diff --git a/images/activate-license/activate-enterprise-plan.webp b/images/activate-license/activate-enterprise-plan.webp
new file mode 100644
index 0000000..2c5d66c
Binary files /dev/null and b/images/activate-license/activate-enterprise-plan.webp differ
diff --git a/images/ldap/enable-ldap.webp b/images/ldap/enable-ldap.webp
new file mode 100644
index 0000000..cf3d64c
Binary files /dev/null and b/images/ldap/enable-ldap.webp differ
diff --git a/images/ldap/ldap-configuration.webp b/images/ldap/ldap-configuration.webp
new file mode 100644
index 0000000..18cb1ed
Binary files /dev/null and b/images/ldap/ldap-configuration.webp differ
diff --git a/images/ldap/sign-in-ldap.webp b/images/ldap/sign-in-ldap.webp
new file mode 100644
index 0000000..23fa4e6
Binary files /dev/null and b/images/ldap/sign-in-ldap.webp differ
diff --git a/mint.json b/mint.json
index f81cda8..5c0d2fb 100644
--- a/mint.json
+++ b/mint.json
@@ -110,6 +110,7 @@
"self-hosting/govern/github-oauth",
"self-hosting/govern/oidc-sso",
"self-hosting/govern/saml-sso",
+ "self-hosting/govern/ldap",
"self-hosting/govern/reset-password"
]
},
@@ -147,6 +148,13 @@
"self-hosting/manage/upgrade-from-0.13.2-0.14.0"
]
},
+ {
+ "group": "Manage licenses",
+ "pages": [
+ "self-hosting/manage/manage-licenses/activate-pro-and-business",
+ "self-hosting/manage/manage-licenses/activate-enterprise"
+ ]
+ },
"self-hosting/manage/view-logs",
"self-hosting/manage/migrate-plane",
"self-hosting/manage/prime-cli"
diff --git a/self-hosting/govern/integrations/sentry.mdx b/self-hosting/govern/integrations/sentry.mdx
index f8943f7..a0f6b22 100644
--- a/self-hosting/govern/integrations/sentry.mdx
+++ b/self-hosting/govern/integrations/sentry.mdx
@@ -43,8 +43,6 @@ A custom integration (also called a public integration) connects your Sentry org
Replace `[YOUR_DOMAIN]` with your actual Plane instance domain. For example, if your Plane instance is at `plane.company.com`, your Webhook URL would be `https://plane.company.com/silo/api/sentry/sentry-webhook/`
- 
-
**Field explanations:**
**Webhook URL**
@@ -238,8 +236,6 @@ Configure these permissions to allow Sentry to interact with Plane appropriately
| **Member** | Read | Access member details for assignee functionality |
| **Alerts** | Read | Enable alert rule actions for automatic issue creation |
-
-
### Enable webhooks
Webhooks keep Plane and Sentry synchronized. When issues change in Sentry, Plane receives notifications and updates accordingly.
@@ -254,8 +250,6 @@ Enable the **issue** webhook with these events:
| **archived** | Reflect archived status in Plane |
| **unresolved** | Update Plane when resolved issues reopen |
-
-
### Save and retrieve credentials
After saving your integration, Sentry generates OAuth credentials:
diff --git a/self-hosting/govern/ldap.mdx b/self-hosting/govern/ldap.mdx
new file mode 100644
index 0000000..5a52eb1
--- /dev/null
+++ b/self-hosting/govern/ldap.mdx
@@ -0,0 +1,171 @@
+---
+title: LDAP authentication
+sidebarTitle: LDAP
+---
+
+LDAP (Lightweight Directory Access Protocol) authentication lets your team sign in to Plane using their existing corporate credentials. Instead of creating separate Plane passwords, users authenticate through your organization's directory service.
+
+## Before you begin
+
+You'll need:
+
+- Plane Commercial Edition with an active Enterprise plan license.
+ - Don't have an Enterprise license? Contact Sales at [sales@plane.so](mailto:sales@plane.so) to get started.
+ - Already have a license? See how to [activate your Enterprise license](/self-hosting/manage/manage-licenses/activate-enterprise).
+- Connection details for your LDAP server.
+- A service account on your LDAP server with read-only access to the user directory.
+
+## Configure LDAP authentication
+
+1. Sign in to your Plane instance in [God Mode](/self-hosting/govern/instance-admin).
+ 
+2. Select **Authentication** from the left pane.
