diff --git a/source/administration-guide/manage/admin/abac-channel-access-rules.rst b/source/administration-guide/manage/admin/abac-channel-access-rules.rst new file mode 100644 index 00000000000..b6c1bb5eb35 --- /dev/null +++ b/source/administration-guide/manage/admin/abac-channel-access-rules.rst @@ -0,0 +1,242 @@ +Channel-specific access rules +============================= + +.. include:: ../../../_static/badges/ent-adv-cloud-selfhosted.rst + :start-after: :nosearch: + +Channel Admins can self-manage access controls for their private channels directly through the Channel Settings modal, without requiring System Admin intervention. For organization-wide policies created by System Admins, see :doc:`System-wide attribute-based access policies `. + +With channel access rules, Channel Admins can: + +- Create channel-specific access rules using a simple interface. +- Rules are **additive** to any system policies (both must be satisfied). +- Automatic member synchronization with immediate feedback. +- Self-exclusion prevention to avoid locking yourself out. + +Prerequisites +------------- + +- :doc:`Attribute-Based Access Control (ABAC) ` must be enabled by a System Admin in **System Console > System Attributes > Attribute-Based Access**. +- You need Channel Admin permissions and the ``manage_channel_access_rules`` permission. +- Channel access rules are available only for private channels. + +Access Channel Settings +~~~~~~~~~~~~~~~~~~~~~~~~ + +1. In a private channel where you have Channel Admin permissions, select the channel name at the top of the center pane. +2. Select **Channel Settings** from the dropdown menu. +3. Navigate to the **Access Control** tab. + +.. note:: + + The **Access Control** tab is only visible for private channels when you have the appropriate permissions and ABAC is enabled system-wide. + +Configure access rules +---------------------- + +Channel access rules use the same simple interface as system policies, allowing you to create attribute-based conditions without complex syntax. + +1. In the **Access Control** tab, you'll see any inherited system policies at the top in a blue information banner (if applicable). +2. Use the **Add attribute** button to create new access conditions: + + - **Select attribute**: Choose from available user attributes + - **Choose operator**: Select how the attribute should match: + + - **Is**: Exact match with specified value + - **Is not**: Must not match specified value + - **In**: Must match any of multiple specified values + - **Contains**: Attribute value must contain specified text + + - **Set values**: Enter the required attribute values + +3. Add multiple conditions as needed. All conditions are combined with logical AND (all must be satisfied). + +4. Select **Test access rules** to preview which users would be granted access based on your current rules. + +Auto-sync membership +~~~~~~~~~~~~~~~~~~~~ + +The **Auto-add members based on access rules** toggle controls automatic membership management: + +- **Enabled**: Users matching the rules are automatically added to the channel, and users who no longer match are removed +- **Disabled**: Rules act as a gate (preventing unauthorized joins) but don't automatically add qualifying users + +.. important:: + + - If a system policy has auto-sync enabled, Channel Admins cannot disable it at the channel level. + - If a system policy has auto-sync disabled, Channel Admins can choose to enable it for their channel. + - When no rules are configured, this toggle is automatically disabled. + +Validation and safety +~~~~~~~~~~~~~~~~~~~~~ + +Before saving changes, Mattermost validates your rules to prevent common issues: + +- **Required fields**: All attribute selections and values must be completed +- **Self-exclusion prevention**: You cannot create rules that would remove yourself from the channel +- **Conflict detection**: Rules that create impossible conditions are identified + +When you save changes that affect membership, a confirmation dialog shows you: + +- How many users will be added or removed +- Option to view the specific users affected +- Confirmation required before applying changes + +Policy inheritance +-------------------- + +When both :doc:`system policies ` and channel rules are configured: + +1. **System policies** are displayed in a blue banner at the top (read-only) +2. **Channel rules** are managed in the access rules section below +3. **Users must satisfy BOTH** system policies and channel rules to access the channel +4. Channel rules **add restrictions** but cannot weaken system policies + +Use cases and recommendations +----------------------------- + +**Ideal use cases for channel access rules:** + +- **Project-specific channels**: Restrict access to team members working on specific projects +- **Clearance-based discussions**: Ensure only users with appropriate security clearance can participate +- **Department communications**: Limit channel access to specific organizational units +- **Temporary access**: Create rules for short-term project teams or contractor access + +**Best practices:** + +- **Start simple**: Begin with basic attribute conditions before adding complexity +- **Test before saving**: Always use the "Test access rules" feature to verify your intended scope +- **Document changes**: Consider posting a message in the channel when access rules change +- **Regular review**: Periodically review rules to ensure they remain appropriate +- **Coordinate with IT**: Work with System Admins for complex organizational policies + +**When to use system policies vs. channel rules:** + +- **System policies**: Use for organization-wide standards, compliance requirements, or policies affecting multiple channels +- **Channel rules**: Use for channel-specific restrictions, project-based access, or when you need immediate control without IT involvement + +End-user experience +-------------------- + +When channels have attribute-based access controls applied, users will see clear indicators and experience specific behaviors designed to maintain security while providing transparency. + +Visual indicators +~~~~~~~~~~~~~~~~~~ + +**Channel Members panel:** + +- Information banner at the top explains that attribute-based access is enabled. +- Displays required attribute values as tags (e.g., "Engineering", "Confidential"). +- Tooltip on hover shows the attribute name for each value. + +**Add Members modal:** + +- Similar information banner and attribute value display. +- Users who don't match the access criteria won't appear in search results. +- Only eligible users can be selected and added to the channel. + +Functional restrictions +~~~~~~~~~~~~~~~~~~~~~~~~ + +When ABAC is enabled for a channel: + +- **Search limitations**: Users who don't match access criteria don't appear in member search results. +- **Invitation restrictions**: Only users meeting attribute requirements can be added to the channel. +- **Guest user exclusions**: Private channels with ABAC policies cannot have guest users invited. +- **Automatic removal**: Users who lose required attributes are automatically removed during the next synchronization. + +.. note:: + + These restrictions apply across all Mattermost clients, including web, desktop, and mobile, to ensure consistent security enforcement. + +Troubleshooting and FAQs +--------------------------- + +Common questions about attribute-based access control implementation and usage. + +Permission and access +~~~~~~~~~~~~~~~~~~~~~~ + +Why can't I see the Access Control tab in Channel Settings? