Access Management Documentation
Smart log analysis for Russian business
API Key Generation & Rotation
Secure your integrations with scoped API keys. LogTrace supports automatic rotation, IP allowlisting, and granular project-level permissions.
Generate keys via Settings → Security → API Access. Each key follows the lt_live_ prefix for production and lt_test_ for staging environments. Keys expire after 90 days by default, but you can configure custom TTL up to 365 days.
Role-Based Scopes
Assign read:logs, write:alerts, or admin:projects scopes when creating a key. Keys inherit the project hierarchy, ensuring least-privilege access across your DevOps stack.
Automated Rotation
Enable auto-rotation in the dashboard to receive webhook notifications 7 days before expiration. Use the /v1/keys/rotate endpoint to swap credentials without downtime.
Audit & Revocation
Track usage metrics per key. Instantly revoke compromised credentials from the Security Log. All actions are recorded with ISO 8601 timestamps and operator IDs.
OAuth 2.0 & SSO Configuration
Streamline team onboarding with enterprise SSO. LogTrace supports OIDC, SAML 2.0, and standard OAuth 2.0 authorization code flow with PKCE.
Configure your identity provider using the built-in SSO wizard. Provide your client ID, secret, and authorization endpoint. LogTrace automatically provisions user accounts based on email domains and maps LDAP groups to project roles.
Supported Providers
Native integrations for Yandex PassPort, VK ID, and Microsoft Entra ID. Custom OIDC endpoints are fully supported for internal Keycloak or Auth0 deployments.
Project Membership Sync
Define group-to-role mappings in the SSO settings. Users inheriting logtrace-admins automatically receive owner privileges, while logtrace-viewers get read-only access to dashboards.
Token Management
Access tokens remain valid for 1 hour, with refresh tokens lasting 30 days. Enforce MFA at the IdP level to meet FSTEC compliance requirements for critical information infrastructure.