Skip to content

Instantly share code, notes, and snippets.

@chilledornaments

chilledornaments/steps.md

Last active March 22, 2023 19:02
Show Gist options
  • Save chilledornaments/ebb29c38cb56597a318cc661a3da2a72 to your computer and use it in GitHub Desktop.
Save chilledornaments/ebb29c38cb56597a318cc661a3da2a72 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Managed Grafana + Azure AD
Raw
steps.md

Overview

Information on setting up Azure AD as an IdP for AWS Managed Grafana. This explains how to set up Admin, Viewer, and

Steps

  • Perform steps 1-10 from this document

  • Under the Azure Enterprise Application, click "Single sign-on" from the left-hand nav bar

  • Edit the "Attributes & Claims"

  • Click "Add a group claim"

    • select the radio button for "Security groups"
    • Source attribute = "Group ID"
    • Expand "Advanced Options"
      • Check "Filter groups"
        • Attibute to match = "Display name"
        • Match with = "Contains"
        • String = "Grafana" -> This could change depending on your needs
      • Check "Customize the name of the group claim"
        • Name = "role" -> This can be anything that doesn't collide with another attribute

  • Create Azure groups and assign users to them

    • In this example, you could create Grafana_Admin, Grafana_Editor, Grafana_Viewer

  • In Grafana, set the "assertion attribute role" to whatever you set the name of the group claim to ("role" in this example)

  • Role values must be the Azure Object ID(s) of the group(s)

    • In this example, you'd set the Grafana Admin role to the Object ID of the Grafana_Admin group, the Grafana Editor role gets set to the Object ID of the Grafana_Editor group, and Grafana Viewer gets set to the Object ID of the Grafana_Viewer group
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment