IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove unnecessary version notices (#94839)

Browse Source
This commit is contained in:
Robby Milo 2024-10-17 11:32:17 +02:00 committed by GitHub
parent ba6829f4a7
commit c6eeb2d845
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 17 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/sources/administration/provisioning/index.md
View File

@ -84,10 +84,6 @@ You can configure Grafana to automatically delete provisioned data sources when
To do so, add `prune: true` to the root of your provisioning file.
With this configuration, Grafana also removes the provisioned data sources if you remove the provisioning file entirely.
{{< admonition type="note" >}}
The `prune` parameter is available in Grafana v11.1 and higher.
{{< /admonition >}}
### Running multiple Grafana instances
If you run multiple instances of Grafana, add a version number to each data source in the configuration and increase it when you update the configuration.

4
docs/sources/dashboards/variables/add-template-variables/index.md
View File

@ -304,7 +304,7 @@ Grafana has global built-in variables that can be used in expressions in the que
### $\_\_dashboard
> Only available in Grafana v6.7+. In Grafana 7.1, the variable changed from showing the UID of the current dashboard to the name of the current dashboard.
In Grafana 7.1, the variable changed from showing the UID of the current dashboard to the name of the current dashboard.
This variable is the name of the current dashboard.
@ -361,8 +361,6 @@ This variable is the ID of the current organization.
### $\_\_user
> Only available in Grafana v7.1+
`${__user.id}` is the ID of the current user.
`${__user.login}` is the login handle of the current user.
`${__user.email}` is the email for the current user.

4
docs/sources/datasources/elasticsearch/_index.md
View File

@ -121,10 +121,6 @@ For details on AWS SigV4, refer to the [AWS documentation](https://docs.aws.amaz
### AWS Signature Version 4 authentication
{{% admonition type="note" %}}
Available in Grafana v7.3 and higher.
{{% /admonition %}}
To sign requests to your Amazon Elasticsearch Service domain, you can enable SigV4 in Grafana's [configuration](ref:configuration).
Once AWS SigV4 is enabled, you can configure it on the Elasticsearch data source configuration page.

12
docs/sources/datasources/google-cloud-monitoring/query-editor/index.md
View File

@ -198,10 +198,6 @@ An expected result would look like: `gce_instance - compute.googleapis.com/insta
### Deep-link from Grafana panels to the Google Cloud Console Metrics Explorer
{{% admonition type="note" %}}
Available in Grafana v7.1 and higher.
{{% /admonition %}}
{{< figure src="/static/img/docs/v71/cloudmonitoring_deep_linking.png" max-width="500px" class="docs-image--no-shadow" caption="Google Cloud Monitoring deep linking" >}}
You can click on a time series in the panel to access a context menu, which contains a link to **View in Metrics Explorer in Google Cloud Console**.
@ -222,10 +218,6 @@ If the query editor rows return different units, Grafana uses the unit from the
### Use the Monitoring Query Language
{{% admonition type="note" %}}
Available in Grafana v7.4 and higher.
{{% /admonition %}}
The Monitoring Query Language (MQL) query builder helps you query and display MQL results in time series format.
To understand basic MQL concepts, refer to [Introduction to Monitoring Query Language](https://cloud.google.com/monitoring/mql).
@ -245,10 +237,6 @@ However, `{{metric.service}}` is not supported, and `{{metric.type}}` and `{{met
## Query Service Level Objectives
{{% admonition type="note" %}}
Available in Grafana v7.0 and higher.
{{% /admonition %}}
{{< figure src="/static/img/docs/google-cloud-monitoring/slo-query-builder-8-0.png" max-width="400px" class="docs-image--no-shadow" caption="Service Level Objectives (SLO) query editor" >}}
The SLO query builder helps you visualize SLO data in time series format.

4
docs/sources/datasources/graphite/template-variables/index.md
View File

@ -125,10 +125,6 @@ For example, `apps.$app.servers.*` uses the variable `$app` in its query definit
### Use `__searchFilter` to filter query variable results
{{% admonition type="note" %}}
Available in Grafana v6.5 and higher.
{{% /admonition %}}
You can use `__searchFilter` in the query field to filter the query result based on what the user types in the dropdown select box.
The default value for `__searchFilter` is `*` if you've not entered anything, and `` when used as part of a regular expression.

