LightStep

LightStep Documentation

Welcome to the LightStep developer hub. You'll find comprehensive guides and documentation to help you start working with LightStep as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Create LightStep Users

LightStep offers role-based access to features and functionality. You can add users manually or automatically via domain whitelisting, allowing any user at the domain access without an explicit invitation. When you whitelist a Google domain, you can configure your Google Apps account so that users can log in with their Google email address.

You must have the Admin role to create and manage users.

User Roles

LightStep offers three different user roles with different levels of access to features in LightStep:

  • Admin: Has access to all of LightStep. You should assign only a few members the Admin role. Typically, these people are LightStep power users and understand different parts of the product well.
  • Member: Has access to everything except creating/editing/deleting projects, satellite management, and organization features. You should assign most people this role.
  • Viewer: Can only view trace data and project settings on different pages in LightStep (like Service Directory, Explorer, Streams, alert configurations). Assign new and onboarding members of an organization this role to prevent them from inadvertently modifying existing dashboards or alerts. Temporary users should also use this role.

All LightStep user roles have access to all projects in the organization.

Admin
Member
Viewer

View Explorer

✔️

✔️

✔️

View Dashboards, Streams, Conditions and Destinations

✔️

✔️

✔️

View Project Settings

✔️

✔️

✔️

Create, Edit or Delete Dashboards

✔️

✔️

Create, Edit or Delete Streams

✔️

✔️

Create, Edit, or Delete Conditions and Destinations

✔️

✔️

Create, Edit, or Delete Workflow Links

✔️

✔️

View Workflow links

✔️

✔️

✔️

Edit Project Settings

✔️

✔️

View or Edit Organization Settings

✔️

Create, Edit, or Delete Projects

✔️

Create, Edit, or Delete Users

✔️

Create, Edit, or Delete Whitelisted Domains

✔️

Create or Delete API Keys

✔️

View Satellite and Pools pages

✔️

Set and Modify Data Retention Policy

✔️

View Data Retention Policy

✔️

✔️

Manually Create Users

You manually create users from the Account Settings page. Once you add a user, LightStep sends them an email inviting them to create an account.

To manually create a user:

  1. In LightStep, in the left-hand navigation bar, click Account and choose Account Settings.
  1. Click the Projects & Users tab. In the New Users area of the Account Settings page, set the Default Role. This is the role that all new users will be assigned. You can change a user's role once they are created.
  1. In the New Users area of the Account Settings page, click Invite New User.
  1. Enter the new user's email and click Invite.
    An email is sent to that address asking them to log into LightStep and create an account.

The new user displays in the list of users. You and other Admin users can change the role if needed.

Change a User's Role

Only users with the Admin role can change a user's role.

  1. Click Account > Account Settings from the side navigation bar.
  1. Click the Projects & Users tab. Find the user whose role you want to change and use the role dropdown to select the correct role.

Change a User's Password

Users can change their password themselves from the Account Settings page.

Using Google SSO?

If your account uses Google for single sign-on, then passwords can't be changed.

  1. Click Account > Account Settings from the side navigation bar.
  1. In the Update Password area, enter your current password, enter and verify the new password, and click Save New Password.

Delete a User

Once you delete a user, they can no longer access LightStep.

  1. Click Account > Account Settings from the side navigation bar.
  1. In the Users section, find the user to delete and click Remove.

Automatically Create Users by Whitelisting Your Domain

If you whitelist your domain with LightStep, anyone with that domain as their email address can log into LightStep and create an account. If your domain is with Google, then once you whitelist that domain with LightStep, you can also configure single sign-on (SSO) with Google Apps for Work Teams to allow users to sign in with their Google email.

Don't see the Whitelist Domains area on the Account Settings page?

The ability to whitelist a domain is available only for LightStep accounts.

To whitelist a domain:

  1. Click Account > Account Settings from the side navigation bar.
  1. Click the Projects & Users tab. In the New Users area of the Account Settings page, set the Default Role. Be sure to select the role that most users should have, as all users you create using the whitelisted domain will be assigned this role. After you create a user, you can manually change the role.

Make sure your default role isn't Admin unless you want all users to have full access when they are created.

  1. In the Whitelisted Domains area, click Add Domain.
  1. Enter the domain's URL and click Confirm.
    Anyone with that domain in their email address logging into LightStep at https://app.lightstep.com will have access to your LightStep organization and will be assigned the role you set as the default. You can manually change the role once the user is created.

To remove a whitelisted domain:
Remove a whitelisted domain by clicking Remove for that domain. Once you remove the domain, new users from that domain can't be added, but existing users will continue to be able to log in.

Whitelist Google Apps for Single Sign-On Access

Google Apps for Work teams can streamline the process further by adding LightStep to your Google Apps Whitelist. Enabling allows users to click the Sign in with Google button and use Google to authenticate.

Extracted from Google's developer documentation

Your Google Apps administrator can whitelist LightStep for the entire organization so that users can skip the authorization page during the sign-in process.

  1. Open the Google Apps Admin Console.
  2. Click the Security icon, then click Show More > Advanced Settings > Manage API client access.
  1. Authorize LightStep by adding these credentials.
    Client Name:
    746217134341-pp9knfd5e0b6b6n84jg3cjd5hsuguuot.apps.googleusercontent.com

API scopes: https://www.googleapis.com/auth/plus.me,https://www.googleapis.com/auth/userinfo.email

  1. Click Authorize. The whitelisting will take effect in about 30 minutes.

Create LightStep Users


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.