diff --git a/conf/defaults.ini b/conf/defaults.ini
index bf0bf994b56..492151a87f2 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -937,6 +937,7 @@ auto_sign_up = false
 url_login = false
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
+tls_skip_verify_insecure = false
 
 #################################### Auth LDAP ###########################
 [auth.ldap]
diff --git a/conf/sample.ini b/conf/sample.ini
index da688f03078..f695824f04f 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -907,6 +907,7 @@
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
 ;signout_redirect_url =
+;tls_skip_verify_insecure = false
 
 #################################### Auth LDAP ##########################
 [auth.ldap]
diff --git a/pkg/services/auth/jwt/key_sets.go b/pkg/services/auth/jwt/key_sets.go
index 5361f3b3fbb..2e5d6b22001 100644
--- a/pkg/services/auth/jwt/key_sets.go
+++ b/pkg/services/auth/jwt/key_sets.go
@@ -161,7 +161,8 @@ func (s *AuthService) initKeySet() error {
 			client: &http.Client{
 				Transport: &http.Transport{
 					TLSClientConfig: &tls.Config{
-						Renegotiation: tls.RenegotiateFreelyAsClient,
+						Renegotiation:      tls.RenegotiateFreelyAsClient,
+						InsecureSkipVerify: s.Cfg.JWTAuth.TlsSkipVerify,
 					},
 					Proxy: http.ProxyFromEnvironment,
 					DialContext: (&net.Dialer{
diff --git a/pkg/setting/setting_jwt.go b/pkg/setting/setting_jwt.go
index 42b8009de4b..2a559a145b7 100644
--- a/pkg/setting/setting_jwt.go
+++ b/pkg/setting/setting_jwt.go
@@ -27,6 +27,7 @@ type AuthJWTSettings struct {
 	GroupsAttributePath     string
 	EmailAttributePath      string
 	UsernameAttributePath   string
+	TlsSkipVerify           bool
 }
 
 type ExtJWTSettings struct {
@@ -69,6 +70,7 @@ func (cfg *Cfg) readAuthJWTSettings() {
 	jwtSettings.GroupsAttributePath = valueAsString(authJWT, "groups_attribute_path", "")
 	jwtSettings.EmailAttributePath = valueAsString(authJWT, "email_attribute_path", "")
 	jwtSettings.UsernameAttributePath = valueAsString(authJWT, "username_attribute_path", "")
+	jwtSettings.TlsSkipVerify = authJWT.Key("tls_skip_verify_insecure").MustBool(false)
 
 	cfg.JWTAuth = jwtSettings
 }