I'm trying to assign the Admin role in Grafana for certain user groups using Azure AD OAuth.
I can successfully log in with Azure AD credentials using this documentation: Set up OAuth2 with Azure Active Directory
According to this page I need to include role_attribute_path somewhere: Role mapping
role_attribute_path = contains(info.groups[*], 'admin') && 'Admin' || contains(info.groups[*], 'editor') && 'Editor' || 'Viewer'
Has anyone got a working example of role assignment using the Azure AD log in?
With the introduction of Grafana 6.6.0, role assignment using OAuth with Azure AD is now possible.
I put the following into the config ini file to assign the Admin role to anyone in a certain Azure AD group and everyone else would become a Viewer:
[auth.generic_oauth]
name = Azure AD
enabled = true
allow_sign_up = true
client_id = {{ .azure.client.id }}
client_secret = {{ .azure.client.secret }}
scopes = openid email profile
auth_url = https://login.microsoftonline.com/{{ .azure.tenantid }}/oauth2/authorize
token_url = https://login.microsoftonline.com/{{ .azure.tenantid }}/oauth2/token
api_url =
team_ids =
allowed_organizations =
role_attribute_path = contains(groups[*], '{{ .azure.admin_group }}') && 'Admin' || 'Viewer'
where
{{ .azure.client.id}}
is the Azure AD, App registration, Application client ID
{{ .azure.client.secret}}
is the client secret associated with the above registered app
{{ .azure.tenantid }}
is the Azure AD tenant ID
{{ .azure.admin_group }}
is the ObjectID of the Azure AD group you want as Admin roles