Replies: 2 comments
-
|
@Jguer I saw that you plan to limit multi-org in Grafana 10. Do you have any guidance how I could modify my PR to make it easier to integrate in your rewrite? I currently try to carry the patch myself but it will be quite tedious. Syncing multi org/roles with external OAuth is a must for us, but not sure if you will ever accept such PR. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, as you may have heard, we are transitioning away from using discussions to discuss feature requests. Due to the age and number of responses to this discussion, we are deciding to close it. If this is something you would like to see in Grafana, feel free to open an issue so the discussion can continue. Thank you! |
Beta Was this translation helpful? Give feedback.
-
As of now it is impossible to define in an external userdb, organization mappings inside Grafana.
What I would like is for metadata in the external userdb to be probed and let it update ExternalUserInfo with
This way this will be updated when the user logs into grafana for the first time, given that the organization already exists.
My usecase is Zitadel which is added as an generic_oauth-provider.
I add metadata
is_grafana_admin = trueorg_roles = {"org1": "Editor"}in grafana.ini I specify
org_roles_attribute_path = "urn:zitadel:iam:user:metadata"."org_roles"is_grafana_admin_attribute_path = "urn:zitadel:iam:user:metadata"."is_grafana_admin"As these attributes are encoded with base64 (that's how Zitadel does metadata), we need to decode them, thus adding
<attribute>_encoding = "base64"The _encoding config could be a dynamic one that adds encoding to any attribute_path.
This is covered in existing PR #54320
Beta Was this translation helpful? Give feedback.
All reactions