1
docs/sources/datasources/jaeger/_index.md
View File

@ -110,7 +110,6 @@ You can also configure settings specific to the Jaeger data source. These option
![Trace to logs settings](/media/docs/tempo/tempo-trace-to-logs-9-4.png)
{{% admonition type="note" %}}
Available in Grafana v7.4 and higher.
If you use Grafana Cloud, open a [support ticket in the Cloud Portal](/profile/org#support) to access this feature.
{{% /admonition %}}

4
docs/sources/datasources/loki/query-editor/index.md
View File

@ -252,10 +252,6 @@ In your `server` section, add the following configuration:
}
```
{{% admonition type="note" %}}
Available in Grafana v6.3 and higher.
{{% /admonition %}}
## Create a metric query
You can use LogQL to wrap a log query with functions that create metrics from your logs.

2
docs/sources/datasources/mssql/query-editor/index.md
View File

@ -393,8 +393,6 @@ ORDER BY 1
**Example region query using time and timeend columns with epoch values:**
> Only available in Grafana v6.6+.
```sql
SELECT
time_sec as time,

4
docs/sources/datasources/mysql/_index.md
View File

@ -99,7 +99,7 @@ Administrators can also [configure the data source via YAML](#provision-the-data
| **Session Timezone** | Specifies the timezone used in the database session, such as `Europe/Berlin` or `+02:00`. Required if the timezone of the database (or the host of the database) is set to something other than UTC. Set this to `+00:00` so Grafana can handle times properly. Set the value used in the session with `SET time_zone='...'`. If you leave this field empty, the timezone will not be updated. For more information, refer to [MySQL Server Time Zone Support](https://dev.mysql.com/doc/en/time-zone-support.html). |
| **Max open** | The maximum number of open connections to the database, default `100` (Grafana v5.4+). |
| **Max idle** | The maximum number of connections in the idle connection pool, default `100` (Grafana v5.4+). |
| **Auto (max idle)** | Toggle to set the maximum number of idle connections to the number of maximum open connections (available in Grafana v9.5.1+). Default is `true`. |
| **Auto (max idle)** | Toggle to set the maximum number of idle connections to the number of maximum open connections. Default is `true`. |
| **Allow cleartext passwords** | Allows the use of the [cleartext client side plugin](https://dev.mysql.com/doc/en/cleartext-pluggable-authentication.html) as required by a specific type of account, such as one defined with the [PAM authentication plugin](https://dev.mysql.com/doc/en/pam-pluggable-authentication.html). <br />**Sending passwords in clear text may be a security problem in some configurations**. To avoid password issues, it is recommended that clients connect to a MySQL server using a method that protects the password. Possibilities include [TLS / SSL](https://github.com/go-sql-driver/mysql#tls), IPsec, or a private network. Default is `false`. |
| **Max lifetime** | The maximum amount of time in seconds a connection may be reused. This should always be lower than configured [wait_timeout](https://dev.mysql.com/doc/en/server-system-variables.html#sysvar_wait_timeout) in MySQL (Grafana v5.4+). The default is `14400` or 4 hours. |
@ -568,8 +568,6 @@ WHERE
**Example region query using time and timeend columns with epoch values:**
> Only available in Grafana v6.6+.
```sql
SELECT
epoch_time as time,

2
docs/sources/datasources/postgres/_index.md
View File

@ -487,8 +487,6 @@ WHERE
**Example region query using time and timeend columns with epoch values:**
> Only available in Grafana v6.6+.
```sql
SELECT
epoch_time as time,

4
docs/sources/datasources/prometheus/_index.md
View File

@ -171,10 +171,6 @@ For details on AWS SigV4, refer to the [AWS documentation](https://docs.aws.amaz
### AWS Signature Version 4 authentication
{{% admonition type="note" %}}
Available in Grafana v7.3.5 and higher.
{{% /admonition %}}
To connect the Prometheus data source to Amazon Managed Service for Prometheus using SigV4 authentication, refer to the AWS guide to [Set up Grafana open source or Grafana Enterprise for use with AMP](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-query-standalone-grafana.html).
If you run Grafana in an Amazon EKS cluster, follow the AWS guide to [Query using Grafana running in an Amazon EKS cluster](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-query-grafana-7.3.html).

