Organization is dropping users

I am using Cognito for authentication in Grafana. When I add any user to an organization, it gets removed from the organization when it logs backing after logging out. I also checked the users of the organization by fetching users of the organization using API in that result also the user was deleted.

1 Like

I met exactly the same problem when authenticating our user with Azure AD. The procedure is a following:

  1. A new user logs in using the “Sign in with Microsoft” button
  2. A new user is created within Grafana and assigned as “Viewer” to “Main Org.” automatically
  3. The new user is now visible for the admin and he assigns an additional “Viewer” membership to “SomeOtherOrg”
  4. While the new user is still logged in he can switch to “SomeOtherOrg” and use its resources
  5. As soon as the user logs in next time the membership in “SomeOtherOrg” is gone.

Some additional findings:

  • This happens regardless if auto_assign_org = false or auto_assign_org = true

Environment
OS: Debian 10.5
Grafana: OSS 7.1.5 (9893b8c53d)

/etc/grafana/grafana.ini (AAD part)

[auth.azuread]
name = MyAADB2CAuth
enabled = true
allow_sign_up = true
client_id = [some client id]
client_secret = [some client secret]
scopes = openid email profile
auth_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
allowed_domains =
allowed_groups =

Any updates on this problem?

1 Like

I’ve got the same problem. Pretty annoying. I’m not at all familiar with the architecture of Grafana and its organizations and users, so it’s very hard to tell if this is a bug, misconfiguration or a design choice…

Sounds like this may be it: https://github.com/grafana/grafana/issues/22605

1 Like