Disable basic password login form

dragonq · April 24, 2024, 3:03pm

I want all of my services behind a reverse proxy with 2FA and Grafana is the only service I use that doesn’t support OTP, so I’m forced to use oauth2 provided by Nextcloud instead. Both Grafana and Nextcloud are running in containers behind the reverse proxy and it seems to work. Grafana has associated my existing user with the correct Nextcloud user (with the same email address).

However, I can still login with my email address as my user name and my password, which defeats the purpose of using oauth2 to begin with. How do I force oauth2 for login and prevent login via password only?

jangaraj · April 24, 2024, 3:48pm

Grafana supports OIDC, so configure Grafana to use OIDC + disable local user/password auth.
Then configure all secure login options, which you need on used IDP server (TOTP, HOTP, passwordless, push notification, PKI card,…)

dragonq · April 24, 2024, 3:55pm

Yes but my question was how? I tried adding this to my config ini but it still allows password login:

[auth.basic]
enabled = false

jangaraj · April 24, 2024, 4:28pm

github.com

grafana/grafana/blob/2247d6c41599d260d24026913d51e4a1ace120a5/conf/defaults.ini#L555-L556


      
          # Set to true to disable (hide) the login form, useful if you use OAuth
          disable_login_form = false

Topic		Replies	Views
Cannot hide login page after change settings disable_login_form to ture Configuration	2	838	March 4, 2025
Two factor authentication Configuration	7	21082	October 3, 2018
Can't disable login page Grafana	5	11607	March 4, 2025
Invite OAuth users without basic auth Authentication	4	2320	November 13, 2019
Two factor authentication in grafana 8.3.0 Authentication	11	5532	July 19, 2023

Disable basic password login form

Related topics