2
docs/sources/datasources/prometheus/query-editor/index.md
View File

@ -143,7 +143,7 @@ Click **Inspector** to get detailed statistics regarding your query. Inspector f
**Builder mode** helps you build queries using a visual interface. This option is best for users who have limited or no previous experience working with Prometheus and PromQL.
This video demonstrates how to use the visual Prometheus query builder available in Grafana v9.0:
This video demonstrates how to use the visual Prometheus query builder:
{{< vimeo 720004179 >}}

4
docs/sources/datasources/prometheus/template-variables/index.md
View File

@ -109,10 +109,6 @@ Regex:
## Use `$__rate_interval`
{{% admonition type="note" %}}
Available in Grafana v7.2 and higher.
{{% /admonition %}}
We recommend using `$__rate_interval` in the `rate` and `increase` functions instead of `$__interval` or a fixed interval value.
Because `$__rate_interval` is always at least four times the value of the Scrape interval, it avoid problems specific to Prometheus.

1
docs/sources/datasources/zipkin/_index.md
View File

@ -103,7 +103,6 @@ To configure basic settings for the data source, complete the following steps:
![Trace to logs settings](/media/docs/tempo/tempo-trace-to-logs-9-4.png)
{{% admonition type="note" %}}
Available in Grafana v7.4 and higher.
If you use Grafana Cloud, open a [support ticket in the Cloud Portal](/profile/org#support) to access this feature.
{{% /admonition %}}

2
docs/sources/developers/http_api/folder_dashboard_search.md
View File

@ -37,7 +37,7 @@ Query parameters:
- **folderUIDs** List of folder UIDs to search in
- **starred** Flag indicating if only starred Dashboards should be returned
- **limit** Limit the number of returned results (max is 5000; default is 1000)
- **page** Use this parameter to access hits beyond limit. Numbering starts at 1. limit param acts as page size. Only available in Grafana v6.2+.
- **page** Use this parameter to access hits beyond limit. Numbering starts at 1. limit param acts as page size.
**Example request for retrieving folders and dashboards at the root level**:

42
docs/sources/setup-grafana/configure-grafana/_index.md
View File

@ -300,10 +300,6 @@ Path where the socket should be created when `protocol=socket`. Make sure Grafan
### cdn_url
{{% admonition type="note" %}}
Available in Grafana v7.4 and later versions.
{{% /admonition %}}
Specify a full HTTP URL address to the root of your Grafana CDN assets. Grafana will add edition and version paths.
For example, given a cdn url like `https://cdn.myserver.com` grafana will try to load a javascript file from
@ -547,10 +543,6 @@ Set to false, disables checking for new versions of Grafana from Grafana's GitHu
### check_for_plugin_updates
{{% admonition type="note" %}}
Available in Grafana v8.5.0 and later versions.
{{% /admonition %}}
Set to false disables checking for new versions of installed plugins from https://grafana.com. When enabled, the check for a new plugin runs every 10 minutes. It will notify, via the UI, when a new plugin update exists. The check itself will not prompt any auto-updates of the plugin, nor will it send any sensitive information.
### google_analytics_ua_id
@ -611,8 +603,6 @@ Set to `false` to remove all feedback links from the UI. Default is `true`.
### disable_initial_admin_creation
> Only available in Grafana v6.5+.
Disable creation of admin user on first start of Grafana. Default is `false`.
### admin_user
@ -776,8 +766,6 @@ Number dashboard versions to keep (per dashboard). Default: `20`, Minimum: `1`.
### min_refresh_interval
> Only available in Grafana v6.7+.
