IDaaS Open Platform

Grafana Single Sign-On

Single Sign-On SSO

# Description

This article describes how to configure OAuth authentication integration between IDaaS and Grafana.

Grafana Official Reference Documentation (opens new window)

# Authentication Configuration

# IDaaS Configuration

  1. Administrator logs into the Enterprise Center 》Resources》Applications》Add Pre-integrated Application, search for Grafana.

  2. Fill in the trusted domain with Grafana's OAuth callback address: https://{grafana domain}/login/generic_oauth.

  3. Obtain the application ClientId and ClientSecret.

  4. Modify the website application attachment URL (this step is to ensure that direct access to Grafana from the IDaaS User Center does not result in an error).

  5. Go to Application Information》Authorization Management》Application Accounts》Add Account.

  6. Go to Settings》Service Configuration》OIDC, obtain the relevant configuration addresses for OAuth authentication.

# Grafana Configuration

  1. Edit the grafana configuration file grafana.ini, modify the content as follows:

    ################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = OAuth
##Whether to allow automatic registration of new users when logging in via OAuth
allow_sign_up = false
##ClientId for Grafana on IDaaS
client_id = 
##ClientSecret for Grafana on IDaaS
client_secret = 
##Fill in get_user_info
scopes = 
empty_scopes = false
;email_attribute_name = email:primary
;email_attribute_path =
;login_attribute_path =
;name_attribute_path =
;id_token_attribute_name =
##Authentication authorization URL
auth_url = 
##Token acquisition URL
token_url = 
##UserInfo URL
api_url = 
;allowed_domains =
;team_ids =
;allowed_organizations =
;role_attribute_path =
;role_attribute_strict = false
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33

    Example:

  2. Restart Grafana.

  3. Administrator logs into the Grafana console, adds a user, ensuring the user email matches the authorized user email on IDaaS.

# Login Verification

Two login methods, choose one:

  • Initiate from the Grafana login page:
  • Click the application logo from the IDaaS User Center:

Jenkins Single Sign-On