Secure and Seamless: Enabling Single Sign-On for Grafana.
Grafana supports Single Sign-On (SSO) integration with various authentication providers, including SAML, OAuth, LDAP, 还有更多.
To enable SSO for Grafana using SAML, you will need to configure the SAML integration with your identity provider (IdP) and update the Grafana configuration file accordingly.
Here are the high-level steps for setting up SSO in Grafana using SAML:
- Configure your identity provider (IdP) to use SAML for authentication.
- Obtain the metadata XML file from your IdP that contains the SAML settings and configuration.
- Update the Grafana configuration file (
/etc/grafana/grafana.ini
on Linux orC:\Program Files\GrafanaLabs\grafana\conf\grafana.ini
在 视窗) to include the SAML settings and configuration. - Restart the Grafana server to apply the changes.
Here’s an example configuration for SSO using SAML in Grafana:
[server]
# ...
protocol = https
domain = grafana.example.com
root_url = %(protocol)s://%(domain)s/grafana/
[auth.generic_oauth]
enabled = true
name = SSO
allow_sign_up = false
client_id = your_client_id
client_secret = your_client_secret
scopes = openid profile email groups
auth_url = https://your-idp.com/oauth2/authorize
token_url = https://your-idp.com/oauth2/token
api_url = https://your-idp.com/oauth2/userinfo
[auth.saml]
enabled = true
name = SSO
idp_metadata_url = https://your-idp.com/FederationMetadata/2007-06/FederationMetadata.xml
entity_id = https://grafana.example.com/grafana/
email_attribute_name = Email
In this example, we’ve configured both generic OAuth and SAML authentication methods. 这 auth.saml
section includes the SAML settings:
enabled
: Set totrue
to enable SAML authentication.name
: The name of the SAML provider.idp_metadata_url
: The URL to the SAML metadata file from your IdP.entity_id
: The unique identifier for the Grafana server.email_attribute_name:
The attribute in the SAML response that contains the user’s email address.
Once you’ve updated the configuration file with the appropriate SSO settings, you can restart the Grafana server to apply the changes. Your users can now log in to Grafana using SSO with your configured IdP.