IAM for Logs Data Platform - Migration and Breaking Changes

Objective

This guide explains the breaking changes resulting from the IAM migration and provides guidance on how to take advantage of the new IAM integration.

Requirements

• An OVHcloud account
• Access to the OVHcloud Control Panel
• A Logs Data Platform service

Instructions

What is IAM?

IAM stands for Identity and Access Management. It is a system of policies and processes that enable organizations or users to manage digital identities and control access to sensitive resources, such as applications, data, systems, and in the case of Logs Data Platform: logs.

• Security: IAM ensures that only authorized individuals or systems can access your logs. Authentication methods include two-factor authentication or federation systems.
• Convenience: IAM simplifies user management as it is unified across all OVHcloud products, allowing individuals to access all their products with one set of credentials.
• Flexibility: IAM allows you to create sophisticated policies for sharing resources in a robust way.

IAM Migration for Logs Data Platform

The IAM Migration for Logs Data Platform is scheduled for 17 September 2025. A scheduled maintenance will enable IAM for all Logs Data Platform customers, introducing new features and allowing full migration to IAM.

Breaking Changes

Roles and Permissions

If you use the role and permission system, please note that members of your roles will no longer see shared items in their own service when connecting to the Logs Data Platform control panel.

However, they will still be able to access these items when using their credentials on the relevant backends (Graylog, OpenSearch Dashboards, Grafana).

If you use the role and permission system, we strongly recommend migrating to IAM policies.

Web UIs

The Graylog Web UI will now display an Identity Provider selector. You can find the username/password authenticator by selecting Legacy username/password. You can also try the OVHcloud IAM authenticator by selecting the appropriate provider (EU or CA).

Deprecated Features

The IAM migration allows us to deprecate some Logs Data Platform features that have IAM replacements:

• Roles and permissions
• Legacy tokens

These features are replaced by access management policies and by either Local Users Personal Access Tokens or Service account tokens.

Useful Documentation

IAM Resources

• OVHcloud identities
• Local users management
• Service accounts
• Policies UI
• Policies API

IAM for Logs Data Platform

• Presentation and FAQ
• Access Management

Go further

• Introduction to Logs Data Platform
• IAM for Logs Data Platform - Presentation and FAQ
• Our documentation
• Join our community of users
• Create an account: Try it!