Hey we use here an internal oidc Server for SSO. We don’t have authorization features in there. So I would like to ask if it is possible to do authentication with oidc and authorization with LDAP?
Thanks and regards fl0w
It really depends what do you mean by “authorization”.
Grafana teams - yes, enterprise feature Enhanced LDAP Integration | Grafana Labs
Grafana roles - no, that is task for role mapping OAuth authentication | Grafana Labs - good IDP provides user groups/roles/teams (it provides = it doesn’t authorize) from configured user storage (DB, LDAP, …) in the token/userinfo response - these user details are then used by Grafana for the role mapping - authorization.
I don’t have the possibility to map roles with oauth. I can only use the oidc for login. So I want mapping to group (viewer,editor,admin) via LDAP as I do it currently. Is that possible?
I would say no - I would say users with the same username, but different identity source are not the same on the Grafana level. Nothing is stopping you test - that’s IMHO the fastest way to find answer for your question - LDAP Authentication | Grafana Labs.
1 Like