What is the exact procedure to setup ADFS authentication?

I am looking for a precise enough guide on how to configure ADFS login (service provider (SP) initiated logins) to Grafana. I have a Prometheus-Loki-Grafana instance running in K8s and Grafana can be accessed at https://grafana.prod.mydomain/login

I have read the docs here but I’m left with questions on the exact steps :

  1. Where is the config file to be edited for k8s installations? The docs have /usr/local/etc/grafana/grafana.ini and two other paths:

2.Are these the correct variables to setup or Im missing something else :

  • enabled
  • allow_sign_up
  • idp_metadata, idp_metadata_path, or idp_metadata_url
  • private_key or private_key_path
  1. idp_metadata, idp_metadata_path, or idp_metadata_url – Where/How do I get this ?
  2. private_key or private_key_path – Where/How do I get this?
  3. This docs state that “For the SAML integration to work correctly, you need to make the IdP aware of the SP”. My understanding is that this means establishing a “handshake” between SP (Grafana) and IdP (ADFS) but I’m not sure about where I get the values for :

/saml/metadata endpoint

/saml/acs endpoint

  1. How do I test that the config is working?
  2. Where do I test from ? Grafana ? ADFS? Or both?
  3. What do I need to setup from ADFS side?