Setup Single Sign On (SSO) for Grafana with Identity

September 18, 2024

Single Sign-On (SSO) enables users to log in to multiple applications with a single set of credentials, enhancing both security and ease of use. In this guide, we will show you how to configure Grafana to use Identity as the Identity Provider, utilizing the OpenID Connect (OIDC) protocol for authentication.

This step-by-step guide will walk you through the process of integrating Grafana with Identity, ensuring your users have a seamless login experience while maintaining a secure environment.

Why SSO with Grafana?

Grafana is widely used for visualizing and monitoring data from various sources. However, managing user access and credentials across multiple tools and platforms can be tedious and pose security risks. Here’s why integrating SSO with Grafana is beneficial:

  • Simplified User Experience Users can log in once and access multiple platforms, including Grafana, without needing separate usernames and passwords.
  • Centralized Access Control Admins can manage user permissions and roles in one place, reducing the complexity of handling access across different systems.
  • Enhanced Security By using a single, centralized authentication source, you reduce the risk of password mismanagement and improve your overall security posture.
  • Enterprise Scalability As your organization grows, managing multiple credentials for various tools becomes unsustainable. SSO provides a scalable solution, allowing new users to be onboarded quickly with predefined roles and permissions.
Prerequisites

Before we begin, ensure the following:

  • An active Identity account with administrator privileges
  • A Grafana account with admin access.
  • Basic understanding of OpenID Connect (OIDC), the protocol used for SSO in Grafana
Step 1: Register Grafana in Identity
  1. Log in to Identity as an administrator.
  2. Navigate to the Clients (OAuth 2.0 > Clients) and click on New Client.
  3. Fill in the following details:
    1. Name: Grafana
    2. Client ID: Choose a unique identifier for Grafana, e.g., Grafana.
    3. Secret: Set the client secret and confirm it
    4. Scopes: Scopes define what user information will be shared. Set this to openid, profile
    5. Grant Type: Select the grant type Authorization Code
    6. Redirect URI: Set this to http://<grafana_url>/login/generic_oauth (replace <grafana_url> with your Grafana instance URL)
    7. Post Logout Redirect URI: Set this to http://<grafana_url>/login/generic_oauth
  4. Save your changes
Grafana General Details in Identity
Grafana Authentication Details in Identity
Step 2: Configure Grafana to Use Identity as an OAuth Provider
  1. Log in to Grafana as an administrator.
  2. Navigate to Administration > Authentication.
  3. Click on Generic OAuth.
  4. Enable OAuth and fill in the following details:
    1. Display Name: Set this as Identity. This name will be displayed on your Login Button i.e. "Sign In with Identity"
    2. Client ID: Use the client ID you created earlier in Identity i.e. Grafana
    3. Client Secret: Enter the client secret generated in Identity.
    4. Scopes: Enter openid profile
    5. Auth URL: https://<identity_domain>/connect/authorize (replace <identity_domain> with your Identity server’s URL). E.g. https://identity.celusion.dev/connect/authorize
    6. Token URL: https://<identity_domain>/connect/token
    7. API URL: https://<identity_domain>/connect/userinfo
    8. Allow Sign Up: Disable this to prevent users to sign up automatically when they log in via SSO.
    9. Sign out Redirect URL: Set this to http://<grafana_url>/login
    10. Expand User mapping and set the Login attribute path to preferred_username
    11. Under User mapping set the Email attribute path to email
  5. Save the configuration.
Grafana General Settings
Grafana Authentication URL
Grafana User Mapping
Step 3: Test the Integration
  1. Navigate to your Grafana instance login page
  2. You will be shown an additional button "Sign In with Identity"
  3. Click the Sign In with Identity button
  4. Enter credentials of a user who has access to Grafana. i.e. The username in Identity and the username in Grafana should be the same
  5. Complete the login process. After authentication, you will be redirected to Grafana.
Grafana Login Screen

Video Tutorial

We've also created a comprehensive video tutorial on YouTube that walks you through the entire SSO setup process in Grafana using Identity as the Identity Provider. Watch it here to see each step in action!

Conclusion

By integrating Grafana with Identity for Single Sign-On using OIDC, you simplify user authentication and centralize access control across applications. This integration enhances security and provides a seamless experience for your users.

If you encounter any issues during the setup process, check both Grafana and Identity logs for any configuration errors. For further assistance, feel free to contact our support team or refer to the official Grafana and Identity documentation.

Identity with India's National Single Sign On, Meri Pehchaan
Sep 4, 2024

Learn how to seamlessly integrate India's National Single Sign On, Meri Pehchaan as an Identity Provider with Identity and promote digital inclusion.

How banks can adapt lending to new generation preferences?
Sep 4, 2024

The future of banking is digital, transparent, and personalized, driven by Gen Z and Millennials seeking seamless, tailored experiences.

Accelerating product launches with ready API integrations
Sep 3, 2024

API gateways with ready integrations accelerate product launches by simplifying secure, compliant connections to essential services.

Join over 1,000 decision makers who receive a monthly newsletter on industry news and technology insights.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Offices
India
India

302/A, Dosti Pinnacle
Wagle Estate, Thane

Singapore
Singapore

Cantonment Towers
Tanjong Pagar

Connect with us
Call on +91 8899116977Send us a message

Reach out to us for product demonstrations or any queries.

Blog
Case Studies
News Coverage
Toolkits
Privacy Policy
Terms of Use
© 2022 Celusion