-
What Grafana version and what operating system are you using? v10.4.0
-
What are you trying to achieve? Single Sign-on With Azure AD
-
How are you trying to achieve it? Configuring [auth.azuread]
-
What happened? Some users are getting a “User sync failed” error when trying to sign in with Azure AD. Others are able to sign in and sign out without issue though.
-
What did you expect to happen? All users would be able to sign in with Azure AD without issue
-
Can you copy/paste the configuration(s) that you are having problems with?
auth.azuread:
name: Azure AD
enabled: true
allow_sign_up: true
auto_login: false
client_id: ${AZURE_CLIENT_ID}
client_secret: ${AZURE_CLIENT_SECRET}
scopes: openid email profile offline_access
auth_url: https://login.microsoftonline.com/${AZURE_TENANT_ID}/oauth2/v2.0/authorize
token_url: https://login.microsoftonline.com/${AZURE_TENANT_ID}/oauth2/v2.0/token
allowed_organizations: ${AZURE_TENANT_ID}
role_attribute_strict: false
allow_assign_grafana_admin: false
skip_org_role_sync: false
use_pkce: false
-
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were. Users who are unable to login receive a “User sync failed” error on the UI. Looking at the logs we saw this error
level=error msg=“Failed to run post auth hook” client=auth.client.azuread id= error=“[user.sync.internal] unable to create user: user already exists” -
Did you follow any online instructions? If so, what is the URL? Configure Azure AD OAuth2 authentication | Grafana documentation