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The **Access Control** tab is only visible when all of these conditions are met: + +- You have Channel Admin role or higher for the channel +- The channel is a private channel (not public, group message, or direct message) +- ABAC is enabled system-wide by a System Admin +- The Channel Admin ABAC is enabled via the configuration setting AccessControlSettings - EnableUserManagedAttributes +- Your user role includes the ``manage_channel_access_rules`` permission + +Can Channel Admins override system policies? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +No. Channel rules are always **additive** to system policies. Users must satisfy both system policies AND channel rules to access the channel. Channel Admins cannot weaken or override restrictions set by System Admins. + +What happens if I create rules that would exclude myself? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Mattermost prevents this with self-exclusion validation. If your rules would remove you from the channel, you'll see an error message and cannot save the changes until you adjust the rules or reset them. + +Rule configuration +~~~~~~~~~~~~~~~~~~~ + +Can I use advanced CEL expressions in Channel Settings? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +No. Channel Settings only supports Basic Mode with simple attribute conditions. For complex expressions with nested logic or mixed operators, System Admins need to create policies in the System Console. + +How do I remove all access rules from a channel? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Delete all attribute conditions from the access rules table. When no rules are configured and no system policies are applied, the channel returns to standard access behavior. + +Why is the auto-sync toggle disabled? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The auto-sync toggle is automatically disabled when: + +- No access rules are configured +- A system policy with auto-sync enabled is applied (Channel Admins cannot disable it) +- There are validation errors in the current rules + +Synchronization and membership +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +How quickly are membership changes applied? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +When you save access rules, membership sync job is created and changes are applied as soon as the job is completed. Additionally, Mattermost runs synchronization jobs every 30 minutes to handle attribute changes from external systems (LDAP, SAML). + +Will users be notified when they're removed from a channel? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Yes, users receive standard Mattermost notifications when they're removed from channels due to access rule changes, similar to manual removals. + +Can I see who was added or removed during synchronization? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Yes, the confirmation modal before saving shows exactly which users will be affected. System Admins can also view detailed synchronization logs in the System Console. + +Attribute and data questions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Which user attributes can I use in access rules? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +You can use any user attributes either synchronized via LDAP/SAML or manually configured by System Admins in **System Console > System Attributes > User Attributes**. + +What happens if a user attribute changes? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +During the next synchronization (every 30 minutes), users who no longer match the access rules will be removed from the channel, and new users who now match will be added (if auto-sync is enabled). + +Do guest users work with ABAC channels? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +No. Private channels with attribute-based access control cannot have guest users. This ensures strict adherence to access control policies based on organizational attributes. + +Can group-sync channels use ABAC? +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +No. Channels configured with group synchronization cannot use attribute-based access control. Group-sync and ABAC are mutually exclusive features - you must choose one method of access control per channel. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/abac-system-wide-policies.rst b/source/administration-guide/manage/admin/abac-system-wide-policies.rst new file mode 100644 index 00000000000..33c655d8627 --- /dev/null +++ b/source/administration-guide/manage/admin/abac-system-wide-policies.rst @@ -0,0 +1,101 @@ +System-wide attribute-based access policies +============================================================ + +.. include:: ../../../_static/badges/ent-adv-cloud-selfhosted.rst + :start-after: :nosearch: + +Use this guide to create and manage organization-wide attribute-based access policies in the System Console. For channel-level rules managed by Channel Admins, see :doc:`Channel-specific access rules `. + +Prerequisites +------------- + +- :doc:`Attribute-based access controls (ABAC) ` require defined user attributes. First :doc:`configure user attributes ` in the System Console. +- Then go to **System Console > System Attributes > Attribute-Based Access** to enable attribute-based access controls for your Mattermost instance. This functionality requires a Mattermost Enterprise Advanced license. + +From Mattermost v10.11, user-managed attributes are excluded from attribute-based access control (ABAC) rules by default for security reasons. This prevents access control policies from being circumvented by users editing their own profile attributes. To include user-managed attributes in ABAC rules, a system admin must explicitly enable the ``EnableUserManagedAttributes`` configuration setting. See the :ref:`user attribute ` documentation for details on enabling this feature. This configuration setting is available only in Enterprise Edition Advanced and is disabled by default. + +Define access control policies +------------------------------ + +You can add multiple rules to a single policy, and each rule can include multiple attribute values. + +1. In the System Console, go to **System Attributes > Attribute-Based Access** and select **Add Policy**. +2. Enter a unique policy name. +3. Choose whether to automatically add users who match your configured attribute values as new members. Automatic synchronization is disabled by default. + + * **True**: Automatically maintains channel membership according to the defined rules as user attributes change. + * **False** (**Default**): Only removes members and restricts adding them to the channel if they don’t match defined rules. Users are not automatically added. + + Regardless of whether this configuration setting, users who no longer match the configured attribute values in the future will be removed from the channel after the next channel synchronization. + +4. Define the attribute-based access rules to restrict channel membership. + + .. tab:: Simple Mode + + Simple Mode is ideal for simple and straightforward access control scenarios. Each row is a single condition that must be met for a user to comply with the policy. Simple Mode only supports simple conditions without nested logic or mixed logical operators. All rules are combined with a logical AND operator ``&&``. + + 1. Select **Add attribute** and select the attribute you want to use for access control. + 2. Specify how you want the attribute