This feature prevents users from setting the dashboard refresh interval to a lower value than a given interval value. The default interval value is 5 seconds.
The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. `30s` or `1m`.
@ -2219,10 +2207,6 @@ Options to configure a remote HTTP image rendering service, e.g. using https://g
#### renderer_token
{{% admonition type="note" %}}
Available in Grafana v9.1.2 and Image Renderer v3.6.1 or later.
{{% /admonition %}}
An auth token will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer.
### server_url
@ -2312,10 +2296,6 @@ Enter a comma-separated list of plugin identifiers to avoid loading (including c
### max_connections
{{% admonition type="note" %}}
Available in Grafana v8.0 and later versions.
{{% /admonition %}}
The `max_connections` option specifies the maximum number of connections to the Grafana Live WebSocket endpoint per Grafana server instance. Default is `100`.
Refer to [Grafana Live configuration documentation]({{< relref "../set-up-grafana-live" >}}) if you specify a number higher than default since this can require some operating system and infrastructure tuning.
@ -2324,10 +2304,6 @@ Refer to [Grafana Live configuration documentation]({{< relref "../set-up-grafan
### allowed_origins
{{% admonition type="note" %}}
Available in Grafana v8.0.4 and later versions.
{{% /admonition %}}
The `allowed_origins` option is a comma-separated list of additional origins (`Origin` header of HTTP Upgrade request during WebSocket connection establishment) that will be accepted by Grafana Live.
If not set (default), then the origin is matched over [root_url]({{< relref "#root_url" >}}) which should be sufficient for most scenarios.
@ -2343,10 +2319,6 @@ allowed_origins = "https://*.example.com"
### ha_engine
{{% admonition type="note" %}}
Available in Grafana v8.1 and later versions.
{{% /admonition %}}
**Experimental**
The high availability (HA) engine name for Grafana Live. By default, it's not set. The only possible value is "redis".
@ -2355,10 +2327,6 @@ For more information, refer to the [Configure Grafana Live HA setup]({{< relref
### ha_engine_address
{{% admonition type="note" %}}
Available in Grafana v8.1 and later versions.
{{% /admonition %}}
**Experimental**
Address string of selected the high availability (HA) Live engine. For Redis, it's a `host:port` string. Example:
@ -2380,7 +2348,7 @@ Properties described in this section are available for all plugins, but you must
### tracing
{{% admonition type="note" %}}
Available in Grafana v9.5.0 or later, and [OpenTelemetry must be configured as well](#tracingopentelemetry).
[OpenTelemetry must be configured as well](#tracingopentelemetry).
{{% /admonition %}}
If `true`, propagate the tracing context to the plugin backend and enable tracing (if the backend supports it).
@ -2543,10 +2511,6 @@ Use to disable updates for additional specific feature toggles in the feature ma
## [date_formats]
{{% admonition type="note" %}}
The date format options below are only available in Grafana v7.2+.
{{% /admonition %}}
This section controls system-wide defaults for date formats used in time ranges, graphs, and date input boxes.
The format patterns use [Moment.js](https://momentjs.com/docs/#/displaying/) formatting tokens.
@ -2585,10 +2549,6 @@ Set the default start of the week, valid values are: `saturday`, `sunday`, `mond
## [expressions]
{{% admonition type="note" %}}
This feature is available in Grafana v7.4 and later versions.
{{% /admonition %}}
### enabled
Set this to `false` to disable expressions and hide them in the Grafana UI. Default is `true`.

