- I followed this https://grafana.com/docs/grafana/latest/auth/azuread/#enable-azure-ad-oauth-in-grafana and I don’t see a link on the Grafana login page to sign in using Azure AD
- But if I replace [auth.azuread] with [auth.generic_oauth], I was able to authenticate but not authorize, RBAC doesn’t work
- I am using stable/grafana Helm chart with Image version 6.6.2, from https://github.com/helm/charts/
You need to configure role mapping - https://grafana.com/docs/grafana/latest/auth/generic-oauth/#role-mapping
@jangaraj
The pod log has this
lvl=eror msg=“Attribute not found when searching JSON with provided path” logger=oauth.generic_oauth attributePath=role
I have configured this in values.yaml:
grafana.ini:
## AZURE AD INTEGRATION
auth.generic_oauth:
name: "OAuth"
enabled: true
allow_sign_up: true
client_id: ***
client_secret: ***
scopes: "openid email name"
auth_url: ***
token_url: ***
role_attribute_path: role
How did you configure your Azure OIDC client, that you expect correct Grafana role name in the role
claim? I guess you didn’t.
Enable debug level and check what did you receive in the id/access token or userinfo response and write proper JMESPath mapping in role_attribute_path
based on that input.
1 Like
got it… it was slightly different.
how about q1… pasting here…
- I followed this https://grafana.com/docs/grafana/latest/auth/azuread/#enable-azure-ad-oauth-in-grafana and I don’t see a link on the Grafana login page to sign in using Azure AD
why isn’t this option working?