Okta integration authentication only

Grafana Authentication
1

  • What Grafana version and what operating system are you using?

  • Grafana 11.5.2, Docker Linux

  • What are you trying to achieve?
    We want to Integrate Grafana with OKTA. But we don’t want to map group or role from OKTA.
    We want OKTA to authenticate users , but we want Grafana to perform authorization based on user passed by OKTA.

  • How are you trying to achieve it?
    We want to achieve it by mapping ADS group to a team.

  • What happened?

When I am mapping a ADS group to team, users are not getting proper access.

  • What did you expect to happen?
    We want users to assign persmission a sper team and its role configured in Grafana.

  • Can you copy/paste the configuration(s) that you are having problems with?

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    No

  • Did you follow any online instructions? If so, what is the URL?

  • Yes
    Configure Okta OIDC authentication | Grafana documentation

2

Technically, it’s still authorization (not only authentication) - use role mapping and map role based on particular user attribute, e.g. only jan@corp.com email will be admin and others will be viewer only (just example, not copy&paste solution, customize&improve it for you IDP response/user structure):

role_attribute_path = "contains(['jan@corp.com'], email) && 'Admin' || 'Viewer'"

You can use any available function in that jmespath to implement mapping business logic based on your need.