Access Logs from the Platform
An observability platform is necessary for visualization and reporting purposes. IONOS uses Grafana to enable you to meet your visualization needs.
Grafana access
Access to Grafana is linked to your logging or monitoring pipelines or central logging or monitoring and IAM Single Sign-On (SSO).
No pipelines or central logging or monitoring: Attempting to log in is blocked, and an error message is displayed. Create at least one pipeline first.
Active pipelines or central logging or monitoring: As soon as at least one pipeline is created through the DCD or API, login with your IONOS account is enabled, and you can use Grafana.
Deleted pipelines: If all pipelines are deleted and there are no central logging or monitoring instances, Grafana access remains for 30 days. After 30 days of inactivity, the following actions occur:
Grafana access is removed.
Service accounts are disabled, and tokens become invalid.
Returning after inactivity:
Creating a new pipeline after 30+ days restores Grafana access.
All users are created anew with admin rights and new UUIDs. You must reconfigure roles, permissions, and dashboards.
Service accounts are enabled, and tokens become operational again.
Team settings will also be restored, but users will need to be re-added to the team.
Central logging or monitoring users:
Having central logging or monitoring instances automatically grants Grafana access without manual pipeline creation.
Similarly, not having any pipelines, disabling central logging or monitoring, or not having any central logging or monitoring instances when there are no pipelines automatically removes Grafana access after 30 days of inactivity. Grafana access after 30 days of inactivity.
Troubleshooting login
If you are unable to log into Grafana, ensure:
The user is active and has access to the DCD.
The user has or has had a logging pipeline at least once within the last 30 days and is connected to the specified contract number.
The user has enabled central logging at least once within the last 30 days.
The user uses the correct email address associated with the contract number.
If the issue persists, contact IONOS Cloud Support.
Examples
Scenario: No pipelines or central logging or monitoring instances yet
Behavior: Login rejected with an error message "Sign up is disabled".
Resolution: Create a pipeline (DCD or API) or create a central logging or monitoring instance to enable access.
Scenario: Pipelines and central logging or monitoring instances deleted
Behavior: Access continues for 30 days; after that, access is revoked, users are removed, and service accounts are disabled; dashboards will be restored upon return.
Resolution: Create a new pipeline or central logging or monitoring instance within 30 days to maintain uninterrupted access.
Scenario: Central logging or monitoring instances are present
Behavior: Grafana access is granted immediately and remains available while the feature is active.
Obtain your Grafana URL
You can obtain your Grafana instance address by sending a GET request to the server. For more information, see Retrieve logging pipeline information. The response contains the grafanaAddress. This information remains the same for all your logging pipelines.
Using the URL in the grafanaAddress, you can access Grafana.
How to Restrict Grafana access
Access to Grafana via SSO depends on IAM and the pipeline lifecycle. To effectively restrict Grafana access:
Remove or restrict the user in IAM for the relevant contract (so they cannot SSO).
Remove the user from the Grafana organization to clean up roles and memberships.
Warning:
Changing privileges in the IONOS Cloud API or the DCD without restricting the user’s IAM access may not immediately prevent Grafana SSO, even when pipelines are active or during the 30-day grace period.
Removing a user only from the Grafana organization does not control SSO eligibility; ensure the user’s IAM access is revoked if complete removal is required.
Last updated
Was this helpful?