Grafana & Okta: configure SSO, Role Management & Single Logout

Just quickly noted how to configure Grafana Role Management / Role Mapping with Okta. And also how to configure Single Logout.

Role Management

Create a new Attribute, see example below

 

Add a new claim to your custom auth server you use for Grafana

 

Configure Grafana

Example config for grafana.ini

#################################### Okta ##########################
[auth.okta]
name = Okta
enabled = true
allow_sign_up = true
client_id = 0oaainxxxxxxxxxxxx
client_secret = 6HTvpvQxxxxxxxxxxxxwENFsW
scopes = openid profile email
auth_url = https://<org>.okta.com/oauth2/default/v1/authorize
token_url = https://<org>.okta.com/oauth2/default/v1/token
api_url = https://<org>.okta.com/oauth2/default/v1/userinfo
role_attribute_path = grafana_role
;allowed_domains =
;allowed_groups =

That’s it.

 

Single Logout

Found somewhere on the internet, tested it and documenting it here for future use.

Grafana

Specify the config value :

 

signout_redirect_url = https://<org>.okta.com/login/signout?fromURI=https://grafana.domain.net

Okta

The URL given in the fromURI field needs to be configured as a Trusted Origin.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *