IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-28 19:54:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Better explanation for enabling lookup and a small fix on okta role mapping (#96232)

Browse Source 
* Docs: Better explanation for enabling lookup and a small fix on okta role mapping

* Run prettier
This commit is contained in:
Vardan Torosyan 2024-11-12 09:44:49 +01:00 committed by GitHub
parent d2aca99d38
commit 7eb4b974e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/sources/setup-grafana/configure-security/configure-authentication/_index.md
View File

@ -177,12 +177,15 @@ disable_login_form = true
### Enable email lookup
Enable user lookup based on email in addition to using unique ID provided by IdPs.
By default, Grafana identifies users based on the unique ID provided by the identity provider (IdP).
In certain cases, however, enabling user lookups by email can be a feasible option, such as when:
By default, Grafana relies on the user unique ID provided by the identity provider.
Looking up users by email can be safe for some identity providers (for example, when they are single tenants and unique non-editable, validated emails are provided), as well as in some infrastructures.
- The identity provider is a single-tenant setup.
- Unique, validated, and non-editable emails are provided by the IdP.
- The infrastructure allows email-based identification without compromising security.
We strongly recommend against enabling email lookups, however it is possible to do with the following configuration.
**Important note**: While it is possible to configure Grafana to allow email-based user lookups, we strongly recommend against this approach in most cases due to potential security risks.
If you still choose to proceed, the following configuration can be applied to enable email lookup.
```bash
[auth]

2
docs/sources/setup-grafana/configure-security/configure-authentication/okta/index.md
View File

@ -49,7 +49,7 @@ To follow this guide, ensure you have permissions in your Okta workspace to crea
- **API URL**
For example: https://<TENANT_ID>.okta.com/oauth2/v1/userinfo
### Configure Okta to Grafana Cloud role mapping
### Configure Okta to Grafana role mapping
1. In the **Okta Admin Console**, select **Directory > Profile Editor**.
1. Select the Okta Application Profile you created previously (the default name for this is `<App name> User`).