-
What Grafana version and what operating system are you using?
Grafana 11.1.0 on Linux -
What are you trying to achieve?
I’d like to map users to the correct organization via the auth token. This is to achieve dashboard separation for privacy, security, etc. -
How are you trying to achieve it?
The OAuth token is as such:
{
...
"org:" {
"org-nameA"
},
"role": {
"Viewer"
},
...
}
Here is my configuration:
grafana.ini:
server:
domain: <redacted>
log:
filters:
oauth.generic_oath:debug
auth:
disable_login_form: false
auth.generic_oauth:
enabled: true
auth_url: <redacted>
token_url: <redacted>
api_url: <redacted>
client_id: <redacted>
scopes: profile email openid
email_attribute_name: email
name_attribute_path: unique_name
role_attribute_path: role
org_attribute_path: org
org_mapping: 'main-org:1:Admin, org-NameA:2:Viewer, orgNameB:3:Viewer'
allow_assign_grafana_admin: true
users:
auto_assign_org: false
-
What happened?
Newly authenticated user with that token is always placed in the Main Org as a viewer. -
What did you expect to happen?
Newly authenticated user with that token is placed in org-NameA as a viewer.
I know that role_attribute_path is working because I can change the value in the token and the user will be authenticated as that role. What am I missing? Any help will be greatly appreciated.