+3. Click **Configure** next to **LDAP** at the bottom of the page.
+4. Enter your LDAP server details.
+ 
+ - **Server URI (required)**
+ This is the address of your LDAP server. Include the protocol and port number.
+
+ **Format:**
+ - For unencrypted connections: `ldap://hostname:389`
+ - For encrypted connections (recommended): `ldaps://hostname:636`
+
+ **Examples:**
+ ```
+ ldap://ldap.company.com:389
+ ldaps://ad.company.com:636
+ ldap://192.168.1.100:389
+ ```
+
+ - **Bind DN (required)**
+
+ This is the username of the service account that Plane will use to search your directory. Think of it as Plane's "read-only" account on your LDAP server.
+
+ The format varies depending on your directory service:
+
+ **Active Directory examples:**
+ ```
+ cn=PlaneService,ou=Service Accounts,dc=company,dc=com
+ plane-svc@company.com
+ ```
+
+ **OpenLDAP examples:**
+ ```
+ cn=admin,dc=example,dc=com
+ cn=readonly,ou=services,dc=example,dc=com
+ ```
+
+ - **Bind Password (required)**
+
+ Enter the password for your service account (Bind DN). Plane encrypts and stores this securely in its database.
+
+ - **User Search Base (required)**
+
+ This defines where in your directory Plane should look for users. Think of it as the "starting folder" for user searches.
+
+ Use the most specific path possible for better performance.
+
+ **Examples:**
+ ```
+ ou=users,dc=example,dc=com
+ ou=employees,ou=people,dc=company,dc=com
+ cn=users,dc=company,dc=local
+ ```
+
+ - **User Search Filter (optional)**
+
+ This tells Plane how to find users when they try to sign in. Use `{username}` as a placeholder - Plane replaces it with whatever the user types in the login field.
+
+ **Common filters by directory type:**
+
+ | Directory Type | Filter | What it does |
+ |----------------|--------|--------------|
+ | OpenLDAP | `(uid={username})` | Searches by user ID |
+ | Active Directory | `(sAMAccountName={username})` | Searches by Windows login name |
+ | Active Directory | `(userPrincipalName={username})` | Searches by email-style username |
+ | Any | `(mail={username})` | Searches by email address |
+
+ **Default:** If you don't specify a filter, Plane uses `(uid={username})`.
+
+ **Combined filter example:**\
+ If you want users to sign in with either their username OR email:
+ ```
+ (|(uid={username})(mail={username}))
+ ```
+
+ - **User Attributes (optional)**
+
+ List the LDAP attributes Plane should retrieve to create user profiles. Plane uses these to populate the user's display name and email in Plane.
+
+ **How Plane maps attributes:**
+
+ | Plane needs | LDAP provides (in order of preference) |
+ |-------------|----------------------------------------|
+ | Email address | `mail`, `userPrincipalName` |
+ | First name | `givenName`, or first part of `cn` if `givenName` is missing |
+ | Last name | `sn`, or last part of `cn` if `sn` is missing |
+
+ **Recommended setting:**
+ ```
+ mail,cn,givenName,sn,userPrincipalName,displayName
+ ```
+
+ **Default:** If you don't specify attributes, Plane uses `mail,cn,givenName,sn`.
+
+ - **Provider Name (optional)**
+
+ This is the label that appears on Plane's login button. Choose something your team will recognize.
+
+ **Examples:**
+ - `Corporate Directory`
+ - `Company SSO`
+ - `Active Directory`
+
+ **Default:** If you don't specify a name, Plane shows `LDAP`.
+
+ The login button will display as: **"Sign in with [Provider Name]"**
+
+5. Click **Save changes** to apply your LDAP settings. Plane will validate the connection to your LDAP server.
+
+6. Users will see **Sign in with LDAP** on Plane's login page and can use their directory credentials to sign in.
+ 
+
+## How LDAP authentication works
+
+LDAP authentication in Plane works through a two-phase process. First, Plane locates the user in your directory, then it verifies their credentials. This separation is fundamental to how LDAP works and explains why you need both a service account (Bind DN) and the user's own credentials.
+
+### The service account pattern
+Unlike simpler authentication systems where you might directly check a username and password against a database, LDAP uses what's called a "bind" operation. Plane needs to authenticate twice: once as itself (using the Bind DN) to search your directory, and once as the user to verify their password.
+
+This is why you configure a Bind DN and password - it's Plane's identity on your LDAP server. Think of it as Plane introducing itself before asking about your users. The Bind DN only needs read access because Plane is just looking up information, never modifying your directory.
