I am using Cognito for authentication in Grafana. When I add any user to an organization, it gets removed from the organization when it logs backing after logging out. I also checked the users of the organization by fetching users of the organization using API in that result also the user was deleted.
I met exactly the same problem when authenticating our user with Azure AD. The procedure is a following:
- A new user logs in using the “Sign in with Microsoft” button
- A new user is created within Grafana and assigned as “Viewer” to “Main Org.” automatically
- The new user is now visible for the admin and he assigns an additional “Viewer” membership to “SomeOtherOrg”
- While the new user is still logged in he can switch to “SomeOtherOrg” and use its resources
- As soon as the user logs in next time the membership in “SomeOtherOrg” is gone.
Some additional findings:
- This happens regardless if
auto_assign_org = falseor
auto_assign_org = true
OS: Debian 10.5
Grafana: OSS 7.1.5 (9893b8c53d)
/etc/grafana/grafana.ini (AAD part)
[auth.azuread] name = MyAADB2CAuth enabled = true allow_sign_up = true client_id = [some client id] client_secret = [some client secret] scopes = openid email profile auth_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token allowed_domains = allowed_groups =
Any updates on this problem?