* update docs on how to configure SCIM with okta
* fix enterprise link
* add introductory paragraph under "Configure provisioning settings"
This paragraph has been added to avoid stacked headings that break the flow of the documentation and hurt SEO
* split SCIM connector base URL config for cloud and onprem
---------
Co-authored-by: Irene Rodríguez <irene.rodriguez@grafana.com>
* Docs: SAML docs refactoring
* Cleanup the root page
* Update the root file
* Refactor Azure AD guide
* Change the order of the tree
* Remove the index file again, back from main
* SAML UI page review and editing
* Review and edit SAML config options page
* SAML signing and encryption edit/review
* Remaining pages and aliases
* Fix PR comments
* More fixes
* Update _index.md
* Update _index.md
* Update _index.md
* Apply suggestions from code review
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Handle PR comments
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Docs: removing docs debt in install docs
* cleaning up set up docs debt
* fixing some vale errors
* fixing broken admonition shortcode
* fixing broken shortcode
* fixing broken shortcode
* working to the grafana authentication config
* updating some more files
* editing down to ldap in the repo
* editing ldap doc except final section with link needed
* Finishing doc debt cleanup through configure authetication
* fixing shortcodes reverted by merge conflict fix
* fixing admonition
* fixing more broken shortcodes
* adjusting some wordings ot make vale happy
* updating feature toggle info
* Docs: Create a landing page for SCIM provisioning
* Fix docs warnings
* Update docs/sources/setup-grafana/configure-security/configure-scim-provisioning/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update docs/sources/setup-grafana/configure-security/configure-scim-provisioning/_index.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Apply suggestions from code review
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Address some of the feedback and simplify few parts
* Remove repetitive wording
* Don't use possessive form, again
* Address the feedback from PR
* Docs: Manage users and teams via SCIM (#102478)
* Docs: Manage users and teams via SCIM
* Docs: Manage users and teams via SCIM
* Refactor managing users parts
* Add team sync docs
* Update _index.md
* Apply suggestions from code review
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
* Clarify how user identity linking is working
* Fix formatting
* Docs: Configure SCIM with Azure and Okta (#102582)
* Docs: Configure SCIM with Azure and Okta
* Apply suggestions from code review
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Add a warning about migration from team sync
* Remove the SAML setup instructions from SCIM docs
* Update _index.md
* Update _index.md
* Apply suggestions from code review
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Sarah Constant <sarahleejane@users.noreply.github.com>
* Address PR feedback
* Stop using possessive form
* Add a note mentioning that users/teams can not be manually deleted
* Update _index.md
* Docs: SCIM configuration options (#103085)
* Add a section to clarify how SCIM works with other IdPs
* Update _index.md
* Update _index.md
---------
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Sarah Constant <sarahleejane@users.noreply.github.com>
* replace relrefs and minor edits
* add new content and links
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* changes from linter and content suggestions
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* run prettier
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* Updating SAML for Azure specific attribute structures
Adding additional context surrounding SAML via Azure where the full attribute URL needs to be specified or it will not map correctly.
This generates a lot of support contacts and isn't documented causing friction when organizations can't set it up themselves or lack the technical staff to self manage.
* run prettier
---------
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* added backend support for client_secret_jwt
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* updated yarn lock file
* updated doc for correction
* removed wrong changes in pkg directory
* removed newline in dashboard-generate.yaml and unified.ts
* updated yarn.lock to match upstream
* Lint
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* removing unwanted changes
* added back removed newline
* fixed failing test in azuread_oauth_test.go
* Update azuread_oauth.go
removed unnecessary newline, fixed lint
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* add note that support for Auth0 audience feature is not available
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Docs: Clean up basic auth, anonymous access and main pages for auth configuration
* Fix the typo
* Prettier should fix this
* fix minor typo
* Update docs/sources/setup-grafana/configure-security/configure-authentication/_index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Irene Rodríguez <irene.rodriguez@grafana.com>
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Move the configuration options to the bottom and extend it
* Improve assertion mapping docs for Okta
* fix typo
* Update index.md
---------
Co-authored-by: Irene Rodríguez <irene.rodriguez@grafana.com>
* add docs describing what GAS is and how it can be configured
* Update configure-group-attribute-sync.md
* Update configure-group-attribute-sync.md
---------
Co-authored-by: Aaron Godin <aaron.godin@grafana.com>
Update Usage insights logs docs: Scope
As far as I can tell, in https://github.com/grafana/grafana/pull/59931
we started to record Usage Insights events for Explore queries.
And in https://github.com/grafana/grafana/pull/78097 we further improved
our implementation of that logging.
This documentation should have been updated back then to match. So I'm
updating it now.
* IAM docs: Transform `API keys` to `Migrate API keys` docs
* Update links to `API keys` in other doc pages
* Grafana UI: update help button link
* Update OpenAPI/Swagger links
* Update docs/sources/administration/service-accounts/migrate-api-keys.md
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update `relref` links to the new URL
* fix space before em dash
spaces before or after em dashes are not recommended (https://developers.google.com/style/dashes)
---------
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* Auth: Implement org role mapping for google oauth provider
* Update docs
* Remove unused function
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Conf: Add org_mapping and org_attribute_path to github and gitlab conf
* Gitlab: Implement org role mapping
* Update docs
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
Removes legacy alerting, so long and thanks for all the fish! 🐟
---------
Co-authored-by: Matthew Jacobson <matthew.jacobson@grafana.com>
Co-authored-by: Sonia Aguilar <soniaAguilarPeiron@users.noreply.github.com>
Co-authored-by: Armand Grillet <armandgrillet@users.noreply.github.com>
Co-authored-by: William Wernert <rwwiv@users.noreply.github.com>
Co-authored-by: Yuri Tseretyan <yuriy.tseretyan@grafana.com>
Vardan Torosyan
Mihai Doarna
Jack Baldry
Irene Rodríguez
colin-stuart
Jacob Valdez
Eric Leijonmarck
Ieva
Misi
Quentin Bisson
Felix Dreissig
linoman
Beverly Buchanan
Robby Milo
Ariana
Victor Cinaglia
John Naizer
bo0tzz
xavi
Jay
Dana Axinte
haelekuin
David Garcia
Ryan Crutchfield
Dai Nguyen
Sam Jewell
Isabel Matwawana
Karl Persson
Pepe Cano
AHeinlein
Mathieu Parent
Fredrik Ekre
Larissa Wandzura
Gilles De Mey
Ivana Huckova