to match the user profile. You can choose from the following options: + + - **Is**: The attribute must be an exact match of the value. + - **Is not**: The attribute must not contain specified value. + - **In**: The attribute must match at least one value. + - **Starts with**: The attribute value must start with the specified value. + - **Ends with**: The attribute value must end with the specified value. + - **Contains**: The attribute value must exist somewhere with the specified value. + + 3. Specify the attribute values that users must have to be granted access to the channel. + + .. tab:: Advanced Mode + + Advanced Mode is ideal for complex access control scenarios that require CEL syntax to combine multiple conditions with logical operators that support rules like ``user. == ``, using ``&&`` / ``||`` (and/or) for multiple conditions, and ``()`` to group conditions. The CEL Expression Editor provides real-time syntax validation and feedback, as well as context-aware autocomplete for attributes, operators, and attribute values. + + You can also start defining rules in Simple Mode and then switch to Advanced Mode to refine the rules further as needed. However, you'll be blocked from switching from Advanced back to Simple Mode if one of the following are true: + + * Mixed logical operators are used between conditions. + * Nested logic/grouping (parentheses) are present. + * Unsupported operators or expressions are detected. + + The syntax structure is ``user. ``. + + As you type, autocompletes show available attributes. As you select attributes, autocomplete suggests appropriate CEL operators. After selecting an operator, when attribute values are pre-defined, autocomplete suggests values to choose from. Mattermost will explicitly indicate issues such as missing operators, incorrect syntax, or incomplete conditions. + + Select the **Validate syntax** bar to check the syntax of your rule. If the syntax is valid, the bar will turn green and display a message indicating that the syntax is valid. If there are any issues, the bar will turn red and display an error message. + +Test rules +~~~~~~~~~~ + +Select **Test access rule** to test the rule against your user base to return how many users would be granted access to the channel based on the current rule. Test your rules to ensure the intended scope and avoid unexpected access changes. + +Manage rules +~~~~~~~~~~~~ + +You can apply changes to existing rules or remove rules at any time using either Simple Mode or Advanced Mode. Select **Save** to save your changes. + +Assign policies to private channels +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Specify the private channel that your access control policy applies to by selecting **Add channels** to search for and select the channels you want. You can assign the policy to multiple channels at once, or you can `assign it to individual channels <#define-access-controls-per-channel>`__ later. Select **Save** to save your changes. + +.. note:: + + Private channels with attribute-based access control policies can't have guest users invited to them. Only users who match the defined attribute criteria can be added to ABAC-controlled channels, ensuring strict adherence to access control policies. + +Delete policies +~~~~~~~~~~~~~~~ + +To delete a policy, select the **Delete** button next to the policy you want to remove. You can only delete policies that are not currently assigned to any channels. If a policy is assigned to channels, you must first remove it from those channels before you can delete it. + +Define access controls per channel +---------------------------------- + +You can assign an existing access control policy to a private channels for more granular control over channel membership. This is useful when you need to apply different rules for different channels. + +1. In the System Console, go to **User Management > Channels** to select the private channel you want to configure, and select **Edit**. +2. In the **Channel Management** section, enable the **Enable attribute-based channel access** option. +3. Under **Access policy**, select **Link to a policy** to select an existing policy. + +Remove channel policies +~~~~~~~~~~~~~~~~~~~~~~~ + +Disable the policy for the channel by selecting **Remove Policy**. You can then link the channel to a different policy if preferred. \ No newline at end of file diff --git a/source/administration-guide/manage/admin/attribute-based-access-control.rst b/source/administration-guide/manage/admin/attribute-based-access-control.rst index f0d9e461062..98a0b56e65d 100644 --- a/source/administration-guide/manage/admin/attribute-based-access-control.rst +++ b/source/administration-guide/manage/admin/attribute-based-access-control.rst @@ -4,106 +4,42 @@ Attribute-Based Access Control .. include:: ../../../_static/badges/ent-adv-cloud-selfhosted.rst :start-after: :nosearch: +.. toctree:: + :maxdepth: 1 + :hidden: + :titlesonly: + + /administration-guide/manage/admin/abac-system-wide-policies + /administration-guide/manage/admin/abac-channel-access-rules + From Mattermost v10.9, system admins in large or complex organizations who require Zero Trust Security when handling with sensitive information can prevent unauthorized access through attribute-based access controls. Enforcing strict access controls based on user attributes eliminates manual role adjustment processes that can lead to security risks, inefficiencies, or inappropriate access, while maintaining security and compliance by ensuring that only authorized users can access specific Mattermost channels. +Access-based access control (ABAC) provides 2 levels of control: + +- **System-wide policies** (managed by System Admins): Centralized policies that can be applied across multiple channels in the System Console. See :doc:`System-wide attribute-based access policies `. +- **Channel-specific rules** (managed by Channel Admins): Self-service access rules that Channel Admins can configure directly in Channel Settings for individual channels. See :doc:`Channel-specific access rules `. + Before you begin ------------------ -Attribute-based access controls require defined user attributes that are either synchronized from an external system (such as LDAP or SAML) or manually configured and enabled on your Mattermost server. You'll need to :doc:`configure user attributes ` in the System Console first befopre creating access policies. +Attribute-based access controls require defined user attributes that are either synchronized from an external system (such as LDAP or SAML) or manually configured and enabled on your Mattermost server. You'll need to :doc:`configure user attributes ` in the System Console first before creating access policies. Once user attributes are defined, go to **System Console > System Attributes > Attribute-Based Access** to enable attribute-based access controls for your Mattermost instance. This functionality requires a Mattermost Enterprise Advanced license. From Mattermost v10.11, user-managed attributes are excluded from attribute-based access control (ABAC) rules by default for security reasons. This prevents access control policies from being circumvented by users editing their own profile attributes. To include user-managed attributes in ABAC rules, a system admin must explicitly enable the ``EnableUserManagedAttributes`` configuration setting. See the :ref:`user attribute ` documentation for details on enabling this feature. This configuration setting is available only in Enterprise Edition