-
What Grafana version and what operating system are you using?
Currently Using Grafana Enterprise 8.5 (free/unlicensed version) -
What are you trying to achieve?
Trying to map OIDC groups to roles within grafana. We have Okta set up to do Oauth authentication and it works currently but all users by default get assigned the “Viewer” role within Grafana. We want to map users to either “Viewer”, “Editor” or “Admin” based on which OIDC group they belong too. Since we don’t have a full license to Grafana Enterprise, we cannot use Team Sync. -
How are you trying to achieve it?
Attempted to add the following ENV variable overwrite.
name = "GF_AUTH_OKTA_ROLE_ATTRIBUTE_PATH"
value = "contains(info.groups[*], 'Admin-Group') && 'Admin' || contains(info.groups[*], 'ReadWrite-Group') && 'Editor' || 'Viewer'"
-
What happened?
Okta authenticated users were supplied with the default “Viewer” role within Grafana -
What did you expect to happen?
Hoped that the Groups would map to their respective roles, ie Admin-Group to Admin. -
Did you follow any online instructions? If so, what is the URL?
Used info provided in the Grafana documentation here.
Configure generic OAuth authentication | Grafana documentation