Multi-Tenant Authentication in Grafana


We have multi-tenant support in our product. Each tenant authenticates with their own Identity Provider via Oauth. No user belongs to multiple tenants.
We also want that behavior in Grafana. Each org/tenant gets authenticated via their own Identity Provider.

Grafana configuration file allows a global OAuth configuration. I don’t seem to find a tenant specific configuration ability in Grafana.

Solution: (Workaround)

  1. Spawn a new instance of Grafana for every tenant

  2. Write an Auth proxy (authentication broker which will act as multi-tenant broker with the respective IDPs). It will have the Oauth configuration details for all the tenants in the system. Auth proxy in turn will send the email to grafana as a user context for login.

  3. (Hopeful) If one instance can support multi-tenant authentication (each tenant having seperate Identity Provider), that would be ideal.

I wish to understand which solution should I go for.

1 Like