This part of the documentation covers various aspects of Bosun administration.


Bosun currently supports two types of authentication when authentication is enabled:

  1. LDAP authentication
  2. Token Based access

The two intended uses of these methods is user authentication and api authentication respectively. Authorization is a new feature in Bosun 0.6.0. Even when authorization is enabled, Bosun should still be run inside a trusted network.


The authentication feature gets enabled when you define the AuthConf section of the system configuration. Authentication tokens can be set up via the UI by setting AuthDisabled before authentication is enabled. AuthDisabled makes it so the authentication feature is enabled but authentication itself is not enabled. With AuthDisabled set to true anonymous users can create auth tokens via Bosun’s user interface.

Auth Token UI

When the authentication feature is enabled, you should see a Manage Auth Tokens menu item under your username in Bosun’s UI in the upper right corner. You will be able to see this if AuthDisabled is true or if you have the Manage Tokens Permission set for your user.

From there you can create new auth tokens in two steps as show in the following images. Note that once you retrieve a token from the second screen, you will not be able to view the token itself again. You will still be able to see the name, description, permissions set, and the last time it was used.

First Screen:

Create Token Image

Second Screen:

Token Created Image

Permissions and Roles

Permissions provide the ability to certain things with both, and Roles are a collection of permissions for convenience. A user could have no role and an arbitrary collection of permissions.

Permission Roles Description
View Dashboard Admin, Writer, Reader Can view dashboard and alert state data, metrics, and graphs
View Config Admin, Writer, Reader Can view bosun configuration page
View Annotations Admin, Writer, Reader Can view annotations on graph page
Put Data Admin, Writer Can put and index OpenTSDB data and metadata
Actions Admin, Writer Can acknowledge and close alerts
Run Tests Admin, Writer Can execute expressions, graphs, and rule tests
Save Config Admin, Writer Can alter and save bosun rule config
Silence Admin, Writer Can add and manage silences
Manage Tokens Admin Can manage authorization tokens
Set Username Admin Allows external services to set a different username in api requests

Syncing Tokens