I am using Cognito for authentication in Grafana. When I add any user to an organization, it gets removed from the organization when it logs backing after logging out. I also checked the users of the organization by fetching users of the organization using API in that result also the user was deleted.
I met exactly the same problem when authenticating our user with Azure AD. The procedure is a following:
- A new user logs in using the “Sign in with Microsoft” button
- A new user is created within Grafana and assigned as “Viewer” to “Main Org.” automatically
- The new user is now visible for the admin and he assigns an additional “Viewer” membership to “SomeOtherOrg”
- While the new user is still logged in he can switch to “SomeOtherOrg” and use its resources
- As soon as the user logs in next time the membership in “SomeOtherOrg” is gone.
Some additional findings:
- This happens regardless if
auto_assign_org = falseor
auto_assign_org = true
OS: Debian 10.5
Grafana: OSS 7.1.5 (9893b8c53d)
/etc/grafana/grafana.ini (AAD part)
[auth.azuread] name = MyAADB2CAuth enabled = true allow_sign_up = true client_id = [some client id] client_secret = [some client secret] scopes = openid email profile auth_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token allowed_domains = allowed_groups =
Any updates on this problem?
I’ve got the same problem. Pretty annoying. I’m not at all familiar with the architecture of Grafana and its organizations and users, so it’s very hard to tell if this is a bug, misconfiguration or a design choice…
Sounds like this may be it: https://github.com/grafana/grafana/issues/22605