+
+### The authentication flow
+When a user tries to sign in, here's what happens behind the scenes:
+
+**Connection and service authentication**
+Plane connects to your LDAP server using the Server URI, then authenticates using the Bind DN credentials. If this fails, no users can sign in; the service account must work first.
+
+**User search**
+Now authenticated, Plane searches for the user starting from the User Search Base and applying the User Search Filter. For example, if a user enters "jsmith" and your filter is `(uid={username})`, Plane searches for `(uid=jsmith)`. The search returns the user's distinguished name (DN), their full path in the directory.
+
+**User authentication**
+Plane now attempts to bind again using the user's DN and their entered password. If the bind succeeds, the password is correct. This is why LDAP authentication is secure. Plane never stores user passwords; they go straight to your LDAP server for verification.
+
+**Profile creation**
+Once authentication succeeds, Plane retrieves the User Attributes you configured (like email, first name, last name) from the user's LDAP record. If this is the user's first time signing in, Plane creates their profile using this information. If they've signed in before, Plane updates their profile with any changes from LDAP.
+
+**Session establishment**
+Finally, Plane creates a session for the user and redirects them into the workspace. From this point on, the user's session works identically to any other Plane session. The LDAP interaction is complete.
+
+### Why search filters matter
+The User Search Filter determines sign-in flexibility. A simple filter like `(uid={username})` requires exact usernames, but you can make it more flexible:
+
+`(mail={username})` lets users sign in with email
+`(|(uid={username})(mail={username}))` allows either username or email
+
+Filters can also restrict access: `(&(uid={username})(memberOf=cn=plane-users,ou=groups,dc=company,dc=com))` only permits specific group members.
+
+### The role of user attributes
+User Attributes tell Plane which LDAP fields to retrieve after authentication. This is separate from the search filter. The filter finds the user, the attributes populate their profile.
+
+Plane specifically looks for email addresses (required) and names (optional). If your LDAP server uses different attribute names, you need to include them.
\ No newline at end of file
diff --git a/self-hosting/manage/manage-licenses/activate-enterprise.mdx b/self-hosting/manage/manage-licenses/activate-enterprise.mdx
new file mode 100644
index 0000000..ae7a7c4
--- /dev/null
+++ b/self-hosting/manage/manage-licenses/activate-enterprise.mdx
@@ -0,0 +1,20 @@
+---
+title: Activate Enterprise license
+sidebarTitle: Activate Enterprise
+---
+
+Enterprise plan licenses are activated at the instance level through God Mode, not through individual workspace settings. This gives instance administrators centralized control over Enterprise features across all workspaces.
+
+## Activate license key
+
+1. Sign in to the [Prime portal](https://prime.plane.so/licenses) with the email address you used to purchase your Enterprise plan.
+2. Navigate to **Manage licenses**.
+3. Copy the license key for your Enterprise plan.
+4. Sign in to your Plane instance in [God Mode](/self-hosting/govern/instance-admin).
+5. Select **Billing** from the left pane.
+6. Paste your license key in the **Activate Enterprise license** field.
+7. Click **Activate**.
+
+ 
+
+Once activated, Enterprise features become available across all workspaces on your instance.
diff --git a/self-hosting/manage/manage-licenses/activate-pro-and-business.mdx b/self-hosting/manage/manage-licenses/activate-pro-and-business.mdx
new file mode 100644
index 0000000..b7efb1e
--- /dev/null
+++ b/self-hosting/manage/manage-licenses/activate-pro-and-business.mdx
@@ -0,0 +1,60 @@
+---
+title: Activate Pro and Business licenses
+sidebarTitle: Activate Pro or Business
+---
+
+Pro and Business plan licenses are activated at the workspace level as each license is tied to a specific workspace.
+
+## Activate your license
+Activate a paid plan license on your self-hosted Plane instance using a license key from the Prime portal.
+
+1. Login to the [Prime portal](https://prime.plane.so/licenses) with the same email address you used to purchase one of our paid plans.
+
+2. Go to [Manage licenses](https://prime.plane.so/licenses). Copy the value of the **License key** for the license you want to activate.
+
+ 
+
+
+ Click the **Get more licenses** button as in the image above on the [Prime portal](https://prime.plane.so/licenses/plans) to buy more licenses.
+
+3. On the Plane app, navigate to **Workspace Settings > Billing and plans**
+4. Click the **Activate this Workspace** button.
