From dddd4109c0614c51d4c5789a50f3c0b438e9b7d1 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 11 Jun 2026 11:28:06 -0500 Subject: [PATCH] docs(controller): cross-link user sign-in and API token sections --- content/telegraf/controller/authentication/_index.md | 10 +++++++--- content/telegraf/controller/tokens/_index.md | 4 ++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/content/telegraf/controller/authentication/_index.md b/content/telegraf/controller/authentication/_index.md index 8a8239dc4b..da353f22d3 100644 --- a/content/telegraf/controller/authentication/_index.md +++ b/content/telegraf/controller/authentication/_index.md @@ -15,6 +15,10 @@ cascade: - /telegraf/controller/settings/ --- +This section describes how users sign in to {{% product-name %}}. +To authenticate API requests and Telegraf agent connections, see +[Manage API tokens](/telegraf/controller/tokens/). + {{% product-name %}} supports three authentication providers that you can run individually or together: @@ -99,8 +103,8 @@ decide whether to create a {{% product-name %}} account for them. | `domain_restricted` | A pending invite admits the user; otherwise, the email must end with an allowed domain. | | `auto_create` | A pending invite admits the user; otherwise, any user the provider authenticates is auto-created. | -Each external provider has its own provisioning strategy. For example, you can run LDAP -in `invite_only` while OIDC is in `auto_create`. +Each external provider has its own provisioning strategy. For example, you can run LDAP +in `invite_only` while OIDC is in `auto_create`. ## Group-to-role mapping @@ -112,7 +116,7 @@ mappings on the **Settings** page as rows of `(provider, group name, role)`. - If a user matches no mapping, the provider's **default role** is assigned or sign-in is rejected, depending on the provider's **On no group match** setting. -- The **Owner** role is never assigned through a mapping. You can [Transfer ownership](/telegraf/controller/users/transfer-ownership/) instead. +- The **Owner** role is never assigned through a mapping. You can [Transfer ownership](/telegraf/controller/users/transfer-ownership/) instead. ## Owner account behavior diff --git a/content/telegraf/controller/tokens/_index.md b/content/telegraf/controller/tokens/_index.md index 9ca40435fa..a5ca98483d 100644 --- a/content/telegraf/controller/tokens/_index.md +++ b/content/telegraf/controller/tokens/_index.md @@ -15,6 +15,10 @@ cascade: API tokens authenticate requests to the {{% product-name %}} API and Telegraf agent connections. Use tokens to authorize Telegraf agents, heartbeat requests, and external API clients. +API tokens are separate from user sign-in. +To configure how users sign in to {{% product-name %}}, see +[Authentication](/telegraf/controller/authentication/). + ## Token format All API tokens use the `tc-apiv1_` prefix, making them easy to identify in