Hi,
we are testing authentication things for Grafana and are using Grafana Enterprise image, but without licence.
We have auth.generic_oauth in Grafana setup towards keycloak and are able to use it for assinging a proper Grafana role for a user, eg Admin, Editor, Viewer.
We are exploring the possibility to assign a user to a Grafana Team based on the Keycloak groups and have followed the way of docs, eg. Teamsync.
We have the
groups_attribute_path = groups
and we can see our Keycloak group in the keycloak ID token
},
"name": "Example user1",
"groups": [
"grafana_group1"
],
We have tried to have grafana_group1 as a Team in Grafana also then, but what we see in Grafana logs is eg this:
logger=login.ext_user t=2023-08-11T10:00:17.972564732Z level=debug msg=“Syncing organization roles” id=12 extOrgRoles=map[1:Admin] 2023-08-11T10:00:17.972890485Z logger=group-sync t=2023-08-11T10:00:17.972817872Z level=debug msg=“Syncing teams” id=12 login=user1 @example.com extGroups=[grafana_group1] extOrgRoles=map[1:Admin] 2023-08-11T10:00:17.972896627Z logger=token t=2023-08-11T10:00:17.97283918Z level=debug msg=FeatureEnabled feature=teamgroupsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products= 2023-08-11T10:00:17.972913100Z logger=group-sync t=2023-08-11T10:00:17.972850246Z level=debug msg=“No license found. Skipping synchronization” user=user1 @example.com externaluserid=
The question is, that are we absolutely unable to make a mapping between a group and a team within auth.generic_oauth without the paid licence?
Would there be some other way of achieving that outcome based on the group without the licence cost? Thanks for reading and hope you can help.