref:`Advanced access control ` permissions can be applied to a shared channel, and be in effect on the local Mattermost server while not being in effect on a remote Mattermost server. - -Set up shared channels ----------------------- - -The process of sharing channels involves the following 3 steps: - -1. A system admin must enable shared channels functionality for their Mattermost instance. See our :ref:`Experimental Configuration Settings ` documentation for details. - -2. A system admin :doc:`uses a slash command ` to establish a secure and trusted relationship between other Mattermost Enterprise instances. This process involves creating a password-protected, encrypted invitation, creating a strong decryption password, then sending the invitation and password to the system admin of a remote Mattermost instance. We strongly recommend that you share an invitation separately from its password to ensure that someone doesn't have all of the data necessary to take action if the message were compromised. - -3. The remote system admin receiving the invitation uses a slash command to `accept the invitation <#accept-a-secure-connection-invitation>`_. - -Once a trusted relationship is established between Mattermost servers, system admins can `share specific public or private channels <#share-channels-with-secure-connections>`_ with secure connections. - -.. note:: - - - System admins can only create secure connections with other Mattermost Enterprise instances, and can only share channels with secured connections by typing slash commands into the Message box of any channel. - - System admins must use Mattermost to generate a password-protected encrypted invitation code. However, sending secure connection invitations is not completed using Mattermost. System admins must have an independent way to extend the secure connection invitation, such as by email. - - A channel shared by a host organization cannot be shared from the receiving organization to another organization. Organizations are prevented from sharing a channel originating from another organization. - -Create a secure connection invitation -------------------------------------- - -System admins can use the following slash command to create a secure connection invitation: - -``/secure-connection create --name <--displayname> --password`` - -For example: - -``/secure-connection create --name AcmeUS --displayname “AcmeUSA” --password examplepassword`` - -This slash command creates an invitation consisting of a password-protected AES 256-bit encrypted code blob for a remote Mattermost entity known locally as ``AcmeUS`` with a password of ``examplepassword``. Within Mattermost, this shared connection displays to the local system admin based on the ``name`` and ``displayname`` provided. - -Extend the invitation -~~~~~~~~~~~~~~~~~~~~~~ - -1. Copy the invitation code blob in the System message, then send the code blob and the decryption password to the remote Mattermost aystem admin you want to securely connect with. -2. Ensure that the remote Mattermost instance can access your :doc:`workspace ` URL listed in the System message. - -Remove a secure connection -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the following slash command to remove a secure connection from your Mattermost instance: - -``/secure-connection remove --connectionID`` - -For example: - -``/secure-connection remove --connectionID`` - -This slash command severs the trust relationship between the local Mattermost server and a remote Mattermost server based on its ``connectionID`` and removes the secure connection from all shared Mattermost channels. - -Review secure connection status -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the following slash command to review the current status of all secure connections established for your Mattermost instance: - -``/secure-connection status`` - -Status details include: - -- Connection ID -- Connection URL -- Description -- Invite accepted (Yes/No) -- Online (Yes/No) -- Last ping timestamp (UTC) - -Accept a secure connection invitation -------------------------------------- - -Use the following slash command to accept a secure connection invitation from a remote Mattermost instance: - -``/secure-connection accept --name --displayname --password --invite [code blob]`` - -For example: - -``/secure-connection accept --name AcmeUS --displayname “AcmeUSA” --password examplepassword --invite [code-blob]`` - -This slash command accepts a secure connection invitation from AcmeUS. - -Share channels with secure connections --------------------------------------- - -Within a specific Public or Private channel, use the following slash command to invite secure connections: - -``/share-channel invite --connectionID <--readonly>`` - -You can extend an invitation that permits remote members to participate in the channel based on their channel and member permissions. - -Alternatively, you can extend a read-only invitation to a secure connection by appending the optional ``--readonly`` parameter to this command. Remote members can’t post or reply to messages within shared read-only channels. - -.. tip:: - - To convert a read-only shared channel to an participation channel, remove the original secured connection from the channel, then re-extend an invitation to that secure connection while omitting the optional ``--readonly`` parameter. - -For example: - -``/share-channel invite --connectionID`` - -This slash command invites the shared connection to the current channel based on its connection ID. - -.. tip:: - See `Reviewing Secure Connection Status <#review-secure-connection-status>`_ to find the connectionID for a shared connection. - -Uninvite a shared channel connection from a channel -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Within a specific channel, use the following slash command to uninvite a secure connection: - -``/share-channel uninvite --connectionID`` - -This slash command removes a secure connection from the current channel based on its connection ID. The channel continues to function for local users as expected, and the secure connection may continue to be invited to other shared channels. - -Remove all secure connections from a channel -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Within a specific channel, use the following slash command to remove all secure connections: - -``/share-channel unshare`` - -This slash command removes all secure connections from the current channel. Secure connections may continue to be invited to other shared channels. - -While unsharing a shared channel stops synchronizing the channel with the other Mattermost server, the channel continues to function for local users as expected. - -.. note:: - A System message notifies system admins that the channel is no longer shared. - -Review secure connections in channels -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the following slash command to review the status of all secure connections within the current shared channel: - -``/share-channel status`` - -Status details include: - -- Connection ID -- Connection URL -- Description -- Read only channel (True/False) -- Invite accepted (Yes/No) -- Online (Yes/No) -- Last ping timestamp (UTC) - -Frequently Asked Questions ---------------------------- - -Why is this feature in experimental? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This feature is considered experimental while we recruit customer testing partners. Mattermost QA has tested this feature, but as we build the interface for managing shared channels, we want to work with system admins to build the most optimal experience. - -Are special characters supported in secure connection names? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -No. ``--name`` can include periods, hyphens, and/or underscores. You must surround ``--name`` using quotation marks (“ “) when the value contains spaces. - -What happens if two Mattermost instances contain different emojis? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -In cases where one Mattermost instance has different emojis than another instance, emoji text displays in place of a missing emoji image. - -Is a Display Name required for all secure connections? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -No. ``--displayname`` is optional. When omitted, ``--name`` is displayed and used instead. - -Do connection interruptions affect message synchronization? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Yes. A System message is posted in the channel visible to all channel members when message synchronization is interrupted for more than five minutes. Once connectivity is restored, a full sync will happen for all missed messages, including direct messages and channel links. - -What happens if two secure connections share the same usernames? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -In cases where members share the same usernames across Mattermost secure connections, usernames on the local server instance are appended with the secure connection name of the remote server. - -For example, if multiple members named John Smith exist after two Mattermost instances establish a secure connection with one another, all remote John Smith members include their Secure Connection ID following their username to help differentiate members across multiple Mattermost instances. \ No newline at end of file