Set custom roles over OIDC


We are using Grafana Cloud Pro and have integrated our Azure AD with it. Also, we are making use of the Role Mapping. I could successfully map users with the basic roles. However, I wanted to create my own role with nearly no access but failed to map it with Azure AD. Is this even possible, do I need to set a specific value for the role name in Azure AD?

If it isn’t possible, is there another possibility to give a default role, other than viewer, to my customers?


Hi there! Thanks for making a post on

I’d like to inform you that as of now, custom roles with role attribute mapping is not currently supported. Only default roles are recognized as valid values. However, starting with Grafana version 10.2, we have introduced the ‘None’ default role. This role permits login access but doesn’t grant any additional privileges to view or edit components within Grafana.

To manage user permissions more specifically, you can manually map permissions to user via the user UI or use teams within Grafana, which allows for the assignment of additional permissions to users as needed.