Azure AD RBAC doesn't work

You need to configure role mapping -

The pod log has this

lvl=eror msg=“Attribute not found when searching JSON with provided path” logger=oauth.generic_oauth attributePath=role

I have configured this in values.yaml:

          name: "OAuth"
          enabled: true
          allow_sign_up: true
          client_id: ***
          client_secret: ***
          scopes: "openid email name"
          auth_url: ***
          token_url: ***
          role_attribute_path: role

How did you configure your Azure OIDC client, that you expect correct Grafana role name in the role claim? I guess you didn’t.

Enable debug level and check what did you receive in the id/access token or userinfo response and write proper JMESPath mapping in role_attribute_path based on that input.

1 Like

got it… it was slightly different.

how about q1… pasting here…

why isn’t this option working?