Advanced and is disabled by default. -Once enabled, you have 2 ways to configure access policies in Mattermost: - -- `Attribute-based access rules <#define-access-control-policies>`__ you can assign across multiple channels. -- `Channel-specific rules <#define-access-controls-per-channel>`__ you can assign to individual channels. - -Define access control policies -------------------------------- - -You can add multiple rules to a single policy, and each rule can include multiple attribute values. - -1. In the System Console, go to **System Attributes > Attribute-Based Access** and select **Add Policy**. -2. Enter a unique policy name. -3. Choose whether to automatically add users who match your configured attribute values as new members. Automatic synchronization is disabled by default. - - * **True**: Automatically maintains channel membership according to the defined rules as user attributes change. - * **False** (**Default**): Only removes members and restricts adding them to the channel if they don’t match defined rules. Users are not automatically added. - - Regardless of whether this configuration setting, users who no longer match the configured attribute values in the future will be removed from the channel after the next channel synchronization. - -4. Define the attribute-based access rules to restrict channel membership. - - .. tab:: Simple Mode - - Simple Mode is ideal for simple and straightforward access control scenarios. Each row is a single condition that must be met for a user to comply with the policy. Simple Mode only supports simple conditions without nested logic or mixed logical operators. All rules are combined with a logical AND operator ``&&``. - - 1. Select **Add attribute** and select the attribute you want to use for access control. - 2. Specify how you want the attribute to match the user profile. You can choose from the following options: - - - **Is**: The attribute must be an exact match of the value. - - **Is not**: The attribute must not contain specified value. - - **In**: The attribute must match at least one value. - - **Starts with**: The attribute value must start with the specified value. - - **Ends with**: The attribute value must end with the specified value. - - **Contains**: The attribute value must exist somewhere with the specified value. - - 3. Specify the attribute values that users must have to be granted access to the channel. - - .. tab:: Advanced Mode - - Advanced Mode is ideal for complex access control scenarios that require CEL syntax to combine multiple conditions with logical operators that support rules like ``user. == ``, using ``&&`` / ``||`` (and/or) for multiple conditions, and ``()`` to group conditions. The CEL Expression Editor provides real-time syntax validation and feedback, as well as context-aware autocomplete for attributes, operators, and attribute values. - - You can also start defining rules in Simple Mode and then switch to Advanced Mode to refine the rules further as needed. However, you'll be blocked from switching from Advanced back to Simple Mode if one of the following are true: - - * Mixed logical operators are used between conditions. - * Nested logic/grouping (parentheses) are present. - * Unsupported operators or expressions are detected. - - The syntax structure is ``user. ``. - - As you type, autocompletes show available attributes. As you select attributes, autocomplete suggests appropriate CEL operators. After selecting an operator, when attribute values are pre-defined, autocomplete suggests values to choose from. Mattermost will explicitly indicate issues such as missing operators, incorrect syntax, or incomplete conditions. - - Select the **Validate syntax** bar to check the syntax of your rule. If the syntax is valid, the bar will turn green and display a message indicating that the syntax is valid. If there are any issues, the bar will turn red and display an error message. - -Test rules -~~~~~~~~~~~ - -Select **Test access rule** to test the rule against your user base to return how many users would be granted access to the channel based on the current rule. Test your rules to ensure the intended scope and avoid unexpected access changes. - -Manage rules -~~~~~~~~~~~~~ - -You can apply changes to existing rules or remove rules at any time using either Simple Mode or Advanced Mode. Select **Save** to save your changes. - -Assign policies to private channels -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Specify the private channel that your access control policy applies to by selecting **Add channels** to search for and select the channels you want. You can assign the policy to multiple channels at once, or you can `assign it to individual channels <#define-access-controls-per-channel>`__ later. Select **Save** to save your changes. - -.. note:: - - Private channels with attribute-based access control policies can't have guest users invited to them. Only users who match the defined attribute criteria can be added to ABAC-controlled channels, ensuring strict adherence to access control policies. - -Delete policies -~~~~~~~~~~~~~~~~ - -To delete a policy, select the **Delete** button next to the policy you want to remove. You can only delete policies that are not currently assigned to any channels. If a policy is assigned to channels, you must first remove it from those channels before you can delete it. +Configure access policies +-------------------------- -Define access controls per channel ------------------------------------ +Once enabled, you have multiple ways to configure access policies in Mattermost: -You can assign an existing access control policy to a private channels for more granular control over channel membership. This is useful when you need to apply different rules for different channels. +**System Admins can:** -1. In the System Console, go to **User Management > Channels** to select the private channel you want to configure, and select **Edit**. -2. In the **Channel Management** section, enable the **Enable attribute-based channel access** option. -3. Under **Access policy**, select **Link to a policy** to select an existing policy. +- Create :doc:`system-wide access policies ` that can be assigned across multiple channels in the System Console. +- Assign :ref:`individual channel policies ` to specific channels in the System Console. -Remove channel policies -~~~~~~~~~~~~~~~~~~~~~~~~ +**Channel Admins can:** -Disable the policy for the channel by selecting **Remove Policy**. You can then link the channel to a different policy if preferred. \ No newline at end of file +- Configure :doc:`channel-specific access rules ` directly in Channel Settings without requiring a system admin. \ No newline at end of file diff --git a/source/administration-guide/onboard/sso-saml-technical.rst b/source/administration-guide/onboard/sso-saml-technical.rst index 228a890b8b0..cf367cc45e9 100644 --- a/source/administration-guide/onboard/sso-saml-technical.rst +++ b/source/administration-guide/onboard/sso-saml-technical.rst @@ -16,9 +16,9 @@ Mattermost supports using a single metadata URL to retrieve configuration inform Using this URL populates the SAML SSO URL and the Identity Provider Issuer URL fields in the configuration process automatically and the Identity Provider Public Certificate is also downloaded from the server and set locally. -This is currently supported for Okta and Microsoft ADFS server 2012 and 2016. OneLogin support will be added in a future release. +This is currently supported for