We are in Grafana 11.2.1 installed in Ubuntu 20.04.3 LTS. We have recently moved from SAML to OIDC in our Okta auth provider.
Once the configurations were made, some users are facing “Login failed, user sync failed” error in login page.
Below are relevant sections from config file. Any idea, what could be the problem?
scopes = openid profile email groups offline_access
role_attribute_strict = true
use_refresh_token = true
# Friendly name or name of the attribute within the OIDC token to use as the user's groups
groups_attribute_path = group
# Friendly name or name of the attribute within the OIDC token to use as the user's roles
role_attribute_path = "contains(groups[*], 'okta/app/grafana/superadmin') && 'GrafanaAdmin' || 'Viewer'"
# Friendly name or name of the attribute within the OIDC token to use as the user's organization
org_attribute_path = "groups"
# List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `Viewer`, `Editor` or `Admin`.
org_mapping = "okta/app/grafana/anotherorg_admin:2:Admin *:*:Viewer"
# List of comma- or space-separated roles which will be mapped into the None role
role_values_none = none
role_values_grafana_admin = superadmin
We could solve this by removing the user from UI and asking them to login again (which will recreate the user in database), but it is not we actually want. We would like to preserve user preferences like starred dashboards which will get removed if we recreate the users.
Regards,
Mahesh