+
+ 
+5. Paste the license key in the **Enter license key** box.
+6. Click **Activate**. You will see a confirmation.
+7. That's it. To check your plan at any time and find additional details, just go to the **Billing and plans** tab in **Workspace Settings**.
+
+ 
+
+## Sync plan
+
+If you've made changes to your subscription, like renewing your license, upgrading your plan, or adjusting seats, use **Sync plan** to pull those updates into your workspace.
+
+Syncing refreshes your workspace with the latest subscription information from the Prime server, including plan type, seat count, expiration dates, and feature access.
+
+**To sync your plan:**
+
+1. Navigate to **Workspace Settings > Billing and plans**.
+2. Click **Sync plan**.
+3. Wait for the sync to complete. You'll see a confirmation once your workspace is updated.
+
+Use this whenever you see a mismatch between what's in the Prime portal and what appears in your workspace, or after making any subscription changes externally.
+
+## Delink license key
+
+Your license key is linked to both a workspace and an instance, meaning it can only be used on one workspace on one machine at a time. If you switch machines or reinstall the Commercial edition, you’ll need to reactivate your workspace. This helps prevent any misuse of the license on multiple machines or workspaces.
+
+To make it easier for you to move between machines or workspaces, we've added a new Delink feature. This lets you free up your license from its current workspace, so you can reuse it on a new machine or workspace.
+
+Here’s how to delink your license key from a workspace:
+
+1. Head over to the **Billing and Plans** screen of the workspace that's currently using the license.
+2. Click **Delink license key**. This will release the license key, making it available for use on another machine or workspace.
+
+ 
+3. Restart the instance using `prime-cli restart`.
+4. If you’re switching machines or reinstalling the Commercial edition, see [Move Plane instance to another server](https://developers.plane.so/self-hosting/manage/migrate-plane).
+5. Ensure you are connected to the internet and reactivate the new workspace using the license key you delinked earlier.
+
+
diff --git a/self-hosting/manage/migrate-plane.mdx b/self-hosting/manage/migrate-plane.mdx
index 30a7773..fcf1e4b 100644
--- a/self-hosting/manage/migrate-plane.mdx
+++ b/self-hosting/manage/migrate-plane.mdx
@@ -18,7 +18,7 @@ If you need to change your domain during migration, contact our support team for
## Steps
1. **Delink licenses**
-Log in to Plane on your current server. Head to each paid workspace like Pro or Business and [delink the licenses](https://docs.plane.so/workspaces-and-users/upgrade-plan#delink-license-key). This will free up the licenses for activation on your new server. Ideally, you have just one paid workspace.
+Log in to Plane on your current server. Head to each paid workspace like Pro or Business and [delink the licenses](/self-hosting/manage/manage-licenses/activate-pro-and-business#delink-license-key). This will free up the licenses for activation on your new server. Ideally, you have just one paid workspace.
2. **Backup data**
Create a backup of your Plane instance with ↓:
@@ -45,6 +45,6 @@ On the new server, restore your data with ↓:
Follow the prompts during the restore process to make sure everything is set up correctly.
6. **Reactivate license**
-Finally, [reactivate your license keys](https://docs.plane.so/workspaces-and-users/upgrade-plan#self-hosted-only) on the new instance.
+Finally, [reactivate your license keys](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) on the new instance.
This should get your Plane instance up and running on the new server.
\ No newline at end of file
diff --git a/self-hosting/methods/coolify.mdx b/self-hosting/methods/coolify.mdx
index 661dbed..d23b3c2 100644
--- a/self-hosting/methods/coolify.mdx
+++ b/self-hosting/methods/coolify.mdx
@@ -45,4 +45,4 @@ This guide shows you the steps to deploy a self-hosted instance of Plane using C
8. Deploy to launch your Plane instance.
Once the deployment is complete, your Plane instance should be accessible on the configured domain.