Okta and Microsoft ADFS server 2012 and 2016. -For detailed steps, view the :doc:`Configure SAML with Okta `, :doc:`Configure SAML with Microsoft ADFS for Windows Server 2012 `, and :doc:`Configure SAML with Microsoft ADFS using Microsoft Windows Server 2016 ` documentation. See the encryption options documentation for details on what :ref:`encryption methods ` Mattermost supports for SAML. +For detailed steps, view the :doc:`Configure SAML with Okta `, :doc:`Configure SAML with Microsoft ADFS for Windows Server 2012 `, and :doc:`Configure SAML with Microsoft ADFS using Microsoft Windows Server 2016 ` documentation. See the encryption options documentation for details on what :ref:`encryption methods ` Mattermost supports for SAML, including AES-192-GCM and AES-256-GCM encryption support introduced in v10.9. SAML providers -------------- diff --git a/source/deployment-guide/desktop/desktop-msi-installer-and-group-policy-install.rst b/source/deployment-guide/desktop/desktop-msi-installer-and-group-policy-install.rst index 27bbc75bccc..c509e6e008d 100644 --- a/source/deployment-guide/desktop/desktop-msi-installer-and-group-policy-install.rst +++ b/source/deployment-guide/desktop/desktop-msi-installer-and-group-policy-install.rst @@ -1,7 +1,7 @@ Desktop MSI installer and group policy guide ============================================= -This page provides guidance on installing the desktop app MSI and use Group Policies in Windows for Mattermost Enterprise or Professional. The MSI installer package can be downloaded `here `_. +This page provides guidance on installing the desktop app MSI and use Group Policies in Windows for Mattermost Enterprise or Professional. The MSI installer package can be downloaded `here `_. .. tip:: @@ -20,9 +20,9 @@ Download group policy and MSI installer files .. image:: ../../images/desktop/msi_gpo/msi_gpo_installation_test_00002.png :alt: Go to the mattermost/desktop repository on GitHub. -3. Navigate to the release page for `version v5.13.0 `__ and download the appropriate installer for your version of Windows (32-bit vs. 64-bit). +3. Navigate to the release page for `version v5.13.1 `__ and download the appropriate installer for your version of Windows (32-bit vs. 64-bit). -4. Download the `source.zip `__ file as well to extract group policy files. +4. Download the `source.zip `__ file as well to extract group policy files. .. image:: ../../images/desktop/msi_gpo/msi_gpo_installation_test_00003.png :alt: In the mattermost/desktop repository on GitHub, go to the release page for the latest desktop release, then download the installer for your version of Windows. Download the source.zip file as well to extract group policy files. @@ -43,12 +43,12 @@ The following group policies are available supporting a state option of Not Conf | Automatic Updates | If disabled, automatic desktop app updates are disabled. | v5.1 or later | ``EnableAutoUpdates`` | +--------------------------+------------------------------------------------------------+----------------------+----------------------------+ -1. Browse to the folder the above files were downloaded to and unzip the ``desktop-5.13.0.zip`` file in place. +1. Browse to the folder the above files were downloaded to and unzip the ``desktop-5.13.1.zip`` file in place. .. image:: ../../images/desktop/msi_gpo/msi_gpo_installation_test_00004.png :alt: Go to the install download directory on your machine and unzip the ZIP file. -2. Navigate to the unzipped ``desktop-5.13.0\resources\windows\gpo`` folder and copy the contents. +2. Navigate to the unzipped ``desktop-5.13.1\resources\windows\gpo`` folder and copy the contents. .. image:: ../../images/desktop/msi_gpo/msi_gpo_installation_test_00005.png :alt: Go to the \resources\windows\gpo directory and copy its contents. @@ -167,9 +167,9 @@ Perform a silent installation of the MSI by running the following command: Ensure the desktop app is closed before proceeding with a silent installation. Because it's a silent installation, Mattermost won't prompt you to close the desktop app. -**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.0-x64.msi /qn`` +**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.1-x64.msi /qn`` -**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.0-x64.msi /qn'`` +**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.1-x64.msi /qn'`` .. note:: - You'll need to update the version details in this command as new versions of the Mattermost desktop app are released. @@ -182,13 +182,13 @@ Install for all users Use the ``ALLUSERS`` parameter to install the MSI for all users: -**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.0-x64.msi ALLUSERS=1`` +**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.1-x64.msi ALLUSERS=1`` -**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.0-x64.msi ALLUSERS=1'`` +**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.1-x64.msi ALLUSERS=1'`` .. note:: - Installing the MSI for all users disables automatic updates for the desktop app on Windows. - - To disable automatic updates on a per-user basis, use the ``DISABLEAUTOUPDATE`` parameter: ``msiexec /i mattermost-desktop-v5.11.2-x64.msi DISABLEAUTOUPDATE=1`` + - To disable automatic updates on a per-user basis, use the ``DISABLEAUTOUPDATE`` parameter: ``msiexec /i mattermost-desktop-v5.13.1-x64.msi DISABLEAUTOUPDATE=1`` Specify an install directory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -196,8 +196,8 @@ Specify an install directory Use the ``APPLICATIONFOLDER`` parameter to specify an installation directory for the MSI installation: -**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.0-x64.msi APPLICATIONFOLDER=""`` +**Command Prompt:** ``msiexec /i mattermost-desktop-v5.13.1-x64.msi APPLICATIONFOLDER=""`` -**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.0-x64.msi APPLICATIONFOLDER=""'`` +**PowerShell:** ``Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i mattermost-desktop-v5.13.1-x64.msi APPLICATIONFOLDER=""'`` Change this command as new versions of the Mattermost Desktop App are released. diff --git a/source/deployment-guide/desktop/linux-desktop-install.rst b/source/deployment-guide/desktop/linux-desktop-install.rst index e391b48c9b5..2dd7cf6c772 100644 --- a/source/deployment-guide/desktop/linux-desktop-install.rst +++ b/source/deployment-guide/desktop/linux-desktop-install.rst @@ -54,13 +54,13 @@ This page describes how to install the Mattermost desktop app on Linux. Install the Mattermost desktop app ---------------------------------- - 1. Download the latest version of the Mattermost desktop app for 64-bit systems: `mattermost-desktop-5.13.0-linux-x86_64.rpm `_ + 1. Download the latest version of the Mattermost desktop app for 64-bit systems: `mattermost-desktop-5.13.1-linux-x86_64.rpm `_ 2. At the command line, execute the following command: .. code-block:: sh - sudo rpm -i mattermost-desktop-5.13.0-linux-x86_64.rpm + sudo rpm -i mattermost-desktop-5.13.1-linux-x86_64.rpm 3. Run Mattermost as a desktop app. @@ -68,7 +68,7 @@ This page describes how to install the Mattermost desktop app on Linux. .. code-block:: sh - sudo rpm -u mattermost-desktop-5.13.0-linux-x86_64.rpm + sudo rpm -u mattermost-desktop-5.13.1-linux-x86_64.rpm .. tip:: You can review the current version of your desktop app by selecting the **More** |more-icon-vertical| icon located in the top left corner of the desktop app, then selecting **Help > Version...