IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Add skip_org_role_sync setting to OAuth integration Google (#61572)

Browse Source 
* WIP

* Add: skip_org_role_sync for Google OAuth

- add setting for frontend
- add read of config
- add config to sample and default

* add: docs

* spelling

* Update pkg/login/social/social.go

* Apply suggestions from code review

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* Update docs/sources/setup-grafana/configure-grafana/_index.md

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>

* removed unnessecary line

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit is contained in:
Eric Leijonmarck
2023-01-19 09:54:22 +01:00
committed by GitHub
parent 50df85189c
commit 0d42edddbf
8 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/sources/setup-grafana/configure-grafana/_index.md
View File

@@ -880,7 +880,7 @@ To prevent synchronization of organization roles for a specific OAuth integratio
The setting `oauth_skip_org_role_update_sync` will be deprecated in favor of provider-specific settings.
The following table shows the OAuth providers, the default value setting, and the skip org role sync setting.
The following table shows the OAuth provider's setting with the default value and the skip org role sync setting.
| OAuth Provider | `oauth_skip_org_role_sync_update` | `skip_org_role_sync` | Behavior |
| --- | --- | --- | --- |
| AzureAD | false | false | will sync with AzureAD roles |
@@ -888,6 +888,20 @@ The following table shows the OAuth providers, the default value setting, and th
| AzureAD | false | true | skip org role sync for AzureAD users |
| AzureAD | true | true | skip org role sync for AzureAD users and all other OAuth providers |
### [auth.google] skip_org_role_sync
Upon the first login from a user, we set the organization roles from the setting `AutoAssignOrgRole`. If you want to manage organizational roles, set the `skip_org_role_sync` option to `true`.
> **Note:** There is a separate setting called `oauth_skip_org_role_update_sync` which has a different scope. While `skip_org_role_sync` only applies to the specific OAuth provider, `oauth_skip_org_role_update_sync` is a generic setting that affects all configured OAuth providers.
The following table shows the OAuth provider's setting with the default value and the skip org role sync setting.
| OAuth Provider | `oauth_skip_org_role_sync_update` | `skip_org_role_sync` | Behavior |
| --- | --- | --- | --- |
| Google | false | false | User organization roles are set with `defaultRole` and cannot be changed |
| Google | true | false | User organization roles are set with `defaultRole` for Google. For other providers, the synchronization will be skipped, and the org role can be changed, along with other OAuth provider users' org roles. |
| Google | false | true | User organization roles are set with `defaultRole` and the org role can be changed for Google synced users. |
| Google | true | true | User organization roles are set with `defaultRole` for Google. For other providers, the synchronization will be skipped, and the org role can be changed, along with other OAuth provider users' org roles. |
### api_key_max_seconds_to_live
Limit of API key seconds to live before expiration. Default is -1 (unlimited).