Azure AD RBAC doesn't work

You need to configure role mapping - https://grafana.com/docs/grafana/latest/auth/generic-oauth/#role-mapping

@jangaraj
The pod log has this

lvl=eror msg=“Attribute not found when searching JSON with provided path” logger=oauth.generic_oauth attributePath=role

I have configured this in values.yaml:

grafana.ini:
## AZURE AD INTEGRATION
        auth.generic_oauth:
          name: "OAuth"
          enabled: true
          allow_sign_up: true
          client_id: ***
          client_secret: ***
          scopes: "openid email name"
          auth_url: ***
          token_url: ***
          role_attribute_path: role

How did you configure your Azure OIDC client, that you expect correct Grafana role name in the role claim? I guess you didn’t.

Enable debug level and check what did you receive in the id/access token or userinfo response and write proper JMESPath mapping in role_attribute_path based on that input.

1 Like

got it… it was slightly different.

how about q1… pasting here…

why isn’t this option working?