Configure Proxy so Grafana can speak to EntraID

Grafana Configuration
1

[RHEL8 Grafana 12 Sitting behind a firewall installed via RPM - not Docker]
I’m in the middle of configuring Grafana to authenticate with EntraID using Home > Administration > Authentication > Azure ID in the GUI.
I think I’ve set it all up correctly :confused:.

When I try to login using the EntraID signin button on the Grafana login page, it takes me to Entra to pass my credentials. However, when I’m passed back to Grafana I get the following:

Login failed

Failed to get token from provider

Here’s the relevant output from the log:

logger=context userId=0 orgId=0 uname= t=2025-08-14T18:46:30.798156428+02:00 level=info msg="Request Completed" method=GET path=/login/azuread status=302 remote_addr=****USER-IP-ADDRESS-REMOVED-FROM-POST**** time_ms=0 duration=88.195µs size=477 referer=https://****GRAFANA-URL-REMOVED-FROM-POST****:3000/login handler=/login/:name status_source=server
logger=authn.service t=2025-08-14T18:46:31.292035091+02:00 level=error msg="Failed to authenticate request" client=auth.client.azuread error="[auth.oauth.token.exchange] failed to exchange code to token: Post \"https://login.microsoftonline.com/****TENANT-ID-REMOVED-FROM-POST****/oauth2/v2.0/token\": dial tcp: lookup login.microsoftonline.com: no such host"
logger=context userId=0 orgId=0 uname= t=2025-08-14T18:46:31.3015948+02:00 level=info msg="Request Completed" method=GET path=/login/azuread status=302 remote_addr=****USER-IP-ADDRESS-REMOVED-FROM-POST**** time_ms=18 duration=18.034049ms size=29 referer=https://****GRAFANA-URL-REMOVED-FROM-POST****:3000/ handler=/login/:name status_source=server

The server sits behind our firewalls, so we’ve got a proxy that allows servers to speak to the relevant Microsoft sites for EntraID.

I suspect that I need to set that in Grafana somewhere?

I’ve searched through the documentation but (unless I’m misunderstanding it) the only stuff I can find is to use a reverse-proxy as an actual authentication method.

Where would I set our proxy details so Grafana can reach Microsoft?

Thanks in advance for any help you can offer :slight_smile:

2 
dial tcp: lookup login.microsoftonline.com: no such host

That looks like a DNS resolution problem.

Try to set the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY (or the lowercase versions thereof) to configure a proxy.

3

Hi @jangaraj
I’d prefer not to set the proxy settings globally on the server. I’ve got some other things running on that box that shouldn’t be accessing them.
Is there somewhere in a config file for Garafana i can set the proxy instead?

4

I didn’t recommend to set it globally. Grafana needs that, so set it for Grafana only. I guess it’s managed via systemd, so modify Grafana unit file and define proxy env variable there = proxy will be configured only for Grafana service. Check your OS doc for exact instructions.

5

Doh. Sorry - long day and not thinking clearly.
That sorted it.
For anyone that’s interested…

Create a service override with:

sudo systemctl edit grafana-server

Add the environment variables to the contents like this:

[Service]
Environment="HTTP_PROXY=http://myproxyserver:8080"
Environment="HTTPS_PROXY=http://myproxyserver:8080"
Environment="NO_PROXY=*.myinternaldomain1.internal,*.myinternaldomain1.internal"

This will create an override file in systemd

Reload & restart

sudo systemctl daemon-reload
sudo service grafana-server restart