Hi
I am using Grafana 10.0.1 OSS installed on an EC2 with public IP. I am using it to track balances from our third parties providers, something like SMS or Email etc. We already using Azure AD and the Grafana Azure AD using Configure Azure AD OAuth2 authentication | Grafana documentation documentation. The implementation has been done and it’s successful for me and as well as other admins.
The Grafana configs are as the following:
#################################### Server ####################################
[server]
;protocol = http
;http_addr =
;http_port = 3000
domain = grafana.mydomain.com
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = https://%(domain)s/
#################################### Azure AD OAuth #######################
[auth.azuread]
;name = Microsoft
;icon = microsoft
enabled = true
allow_sign_up = true
auto_login = true
client_id = d4xxxxxxxx32
client_secret = vxxxxNT
scopes = openid email profile
auth_url = https://login.microsoftonline.com/6xxxxbb6/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/6xxxxbb6/oauth2/v2.0/token
allowed_domains = oudomain.com
allowed_groups =
allowed_organizations = 6xxxxbb6
role_attribute_strict = false
allow_assign_grafana_admin = true
# prevent synchronizing users organization roles
;skip_org_role_sync = false
use_pkce = true
On the Azure AD enterprise application side, below shows the users and their role mapping
And when non admins login, it shows the following: “needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.”
Can any one help with this ? Not really sure why this particular behaviour.
Thanks in advance