Hello,
we are using Grafana Community v8.1.0 (62e720c06b) , defined Okta auth as per the docs but getting the following error , seems my configuration is correct but could not figure out what is wrong here ? Thanks in advance,
Could you please advise ?
lvl=eror msg=“login.OAuthLogin(get info from okta)” logger=context userId=0 orgId=0 uname= error=“user not a member of one of the required groups”
Config :
auth.okta:
name: Okta
enabled: true
allow_sign_up: true
client_id: XXXXXXXX
client_secret: ZZZZZZZZZZZZZZZZZZ
auth_url: https://mydomain.okta.com/oauth2/v1/authorize
token_url: https://mydomain.okta.com/oauth2/v1/token
api_url: https://mydomain.okta.com/oauth2/v1/userinfo
allowed_groups: Admin, Editor, Viewer
role_attribute_path: contains(groups[*], 'SEC.Grafana_Admin') && 'Admin' || contains(groups[*], 'SEC.Grafana_Editor') && 'Editor' || 'Viewer'
Logs:
lvl=dbug msg="Received user info response" logger=oauth.okta raw_json="{\"sub\":\"xscdcdcdcd\",\"name\":\"AAA BBB\",\"locale\":\"FR\",\"email\":\"AAA.BBB@mydomain.co.uk\",\"preferred_username\":\"AAA.BBB@mydomain.com\",\"given_name\":\"AAA\",\"family_name\":\"BBB\",\"zoneinfo\":\"America/Los_Angeles\",\"updated_at\":2432432,\"email_verified\":true,\"groups\":[\"Everyone\",\"SEC.Grafana_Admin\",\"Okta.YYYYY.XXXXXX\",\"enbaled\"]}" data="&{Name:AAA BBB DisplayName: Login: Username: Email:AAA.BBB@mydomain.co.uk Upn: Attributes:map[] Groups:[Everyone SEC.Grafana_Admin Okta.YYYYY.XXXXXX enbaled] rawJSON:[123 ......]}"
lvl=eror msg="login.OAuthLogin(get info from okta)" logger=context userId=0 orgId=0 uname= error="user not a member of one of the required groups"
lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/okta status=500 remote_addr=10.10.10.10 time_ms=543 size=1742 referer=
Thanks in advance,