- What Grafana version and what operating system are you using?
11.2.0 installed with helm chart 8.5.1
- What are you trying to achieve?
I am trying to use okta groups to map grafana roles
- How are you trying to achieve it?
use the role attribute path
- What happened?
I can login using okta but I get the Editor role
- What did you expect to happen?
To get the Admin role
- Can you copy/paste the configuration(s) that you are having problems with?
auth.okta:
name: Okta
icon: okta
enabled: true
allow_sign_up: true
client_id: sdjf8dJFD80efadm
scopes: openid profile email groups offline_access
auth_url: https://login.company.com/oauth2/v1/authorize
token_url: https://login.company.com/oauth2/v1/token
api_url: https://login.company.com/oauth2/v1/userinfo
allowed_domains: company.com
role_attribute_path: contains(groups[*], 'platform') && 'Admin' || 'Editor'
allow_assign_grafana_admin: true
- Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
logger=oauth.okta t=2024-09-06T11:41:18.718658912Z level=debug msg="Received user info response" raw_json="{\"sub\":\"00u1l3o971ahTSkf4417\",\"name\":\"LASTNAME FIRSTNAME\",\"locale\":\"CH\",\"email\":\"firstname.lastname@company.com\",\"preferred_username\":\"firstname.lastname@company.loc\",\"given_name\":\"FIRSTNAME\",\"family_name\":\"LASTNAME\",\"zoneinfo\":\"Europe/Paris\",\"updated_at\":1710171458,\"email_verified\":true,\"groups\":[\"og.smg.man.app.gm.grafana.users\",\"og.smg.man.app.gm.grafana.users-platform\",\"og.smg.man.app.gm.grafana.engineering\",\"og.smg.man.app.gm.grafana.read\",\"og.smg.man.app.gm.grafana.platform-services\"]}" data="unsupported value type"