10
docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
View File

@ -143,13 +143,11 @@ Every role requires a [Universally Unique Identifier](https://en.wikipedia.org/w
### Assign server administrator privileges
> Available in Grafana v9.2 and later versions.
If the application role received by Grafana is `GrafanaAdmin`, Grafana grants the user server administrator privileges.
This is useful if you want to grant server administrator privileges to a subset of users.
If the application role received by Grafana is `GrafanaAdmin`, Grafana grants the user server administrator privileges.
This is useful if you want to grant server administrator privileges to a subset of users.
Grafana also assigns the user the `Admin` role of the default organization.
The setting `allow_assign_grafana_admin` under `[auth.azuread]` must be set to `true` for this to work.
The setting `allow_assign_grafana_admin` under `[auth.azuread]` must be set to `true` for this to work.
If the setting is set to `false`, the user is assigned the role of `Admin` of the default organization, but not server administrator privileges.
```json
@ -255,8 +253,6 @@ Verify that the Grafana [root_url]({{< relref "../../../configure-grafana#root_u
### Configure refresh token
> Available in Grafana v9.3 and later versions.
When a user logs in using an OAuth provider, Grafana verifies that the access token has not expired. When an access token expires, Grafana uses the provided refresh token (if any exists) to obtain a new access token.
Grafana uses a refresh token to obtain a new access token without requiring the user to log in again. If a refresh token doesn't exist, Grafana logs the user out of the system after the access token has expired.

2
docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
View File

@ -181,8 +181,6 @@ Refer to the following table for information on what to configure based on how t
### Configure a refresh token
> Available in Grafana v9.3 and later versions.
When a user logs in using an OAuth2 provider, Grafana verifies that the access token has not expired. When an access token expires, Grafana uses the provided refresh token (if any exists) to obtain a new access token.
Grafana uses a refresh token to obtain a new access token without requiring the user to log in again. If a refresh token doesn't exist, Grafana logs the user out of the system after the access token has expired.

2
docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
View File

@ -116,8 +116,6 @@ To configure GitLab authentication with Grafana, follow these steps:
### Configure a refresh token
> Available in Grafana v9.3 and later versions.
When a user logs in using an OAuth provider, Grafana verifies that the access token has not expired. When an access token expires, Grafana uses the provided refresh token (if any exists) to obtain a new access token.
Grafana uses a refresh token to obtain a new access token without requiring the user to log in again. If a refresh token doesn't exist, Grafana logs the user out of the system after the access token has expired.

8
docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md
View File

@ -134,8 +134,6 @@ interception attacks. PKCE will be required in [OAuth 2.1](https://datatracker.i
#### Configure refresh token
> Available in Grafana v9.3 and later versions.
When a user logs in using an OAuth provider, Grafana verifies that the access token has not expired. When an access token expires, Grafana uses the provided refresh token (if any exists) to obtain a new access token.
Grafana uses a refresh token to obtain a new access token without requiring the user to log in again. If a refresh token doesn't exist, Grafana logs the user out of the system after the access token has expired.
@ -159,8 +157,6 @@ auto_login = true
### Configure team sync for Google OAuth
> Available in Grafana v10.1.0 and later versions.
With team sync, you can easily add users to teams by utilizing their Google groups. To set up team sync for Google OAuth, refer to the following example.
1. Enable the Google Cloud Identity API on your [organization's dashboard](https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/).
@ -182,8 +178,6 @@ To learn more about Team Sync, refer to [Configure Team Sync]({{< relref "../../
#### Configure allowed groups
> Available in Grafana v10.2.0 and later versions.
To limit access to authenticated users that are members of one or more groups, set `allowed_groups`
to a comma or space separated list of groups.
@ -193,8 +187,6 @@ Google groups are referenced by the group email key. For example, `developers@go
#### Configure role mapping
> Available in Grafana v10.2.0 and later versions.
Unless `skip_org_role_sync` option is enabled, the user's role will be set to the role mapped from Google upon user login. If no mapping is set the default instance role is used.
The user's role is retrieved using a [JMESPath](http://jmespath.org/examples.html) expression from the `role_attribute_path` configuration option.

6
docs/sources/setup-grafana/configure-security/configure-authentication/keycloak/index.md
View File

@ -159,11 +159,9 @@ Grafana supports ID token hints for single logout. Grafana automatically adds th
## Allow assigning Grafana Admin
> Available in Grafana v9.2 and later versions.
If the application role received by Grafana is `GrafanaAdmin` , Grafana grants the user server administrator privileges.
This is useful if you want to grant server administrator privileges to a subset of users.
This is useful if you want to grant server administrator privileges to a subset of users.
Grafana also assigns the user the `Admin` role of the default organization.
```ini
@ -173,8 +171,6 @@ allow_assign_grafana_admin = true
### Configure refresh token
> Available in Grafana v9.3 and later versions.
When a user logs in using an OAuth provider, Grafana verifies that the access token has not expired. When an access token expires, Grafana uses the provided refresh token (if any exists) to obtain a new access token.
Grafana uses a refresh token to obtain a new access token without requiring the user to log in again. If a refresh token doesn't exist, Grafana logs the user out of the system after the access token has expired.

20
docs/sources/setup-grafana/configure-security/configure-authentication/ldap/index.md
View File

