We want to define access to Grafana via Azure AD, but I don’t see how they could be managed by groups, as all users enter as “viewer” and I can only see the space I have defined as default. Could you help me?
My configuration is as follows:
Grafana V11.1.0 On-Premise
My current file is:
###Azure AD OAuth###
[auth.azuread]
;name = Microsoft
name = Microsoft
;icon = microsoft
icon = microsoft
;enabled = false
enabled = true
;allow_sign_up = true
allow_sign_up = true
;auto_login = false
auto_login = false
;client_id = some_client_id
client_id = xXx
;client_secret = some_client_secret
client_secret = xXx
;scopes = openid email profile
scopes = openid email profile
;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
auth_url = https://login.microsoftonline.com/xXx/oauth2/v2.0/authorize
;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
token_url = https://login.microsoftonline.com/xXx/oauth2/v2.0/token
;allowed_domains =
allowed_domains =
;allowed_groups =
allowed_groups =
;allowed_organizations =
allowed_organizations =
;role_attribute_strict = false
role_attribute_strict = false
;allow_assign_grafana_admin = false
allow_assign_grafana_admin = true
;use_pkce = true
use_pkce = true
#prevent synchronizing users organization roles
;skip_org_role_sync = false
skip_org_role_sync = false