diff --git a/docs/sources/setup-grafana/configure-grafana/_index.md b/docs/sources/setup-grafana/configure-grafana/_index.md index 93f110a1036..02ff33bb8c6 100644 --- a/docs/sources/setup-grafana/configure-grafana/_index.md +++ b/docs/sources/setup-grafana/configure-grafana/_index.md @@ -923,7 +923,7 @@ reset to the default organization role on every login. [See `auto_assign_org_rol `skip_org_role_sync` default value is `false`. -With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See provider specifities in the tables below. +With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See your provider in the tables below. With `skip_org_role_sync` set to `true`, when a user logs in for the first time, Grafana sets the organization role based on the value specified in `auto_assign_org_role` and forces the organization to `auto_assign_org_id` when specified, otherwise it falls back to OrgID `1`. diff --git a/docs/sources/setup-grafana/configure-security/configure-authentication/jwt/index.md b/docs/sources/setup-grafana/configure-security/configure-authentication/jwt/index.md index 4252ffa0b62..47ed42b075c 100644 --- a/docs/sources/setup-grafana/configure-security/configure-authentication/jwt/index.md +++ b/docs/sources/setup-grafana/configure-security/configure-authentication/jwt/index.md @@ -77,17 +77,6 @@ For embedding to work, you must enable `allow_embedding` in the [security sectio In a scenario where it is not possible to rewrite the request headers you can use URL login instead. -## Skip organization role - -To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration. - -```ini -[auth.jwt] -# ... - -skip_org_role_sync = true -``` - ### URL login `url_login` allows grafana to search for a JWT in the URL query parameter @@ -228,3 +217,14 @@ role_attribute_path = contains(info.roles[*], 'admin') && 'Admin' || contains(in ### Grafana Admin Role If the `role_attribute_path` property returns a `GrafanaAdmin` role, Grafana Admin is not assigned by default, instead the `Admin` role is assigned. To allow `Grafana Admin` role to be assigned set `allow_assign_grafana_admin = true`. + +### Skip organization role mapping + +To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration. + +```ini +[auth.jwt] +# ... + +skip_org_role_sync = true +```