**. @@ -83,7 +83,7 @@ This page describes how to install the Mattermost desktop app on Linux. Install the Desktop App's compressed tarball --------------------------------------------- - 1. Download the latest version of the Mattermost desktop app for 64-bit systems: `mattermost-desktop-5.13.0-linux-x64.tar.gz `_ + 1. Download the latest version of the Mattermost desktop app for 64-bit systems: `mattermost-desktop-5.13.1-linux-x64.tar.gz `_ 2. Extract the archive to a convenient location, then give ``chrome-sandbox`` in the extracted directory the required ownership and permissions: ``sudo chown root:root chrome-sandbox && sudo chmod 4755 chrome-sandbox`` diff --git a/source/deployment-guide/server/kubernetes/deploy-k8s-aks.rst b/source/deployment-guide/server/kubernetes/deploy-k8s-aks.rst index 20ebe8ed344..b5ed4eb296d 100644 --- a/source/deployment-guide/server/kubernetes/deploy-k8s-aks.rst +++ b/source/deployment-guide/server/kubernetes/deploy-k8s-aks.rst @@ -30,7 +30,7 @@ Step 1: Deploy Mattermost 1. Deploy Mattermost from the `Azure Marketplace Container Offer `_ and select **Get it now**. - - Alternatively, you can go to the ``Extensions + Applications`` section of your AKS cluster and install the Mattermost offering from there. Visit the `Microsoft cluster extensions documentation `_ to learn more. + Alternatively, you can go to the ``Extensions + Applications`` section of your AKS cluster and install the Mattermost offering from there. Visit the `Microsoft cluster extensions documentation `_ to learn more. 2. Choose the **Resource Group** and the **Region** of your installed AKS and PostgreSQL database. @@ -55,12 +55,12 @@ Step 1: Deploy Mattermost 6. Configure Mattermost installation hostname and Ingress details. The AGIC add-on is used in the following example to show the ingress annotations required. - a. You can use any pre-installed Ingress Controller in your cluster as long as it supports Kubernetes Ingress and TLS termination. + You can use any pre-installed Ingress Controller in your cluster as long as it supports Kubernetes Ingress and TLS termination. - .. code-block:: yaml + .. code-block:: yaml - kubernetes.io/ingress.class: azure/application-gateway - appgw.ingress.kubernetes.io/ssl-redirect: "true" + kubernetes.io/ingress.class: azure/application-gateway + appgw.ingress.kubernetes.io/ssl-redirect: "true" 7. Additionally, we recommend considering: @@ -73,11 +73,11 @@ Step 1: Deploy Mattermost 8. Ensure that everything is running. You should be able to check the installed plugin from the **AKS Extensions + Applications** page under the **Settings** menu. - a. When the deployment is complete, obtain the hostname or IP address of your Mattermost deployment using the following command: + When the deployment is complete, obtain the hostname or IP address of your Mattermost deployment using the following command: - .. code-block:: sh + .. code-block:: sh - kubectl -n mattermost-operator get ingress + kubectl -n mattermost-operator get ingress 9. Use your IP address from the ``ADDRESS`` column, and create a DNS record in your domain registration service. @@ -101,6 +101,13 @@ Step 2: Upgrade Mattermost via your AKS cluster 4. Select **Save** and wait for the upgrade. +Looking for a sovereign deployment on Azure Local? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For organizations requiring on-premises deployments with data sovereignty, **Azure Local** (formerly Azure Stack HCI) provides a hybrid cloud platform that enables you to run Mattermost on-premises while maintaining integration with Microsoft Teams and M365. + +We recommend engaging **Mattermost Professional Services** for Azure Local deployments to ensure optimal configuration and compliance with your security requirements. `Talk to an Expert `_ to discuss your Azure Local deployment needs. + .. important:: - You are responsible for Azure costs associated with any infrastructure you spin up to host a Mattermost server, and Azure credits cannot be applied towards the purchase of a Mattermost license. + You are responsible for Azure costs associated with any infrastructure you spin up to host a Mattermost server, and Azure credits cannot be applied towards the purchase of a Mattermost license. \ No newline at end of file diff --git a/source/end-user-guide/collaborate/manage-channel-members.rst b/source/end-user-guide/collaborate/manage-channel-members.rst index fbee013aa8a..804ffa46d48 100644 --- a/source/end-user-guide/collaborate/manage-channel-members.rst +++ b/source/end-user-guide/collaborate/manage-channel-members.rst @@ -11,6 +11,10 @@ Add members to a channel Using Mattermost in a web browser or the desktop app, any member of a channel can add other members to public or private channels, unless your system admin has restricted access to do so. +.. note:: + + If a channel has attribute-based access controls enabled, you'll see details about the required user attributes. Only users who meet the requirements appear in search results when adding members. See the :doc:`attribute-based access control ` documentation for more details. + .. tab:: Web/Desktop 1. Select the channel name at the top of the center pane to access the drop-down menu, then select **Add Members**. @@ -23,7 +27,7 @@ Using Mattermost in a web browser or the desktop app, any member of a channel ca .. tip:: - From Mattermost v7.8, people you've messaged directly are listed first, followed by all users in alphabetical order. - - Alternatively, to add members to a channel, select the channel name, select the **View Info** |channel-info| icon, select **Members** in the right pane, and then select **Add**. + - Alternatively, to add members to a channel, select the channel name, select the **View Info** |channel-info| icon, select **Members** in the right pane, and then select **Add**. If the channel has access control restrictions, you'll see details about required attributes at the top of the right pane. .. tab:: Mobile diff --git a/source/product-overview/deprecated-features.rst b/source/product-overview/deprecated-features.rst index 418d1ec1097..921987c482c 100644 --- a/source/product-overview/deprecated-features.rst +++ b/source/product-overview/deprecated-features.rst @@ -11,7 +11,7 @@ Mattermost Server v11.0.0 (October 2025) - GitLab SSO will be deprecated from Team Edition. Deployments using GitLab SSO can remain on v10.11 ESR (with 12 months of security updates) while transitioning to our new free offering Mattermost Entry, or exploring commercial/nonprofit options. See more details in `this forum post `__. - The ``TeamSettings.ExperimentalViewArchivedChannels`` setting will be deprecated. Archived channels will always be accessible, subject to normal channel membership. The server will fail to start if this setting is set to ``false``; to deny access to archived channels, mark them as private and remove affected channel members. See more details in `this forum post `__. -- Playbooks will stop working for Team Edition. Professional, Enterprise, and Enterprise Advanced plans will automatically be upgraded to Playbooks v2 with no expected downtime. +- Playbooks will stop working for Team Edition. Entry, Professional, Enterprise, and Enterprise Advanced plans will automatically be upgraded to Playbooks v2 with no expected downtime. See more details in `this forum post `__. - Experimental Bleve Search functionality will be retired. See more details in `this forum post `__. - Support for MySQL will be ended. See more details in `this forum post `__. - The ``ExperimentalStrictCSRFEnforcement`` setting will be renamed to ``StrictCSRFEnforcement`` and the default