Auth.azuread in grafana.ini

Grafana Configuration
1

  • What Grafana version and what operating system are you using?

    • Grafana v11.5.1

  • What are you trying to achieve?
    Configure Azure AD/Entra ID OAuth authentication, if change to auth.google, auth,gitlab, auth.github etc then the SSO option will appear in the login page, only auth.azuread not showing.

  • How are you trying to achieve it?
    Configure in the Grafana Helm chart values.yaml

  • What happened?
    The SSO option does not show in the login page.

  • What did you expect to happen?
    The SSO option of Azure AD should appear

  • Can you copy/paste the configuration(s) that you are having problems with?
    grafana.ini:
    auth.azuread:
    name: Azure AD
    enabled: true
    allow_sign_up: true
    auto_login: false
    client_authentication: client_secret_post
    client_id: “xxxxxx”
    client_secret: “xxxxx”
    allowed_organizations: “xxxxx”
    auth_url: “xxx://login.microsoftonline.com/xxxx/oauth2/v2.0/authorize”
    token_url: “xxx://login.microsoftonline.com/xxxxx/oauth2/v2.0/token”
    scopes: “openid email profile”
    role_attribute_strict: false
    allow_assign_grafana_admin: false
    skip_org_role_sync: false
    use_pkce: true
    role_attribute_path: “contains(roles[], ‘Admin’) && ‘Admin’ || contains(roles[], ‘Editor’) && ‘Editor’ || ‘Viewer’”

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    No errors

  • Did you follow any online instructions? If so, what is the URL?
    Configure Azure AD/Entra ID OAuth authentication | Grafana documentation

2

Why false, when you want to enable it?

3

Sorry, typo. Although I set as True, it still not showing.

4

If I configure through the Grafana GUI, then it works. Then, I disabled it and try to configure via helm chart values.yaml.

5

Screenshot 2025-02-13 at 15.58.47
Screenshot 2025-02-13 at 15.58.47568×272 6.18 KB

It just showing not enabled, but when change from auth.azuread to auth.google, auth.gitlab etc, it will show enabled.

6

any progress on this?
I do experience the same issue with latest grafana docker image.
neither config.ini nor docker env variables work (GF_AUTH_AZUREAD_ENABLED: true)

i can configure the variables (clientID, secret, tenant, etc) from env variables, but can only enable through the UI.
“Env”: [
“GF_SECURITY_ADMIN_USER=admin”,
“GF_AUTH_AZUREAD_API_URL=https://graph.microsoft.com/v1.0/me”,
“GF_AUTH_AZUREAD_SCOPES=openid profile email”,
“GF_AUTH_AZUREAD_ENABLED=true”,
sign in with Microsoft is missing from the bottom

image
image712×725 43.1 KB

7

possible solution is to delete the grafana.db file, after initialization the sign in with Microsoft button appears correctly.

image
image613×693 41.3 KB

most probably the docker env does not overwrite the original setting, dunno