Deleting post due to their being no answer
You can’t link Grafana role to IDP group woth SAML SSO protocol.
You can configure assertion_attribute_role and then IDP must provide Grafana role name in that attribute based on user groups (that business logic is on IDP side).
Another option is to use IDP groups and then synchronize Grafana team with an external group (you will set Grafana Role on the Grafana team level)
Another option is to use OIDC, not SAML. You can define Grafana role logic based on IDP group with role_attribute_path
Ive Managed to get a role to return, in the logs i get Role: Admin username: bob.ross email: bob.ross@email.com groups:[Admin TestGroup], mapping ="name=name, login=username, email=email, role=role
but then i get an error msg=“Did not find any mapping for user create default assignment”
msg ="“direct role mapping found” role=Viewer
You didn’t provide any details what and how did you configure. It isn’t possible to provide any recommendation based on your input.
I got an update, I have managed to get keycloak saml to work with Grafana. I have quite a few posts sharing this issue. Would it be possible for me to delete all my posts and write up a help doc for any other traveler in need?
just write the help doc, not sure what deleting posts accomplishes?