value will be changed to ``true`` for new installations. See more details in `this forum post `__. @@ -24,6 +24,7 @@ Mattermost Server v11.0.0 (October 2025) - Format query parameter requirement in ``/api/v4/config/client`` endpoint will be deprecated. - Deprecated mmctl commands and flags will be removed. - Experimental certificate-based authentication feature will be removed. ``ExperimentalSettings.ClientSideCertEnable`` must be ``false`` to start the server. +- The bcrypt password hashing method will be deprecated in favor of PBKDF2. Downgrading the server from v11 to a previous version will leave users whose password was migrated unable to log in. Admins will need to manually reset user passwords until the server is upgraded back to v11. - Separate notification log file will be deprecated. If admins want to continue using a separate log file for notification logs, they can use the ``AdvancedLoggingJSON`` configuration. An example configuration to use is: .. code-block:: sh diff --git a/source/product-overview/desktop-app-changelog.md b/source/product-overview/desktop-app-changelog.md index 6f9ec8a65d4..ace3978bffd 100644 --- a/source/product-overview/desktop-app-changelog.md +++ b/source/product-overview/desktop-app-changelog.md @@ -12,9 +12,16 @@ This changelog summarizes updates to Mattermost desktop app releases for [Matter (release-v5-13)= ## Release v5.13 (Extended Support Release) -**Release Day: 2025-08-15** +- **v5.13.1, released 2025-09-10** -**Download Binaries:** [Mattermost Desktop on GitHub](https://github.com/mattermost/desktop/releases/latest) + - Mattermost Desktop App v5.13.1 contains low to medium severity level security fixes. Upgrading is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). + - Upgraded to Electron 37.4.0. + +- **v5.13.0, released 2025-08-15** + + - Original v5.13.0 release + +**Download Binaries:** [Mattermost Desktop on GitHub](https://github.com/mattermost/desktop/releases/v5.13.1) ### Compatibility diff --git a/source/product-overview/mattermost-desktop-releases.md b/source/product-overview/mattermost-desktop-releases.md index 90b08402281..c5b0d117f77 100644 --- a/source/product-overview/mattermost-desktop-releases.md +++ b/source/product-overview/mattermost-desktop-releases.md @@ -21,7 +21,7 @@ Mattermost releases a new desktop app version every 4 months, in February, May, | **Release** | **Support** | **Compatible with** | |:---|:---|:---| -| v5.13 [Download](https://github.com/mattermost/desktop/releases/tag/v5.13.0) \| {ref}`Changelog ` \| [SBOM download](https://github.com/mattermost/desktop/releases/download/v5.13.0/sbom-desktop-v5.13.0.json) | Released: 2025-08-15
Support Ends: 2026-08-15 {ref}`EXTENDED ` | {ref}`v10.11 `, {ref}`v10.10 `, {ref}`v10.9 `, {ref}`v10.5 ` | +| v5.13 [Download](https://github.com/mattermost/desktop/releases/tag/v5.13.1) \| {ref}`Changelog ` \| [SBOM download](https://github.com/mattermost/desktop/releases/download/v5.13.1/sbom-desktop-v5.13.1.json) | Released: 2025-08-15
Support Ends: 2026-08-15 {ref}`EXTENDED ` | {ref}`v10.11 `, {ref}`v10.10 `, {ref}`v10.9 `, {ref}`v10.5 ` | | v5.12 [Download](https://github.com/mattermost/desktop/releases/tag/v5.12.1) \| {ref}`Changelog ` \| [SBOM download](https://github.com/mattermost/desktop/releases/download/v5.12.1/sbom-desktop-v5.12.1.json) | Released: 2025-05-16
Support Ends: 2025-08-15 | {ref}`v10.10 `, {ref}`v10.9 `, {ref}`v10.8 `, {ref}`v10.7 `, {ref}`v10.6 `, {ref}`v10.5 ` | | v5.11 [Download](https://github.com/mattermost/desktop/releases/tag/v5.11.3) \| {ref}`Changelog ` | Released: 2025-02-14
Support Ends: 2025-11-15 | {ref}`v10.7 `, {ref}`v10.6 `, {ref}`v10.5 `, {ref}`v10.4 `, {ref}`v10.3 `, {ref}`v9.11 ` | | v5.10 [Download](https://github.com/mattermost/desktop/releases/tag/v5.10.2) \| {ref}`Changelog ` | Released: 2024-11-15
Support Ends: 2025-02-13 | {ref}`v10.2 `, {ref}`v10.1 `, {ref}`v10.0 `, {ref}`v9.11 `, {ref}`v9.5 ` | diff --git a/source/product-overview/mattermost-server-releases.md b/source/product-overview/mattermost-server-releases.md index 04648a298b4..8ed16d70b3e 100644 --- a/source/product-overview/mattermost-server-releases.md +++ b/source/product-overview/mattermost-server-releases.md @@ -29,7 +29,7 @@ Mattermost releases a new server version on the 16th of each month in [binary fo | v10.8 [Download](https://releases.mattermost.com/10.8.4/mattermost-10.8.4-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-05-16 | 2025-08-15 | | v10.7 [Download](https://releases.mattermost.com/10.7.4/mattermost-10.7.4-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-04-16 | 2025-07-15 | | v10.6 [Download](https://releases.mattermost.com/10.6.6/mattermost-10.6.6-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-03-16 | 2025-06-15 | -| v10.5 [Download](https://releases.mattermost.com/10.5.10/mattermost-10.5.10-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-02-16 | 2025-11-15 {ref}`EXTENDED ` | +| v10.5 [Download](https://releases.mattermost.com/10.5.11/mattermost-10.5.11-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-02-16 | 2025-11-15 {ref}`EXTENDED ` | | v10.4 [Download](https://releases.mattermost.com/10.4.5/mattermost-10.4.5-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2025-01-16 | 2025-04-15 | | v10.3 [Download](https://releases.mattermost.com/10.3.4/mattermost-10.3.4-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2024-12-16 | 2025-03-15 | | v10.2 [Download](https://releases.mattermost.com/10.2.3/mattermost-10.2.3-linux-amd64.tar.gz) \| {ref}`Changelog ` \|
SBOM
| 2024-11-15 | 2025-02-15 | diff --git a/source/product-overview/mattermost-v10-changelog.md b/source/product-overview/mattermost-v10-changelog.md index c09a874d240..6626d390027 100644 --- a/source/product-overview/mattermost-v10-changelog.md +++ b/source/product-overview/mattermost-v10-changelog.md @@ -646,6 +646,11 @@ New setting options were added to ``config.json``. Below is a list of the additi (release-v10.5-extended-support-release)= ## Release v10.5 - [Extended Support Release](https://docs.mattermost.com/about/release-policy.html#release-types) +- **10.5.11, released 2025-09-10** + - Mattermost v10.5.11 contains low to high severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release is recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). + - Fixed an issue where the content of webhook posts did not display [MM-64626](https://mattermost.atlassian.net/browse/MM-64626). + - Fixed an issue where unread messages from muted channels were shown in the favicon/desktop app [MM-64883](https://mattermost.atlassian.net/browse/MM-64883). + - Mattermost v10.5.11 contains no database or functional changes. - **10.5.10, released 2025-08-15** - Mattermost v10.5.10 contains low to high severity level security fixes. [Upgrading](https://docs.mattermost.com/upgrade/upgrading-mattermost-server.html) to this release as soon as possible is highly recommended. Details will be posted on our [security updates page](https://mattermost.com/security-updates/) 30 days after release as per the [Mattermost Responsible Disclosure Policy](https://mattermost.com/security-vulnerability-report/). - Mattermost v10.5.10 contains no database or functional changes. diff --git a/source/product-overview/version-archive.rst b/source/product-overview/version-archive.rst index 073441f8fa6..a33910a96a7 100644 --- a/source/product-overview/version-archive.rst +++ b/source/product-overview/version-archive.rst @@ -44,11 +44,11 @@ If you want to check that the version of Mattermost you are installing