* Auth: Implement org role mapping for google oauth provider
* Update docs
* Remove unused function
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Conf: Add org_mapping and org_attribute_path to github and gitlab conf
* Gitlab: Implement org role mapping
* Update docs
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
* query OAuth info from a new instance
* add `hd` validation flag
* add `disable_hd_validation` to settings map
* update documentation
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* initial changes for generic_oauth, okta
* updates
* add terraform examples for each provider
* add link to terraform registry for grafana_sso_settings resource
* remove auth_url, token_url and api_url from github, gitlab and google
* Add documentation for enabling email lookup
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Address review feedback
* Update TF provider version
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Use Azure AD for now
---------
Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Update Grafana.com org sync index.md
Included additional information regarding logging in with Grafana.com credentials that it will override what is defined within the Grafana instance.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Eve Meelan <81647476+Eve832@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* added Descope as an OAuth2 provider
Added docs for customers of ours that have asked us how to use Descope with Grafana. We wanted to make sure they can easily find these docs on both our website and Grafana's.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Changed note to use admonition
* Prettier
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* fix id token hint information
* Update docs/sources/setup-grafana/configure-security/configure-authentication/keycloak/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Improve groups claim setup docs
* Improve the GroupMember.Read.All perm docs
* Apply suggestions from code review
* Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
* Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
* Update the groups and app roles documentation
* Update
* Split long list to separate sections
* fix anchor
* Apply suggestions from code review
* Address other comments, fix anchors
* Address other comments, lint
* Apply suggestions from code review
* Changes
* final adjustments
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* Split signout_redirect_url into per provider settings
* update docs
* update devenvs
* add missing struct tag
---------
Co-authored-by: Rao, B V Chalapathi <b_v_chalapathi.rao@nokia.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: jguer <me@jguer.space>
* support google oauth allowed_groups. unify allowed groups logic
* add role mapping for google oauth
* add documentation
* add addendums
* remove extra isGroupMember
* add to sample ini
* Apply suggestions from code review
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* added the feature parity table to our iam strategy
* wip
* updated the table with current features
* added better formatting for explanations
* change emoji to words
* sample of new table approach
* changing the name from unsupported to N/A
* add describtion of N/A and remove warning
---------
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* Update all use of docs/shared in Grafana to use keyword arguments
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Add version inference to remaining Grafana docs/shared usage
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* sets skip_org_role_sync to true for google
* add google skiporgrolesync and sets to true always
* add field
* Update docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* add AKS to words
* script back to mina
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* init for base branch
* Add authnz code ownership
* Fix docs ownsership path
* docs revamp: Plan IAM strategy (#62582)
* Add planning page
* Add teams definition
* Expand on planning and benefits
* Add reasons to organize users
* Add description of User Teams
* Add Grafana organizations info
* Add a section between Teams and Orgs
* Add a section for external systems
* planning your role strategy
* Add service account documentation
* Add Auth Setup to index sidebar
* Address PR comments
* Add planning for API keys
* Add team and org sync
* Docs: role and permission section for planning docs (#64702)
* docs revamp: Service accounts (#63710)
* docs revamp: Add new documentation to sidebar index (#66104)
* docs revamp: synchronisation planning (#66409)
* Docs: api keys (#64803)
* Remove personal access tokens section
* Move auth integration planning page
* Remove auth folder
* Restore codeowners file
* reword and update info on user management and grouping
* Rename iam strategy page
* extend the section on teams and organizations
* Rename planning your IAM section
* Move to administration section
* Add definition for role sync
* Relocate planning
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Set every page to have defaults of 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration pages to have of 'Cloud', 'Enterprise', and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/enterprise-licensing pages to have 'Enterprise' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/organization-management pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/provisioning pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/recorded-queries pages to have labels cloud,enterprise
* Set administration/roles-and-permissions/access-control pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/stats-and-license pages to have labels cloud,enterprise
* Set alerting pages to have labels cloud,enterprise,oss
* Set breaking-changes pages to have labels cloud,enterprise,oss
* Set dashboards pages to have labels cloud,enterprise,oss
* Set datasources pages to have labels cloud,enterprise,oss
* Set explore pages to have labels cloud,enterprise,oss
* Set fundamentals pages to have labels cloud,enterprise,oss
* Set introduction/grafana-cloud pages to have labels cloud
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix introduction pages products
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set panels-visualizations pages to have labels cloud,enterprise,oss
* Set release-notes pages to have labels cloud,enterprise,oss
* Set search pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/audit-grafana pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-authentication pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/configure-authentication/enhanced-ldap pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-authentication/saml pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-hashicorp-key-vault pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-request-security pages to have labels cloud,enterprise,oss
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-team-sync pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/export-logs pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set troubleshooting pages to have labels cloud,enterprise,oss
* Set whatsnew pages to have labels cloud,enterprise,oss
* Apply updated labels from review
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
* First changes
* WIP docs
* Align current tests
* Add test for UseRefreshToken
* Update docs
* Fix
* Remove unnecessary AuthCodeURL from generic_oauth
* Change GitHub to disable use_refresh_token by default
* github oauth doc improvements
* add skip_org_role_sync to config for github provider
* update links and section headings
* update the docs based on the first PR
* update references
* update generic OAuth docs
* some more fixes and corrections
* update examples and sync sections
* fix a link
* linting
* formatting and adding more links to OAuth integrations
* add a section with config walkthrough
* fix link
* move examples to the end of the doc
* extend role mapping
* small improvements
* add a before you begin section, clean up steps, remove some text
* remove unnecessary section
* merge main 2
* OAuth -> OAuth2
* remove Centrify example because it's likely outdated
* add shared intro content
* indentation
* add refresh token to tasks, clean up more sections
* linting
* linting
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* indentation and small descriptions under headings
* add a table for config options
* clean up more sections
* rewrite email address section
* rewriting login and display name sections, plus adding line breaks
* clean up more sections
* update role mapping section
* indentation again
* update section names
* incorporates final edits
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* pr feedback
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* PR feedback: rewording
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
Robby Milo
linoman
Misi
David Garcia
Ryan Crutchfield
Dai Nguyen
Isabel Matwawana
Karl Persson
Mihai Doarna
AHeinlein
Eric Leijonmarck
Mathieu Parent
Xavi Lacasa
Fredrik Ekre
Larissa Wandzura
Ivana Huckova
Aaron Godin
Christopher Moyer
Jo
Kevin J Gao
Trần Hoàng Việt
andrewthomas92
Ieva
venkatbvc
Jack Baldry
Gabriel MABILLE
Vardan Torosyan
arukiidou
Tristan Otterpohl
Jan Garaj
Bruno Melo
Kevin Burke
Jess Sartin
Mitch Seaman
marybelvargas