-9. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
\ No newline at end of file
+9. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
\ No newline at end of file
diff --git a/self-hosting/methods/docker-aio.mdx b/self-hosting/methods/docker-aio.mdx
index a61434b..328be8e 100644
--- a/self-hosting/methods/docker-aio.mdx
+++ b/self-hosting/methods/docker-aio.mdx
@@ -96,7 +96,7 @@ The following ports are exposed:
3. Once it's running, you can access the Plane application on the domain you provided during the deployment.
-4. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
+4. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
## Volume mounts
diff --git a/self-hosting/methods/docker-compose.mdx b/self-hosting/methods/docker-compose.mdx
index f1b9e38..2113662 100644
--- a/self-hosting/methods/docker-compose.mdx
+++ b/self-hosting/methods/docker-compose.mdx
@@ -40,7 +40,7 @@ Ensure you're using the **latest version of Docker Compose**. Check your Docker
When self-hosting Plane for production use, it is strongly recommended to configure [external database and storage](/self-hosting/govern/database-and-storage). This ensures that your data remains secure and accessible even if the local machine crashes or encounters hardware issues. Relying solely on local storage for these components increases the risk of data loss and service disruption.
6. The installation will take a few minutes to complete and you will see the message **Plane has successfully installed**. You can access the Plane application on the domain you provided during the installation.
- 7. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
+ 7. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
diff --git a/self-hosting/methods/docker-swarm.mdx b/self-hosting/methods/docker-swarm.mdx
index 43710e3..9333758 100644
--- a/self-hosting/methods/docker-swarm.mdx
+++ b/self-hosting/methods/docker-swarm.mdx
@@ -58,4 +58,4 @@ This guide shows you the steps to deploy a self-hosted instance of the Plane Com
That's it! This will deploy Plane as a Swarm stack, and your instance should be accessible on your configured domain.
-5. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
\ No newline at end of file
+5. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
\ No newline at end of file
diff --git a/self-hosting/methods/kubernetes.mdx b/self-hosting/methods/kubernetes.mdx
index 3ee9d54..4936479 100644
--- a/self-hosting/methods/kubernetes.mdx
+++ b/self-hosting/methods/kubernetes.mdx
@@ -103,7 +103,7 @@ Ensure you use use the latest Helm chart version.
--wait \
--wait-for-jobs
```
- 5. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
+ 5. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
### Configuration settings
diff --git a/self-hosting/methods/podman-quadlets.mdx b/self-hosting/methods/podman-quadlets.mdx
index 44d6ce7..1e03b20 100644
--- a/self-hosting/methods/podman-quadlets.mdx
+++ b/self-hosting/methods/podman-quadlets.mdx
@@ -97,7 +97,7 @@ Note that you should run these commands without `sudo`.
The startup sequence is important: network first, then dependencies, followed by backend services, and finally frontend services.
-6. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
+6. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
### Verify service status
Check that all services are running correctly:
diff --git a/self-hosting/methods/portainer.mdx b/self-hosting/methods/portainer.mdx
index fa72fd3..3b6223e 100644
--- a/self-hosting/methods/portainer.mdx
+++ b/self-hosting/methods/portainer.mdx
@@ -54,4 +54,4 @@ This guide shows you the steps to deploy a self-hosted instance of Plane using P
7. Click **Deploy the stack**.
That's it! Once the deployment is complete, Plane should be up and running on your configured domain.
-8. If you've purchased a paid plan, [activate your license key](https://docs.plane.so/workspaces-and-users/manage-licenses#activate-license) to unlock premium features.
\ No newline at end of file
+8. If you've purchased a paid plan, [activate your license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#activate-your-license) to unlock premium features.
\ No newline at end of file
diff --git a/self-hosting/troubleshoot/license-errors.mdx b/self-hosting/troubleshoot/license-errors.mdx
index 3bbb683..caef465 100644
--- a/self-hosting/troubleshoot/license-errors.mdx
+++ b/self-hosting/troubleshoot/license-errors.mdx
@@ -19,7 +19,7 @@ If the issue persists after syncing or you see other errors, continue with the s
- This issue usually occurs when your server has trouble connecting to ours to verify the license. Try running `prime-cli restart`, and it should resolve the problem.
-- If you migrated Plane to a new server without first [delinking the license key](https://docs.plane.so/workspaces-and-users/upgrade-plan#delink-license-key) from the old server, this error might happen. In that case, please reach out to the support team to have the license key delinked. For future reference, if you need to reinstall Plane or move to another server, follow [this guide](/self-hosting/manage/migrate-plane) to ensure a smooth transition.
+- If you migrated Plane to a new server without first [delinking the license key](/self-hosting/manage/manage-licenses/activate-pro-and-business#delink-license-key) from the old server, this error might happen. In that case, please reach out to the support team to have the license key delinked. For future reference, if you need to reinstall Plane or move to another server, follow [this guide](/self-hosting/manage/migrate-plane) to ensure a smooth transition.
## Something went wrong