is the of - SHA-256 Checksum: ``c763ba7d25b42051d8ff6b3de18cf9ec312d4e5d985f754a37c29f86988cb93b`` - GPG Signature: https://releases.mattermost.com/10.6.6/mattermost-10.6.6-linux-amd64.tar.gz.sig - SBOM Download Link: https://releases.mattermost.com/10.6.6/sbom-enterprise-v10.6.6.json - Mattermost Enterprise Edition v10.5.10 *Extended Support Release (ESR)* - `View Changelog `__ - `Download `__ - - ``https://releases.mattermost.com/10.5.10/mattermost-10.5.10-linux-amd64.tar.gz`` - - SHA-256 Checksum: ``ba8fb5dbda927feed0671b4f673de58b5be707158ad6e808cf7ee4cff8d212b8`` - - GPG Signature: https://releases.mattermost.com/10.5.10/mattermost-10.5.10-linux-amd64.tar.gz.sig - - SBOM Download Link: https://releases.mattermost.com/10.5.10/sbom-enterprise-v10.5.10.json + Mattermost Enterprise Edition v10.5.11 *Extended Support Release (ESR)* - `View Changelog `__ - `Download `__ + - ``https://releases.mattermost.com/10.5.11/mattermost-10.5.11-linux-amd64.tar.gz`` + - SHA-256 Checksum: ``d77e136fb45352c49969bd7418899f9ddbc8daf73f297bfa4b7bc9ad2f9a8b0d`` + - GPG Signature: https://releases.mattermost.com/10.5.11/mattermost-10.5.11-linux-amd64.tar.gz.sig + - SBOM Download Link: https://releases.mattermost.com/10.5.11/sbom-enterprise-v10.5.11.json Mattermost Enterprise Edition v10.4.5 - `View Changelog `__ - `Download `__ - ``https://releases.mattermost.com/10.4.5/mattermost-10.4.5-linux-amd64.tar.gz`` - SHA-256 Checksum: ``f85f4cf564f940f82a37c17a94f8689dda9c0e79c58a204c7d175c9ecb620773`` @@ -472,11 +472,11 @@ If you want to check that the version of Mattermost you are installing is the of - SHA-256 Checksum: ``c829f301d3fc2fdd6061454a3ea3aa4f26d398340398a736c3402bd5eeb345f9`` - GPG Signature: https://releases.mattermost.com/10.6.6/mattermost-team-10.6.6-linux-amd64.tar.gz.sig - SBOM Download Link: https://github.com/mattermost/mattermost/releases/download/v10.6.6/sbom-mattermost-v10.6.6.json - Mattermost Team Edition v10.5.10 *Extended Support Release (ESR)* - `View Changelog `__ - `Download `__ - - ``https://releases.mattermost.com/10.5.10/mattermost-team-10.5.10-linux-amd64.tar.gz`` - - SHA-256 Checksum: ``ee8ce0bdfc0a5cb27b7d87922f6c9fced41063f62f57c847d21b2cbedd6a19e1`` - - GPG Signature: https://releases.mattermost.com/10.5.10/mattermost-team-10.5.10-linux-amd64.tar.gz.sig - - SBOM Download Link: https://github.com/mattermost/mattermost/releases/download/v10.5.10/sbom-mattermost-v10.5.10.json + Mattermost Team Edition v10.5.11 *Extended Support Release (ESR)* - `View Changelog `__ - `Download `__ + - ``https://releases.mattermost.com/10.5.11/mattermost-team-10.5.11-linux-amd64.tar.gz`` + - SHA-256 Checksum: ``0c4b44036902dfe6a89dea08a55e57feb00ad9d76011d2aa7fc4a9fe2a0c6f7c`` + - GPG Signature: https://releases.mattermost.com/10.5.11/mattermost-team-10.5.11-linux-amd64.tar.gz.sig + - SBOM Download Link: https://github.com/mattermost/mattermost/releases/download/v10.5.11/sbom-mattermost-v10.5.11.json Mattermost Team Edition v10.4.5 - `View Changelog `__ - `Download `__ - ``https://releases.mattermost.com/10.4.5/mattermost-team-10.4.5-linux-amd64.tar.gz`` - SHA-256 Checksum: ``31edebbc416c8978a81f40cffe7ed98f9b39f8a1f695b18bdf98dddc9edb650c`` diff --git a/source/use-case-guide/maximize-microsoft-investments.rst b/source/use-case-guide/maximize-microsoft-investments.rst index bf089cdb62a..08312dc8fa1 100644 --- a/source/use-case-guide/maximize-microsoft-investments.rst +++ b/source/use-case-guide/maximize-microsoft-investments.rst @@ -29,7 +29,7 @@ As Skype for Business reaches end-of-life, secure organizations require an alter - **Preserve mission-critical communication workflows** with a self-hosted Mattermost deployment that supports :doc:`1:1 calls `, :ref:`screen sharing `, and :doc:`threaded messaging ` within secure environments. - **Integrate Mattermost with Microsoft tools** such as Outlook, Teams, and :doc:`Entra ID Single Sign-On ` to retain user workflows while centralizing identity and access control. See :doc:`Mattermost for M365, Teams, and Outlook `. -- **Deploy in sovereign, air-gapped, or private cloud environments** such as `Azure Deployment `_ while maintaining compliance with STIG, FedRAMP, and NIST 800-53 standards. +- **Deploy in sovereign, air-gapped, or private cloud environments** such as `Azure Deployment `_ or **Azure Local** (formerly Azure Stack HCI) for on-premises hybrid cloud scenarios while maintaining compliance with STIG, FedRAMP, and NIST 800-53 standards. For Azure Local deployments, we recommend engaging **Mattermost Professional Services** for deployment support. `Talk to an Expert `_ to learn more. :doc:`Learn more ` about replacing Skype for Business with Mattermost. diff --git a/source/use-case-guide/on-prem-skype-for-business-replacement.rst b/source/use-case-guide/on-prem-skype-for-business-replacement.rst index 918bbfc59df..c663100e9af 100644 --- a/source/use-case-guide/on-prem-skype-for-business-replacement.rst +++ b/source/use-case-guide/on-prem-skype-for-business-replacement.rst @@ -19,7 +19,7 @@ Organizations operating in fully disconnected or classified environments require - **Ensure secure communication in fully disconnected networks** using Mattermost's support for private on-premise deployments, including FIPS 140-3 validated and DISA STIG-hardened container images. :doc:`Learn more ` about Mattermost's architecture, components, and backend infrastructure. - **Maintain operational continuity** with enterprise-grade :doc:`channel-based collaboration `— including :doc:`1:1 audio calls `, :ref:`screen sharing `, :doc:`threaded messaging `, and :doc:`file sharing `—entirely within air-gapped systems. - **Scale to mission requirements** with a :doc:`high-availability, horizontally scalable architecture ` that supports tens of thousands of users in secure on-prem environments. -- **Preserve data sovereignty and eliminate external dependencies** with a self-hosted :doc:`Kubernetes deployment model ` that integrates into classified networks or sovereign data centers. +- **Preserve data sovereignty and eliminate external dependencies** with a self-hosted :doc:`Kubernetes deployment model ` that integrates into classified networks, sovereign data centers, or **Azure Local** (formerly Azure Stack HCI) for hybrid cloud on-premises scenarios. Modernize Secure Collaboration Workflows ------------------------------------------ @@ -52,5 +52,6 @@ Collaborating across organizational boundaries must not compromise compliance or Get Started ----------- -`Talk to an Expert `_ to learn more about transitioning from Skype for Business to a secure, modern collaboration platform built for mission-critical environments. With Mattermost, your organization gains a self-hosted, scalable, and compliant solution tailored for classified operations, secure external engagement, and operational modernization. +With Mattermost, your organization gains a self-hosted, scalable, and compliant solution tailored for classified operations, secure external engagement, and operational modernization. +`Talk to an Expert `_ to learn more about transitioning from Skype for Business to a secure, modern collaboration platform built for mission-critical environments, or to discuss your Azure Local deployment needs. Organizations deploying Mattermost on Azure Local (formerly Azure Stack HCI) for on-premises hybrid cloud scenarios can engage **Mattermost Professional Services** for deployment support to ensure optimal configuration and compliance with your security requirements. \ No newline at end of file