@ -144,10 +144,6 @@ bind_password = "${LDAP_ADMIN_PASSWORD}"
## LDAP debug view
{{% admonition type="note" %}}
Available in Grafana v6.4+
{{% /admonition %}}
Grafana has an LDAP debug view built-in which allows you to test your LDAP configuration directly within Grafana. Only Grafana admins can use the LDAP debug view.
Within this view, you'll be able to see which LDAP servers are currently reachable and test your current configuration.
@ -218,7 +214,7 @@ The first group mapping that an LDAP user is matched to will be used for the syn
[[servers.group_mappings]]
group_dn = "cn=superadmins,dc=grafana,dc=org"
org_role = "Admin"
grafana_admin = true # Available in Grafana v5.3 and above
grafana_admin = true
[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
@ -233,12 +229,12 @@ group_dn = "*"
org_role = "Viewer"
```
| Setting | Required | Description | Default |
| --------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `group_dn` | Yes | LDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (`"*"`) |
| `org_role` | Yes | Assign users of `group_dn` the organization role `Admin`, `Editor`, or `Viewer`. The organization role name is case sensitive. |
| `org_id` | No | The Grafana organization database id. Setting this allows for multiple group_dn's to be assigned to the same `org_role` provided the `org_id` differs | `1` (default org id) |
| `grafana_admin` | No | When `true` makes user of `group_dn` Grafana server admin. A Grafana server admin has admin access over all organizations and users. Available in Grafana v5.3 and above | `false` |
| Setting | Required | Description | Default |
| --------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
| `group_dn` | Yes | LDAP distinguished name (DN) of LDAP group. If you want to match all (or no LDAP groups) then you can use wildcard (`"*"`) |
| `org_role` | Yes | Assign users of `group_dn` the organization role `Admin`, `Editor`, or `Viewer`. The organization role name is case sensitive. |
| `org_id` | No | The Grafana organization database id. Setting this allows for multiple group_dn's to be assigned to the same `org_role` provided the `org_id` differs | `1` (default org id) |
| `grafana_admin` | No | When `true` makes user of `group_dn` Grafana server admin. A Grafana server admin has admin access over all organizations and users. | `false` |
{{% admonition type="note" %}}
Commenting out a group mapping requires also commenting out the header of
@ -254,7 +250,7 @@ Example:
[[servers.group_mappings]]
group_dn = "cn=superadmins,dc=grafana,dc=org"
org_role = "Admin"
grafana_admin = true # Available in Grafana v5.3 and above
grafana_admin = true
# [[servers.group_mappings]]
# group_dn = "cn=admins,dc=grafana,dc=org"

36
docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
View File

@ -346,10 +346,6 @@ The table below describes all SAML configuration options. Continue reading below
### Signature algorithm
{{% admonition type="note" %}}
Available in Grafana version 7.3 and later.
{{% /admonition %}}
The SAML standard recommends using a digital signature for some types of messages, like authentication or logout requests. If the `signature_algorithm` option is configured, Grafana will put a digital signature into SAML requests. Supported signature types are `rsa-sha1`, `rsa-sha256`, `rsa-sha512`. This option should match your IdP configuration, otherwise, signature validation will fail. Grafana uses key and certificate configured with `private_key` and `certificate` options for signing SAML requests.
### Specify user's Name ID
@ -398,20 +394,12 @@ The integration provides two key endpoints as part of Grafana:
### IdP-initiated Single Sign-On (SSO)
{{% admonition type="note" %}}
Available in Grafana version 7.3 and later.
{{% /admonition %}}
By default, Grafana allows only service provider (SP) initiated logins (when the user logs in with SAML via Grafanas login page). If you want users to log in into Grafana directly from your identity provider (IdP), set the `allow_idp_initiated` configuration option to `true` and configure `relay_state` with the same value specified in the IdP configuration.
IdP-initiated SSO has some security risks, so make sure you understand the risks before enabling this feature. When using IdP-initiated SSO, Grafana receives unsolicited SAML requests and can't verify that login flow was started by the user. This makes it hard to detect whether SAML message has been stolen or replaced. Because of this, IdP-initiated SSO is vulnerable to login cross-site request forgery (CSRF) and man in the middle (MITM) attacks. We do not recommend using IdP-initiated SSO and keeping it disabled whenever possible.
### Single logout
{{% admonition type="note" %}}
Available in Grafana version 7.3 and later.
{{% /admonition %}}
SAML's single logout feature allows users to log out from all applications associated with the current IdP session established via SAML SSO. If the `single_logout` option is set to `true` and a user logs out, Grafana requests IdP to end the user session which in turn triggers logout from all other applications the user is logged into using the same IdP session (applications should support single logout). Conversely, if another application connected to the same IdP logs out using single logout, Grafana receives a logout request from IdP and ends the user session.
`HTTP-Redirect` and `HTTP-POST` bindings are supported for single logout.
@ -456,10 +444,6 @@ auto_login = true
### Configure team sync
{{% admonition type="note" %}}
Team sync support for SAML is available in Grafana version 7.0 and later.
{{% /admonition %}}
To use SAML Team sync, set [`assertion_attribute_groups`]({{< relref "../../../configure-grafana/enterprise-configuration#assertion_attribute_groups" >}}) to the attribute name where you store user groups. Then Grafana will use attribute values extracted from SAML assertion to add user into the groups with the same name configured on the External group sync tab.
{{% admonition type="note" %}}
@ -502,10 +486,6 @@ The following `External Group ID`s would be valid for input in the desired team'
### Configure role sync
{{% admonition type="note" %}}
Available in Grafana version 7.0 and later.
{{% /admonition %}}
Role sync allows you to map user roles from an identity provider to Grafana. To enable role sync, configure role attribute and possible values for the Editor, Admin, and Grafana Admin roles. For more information about user roles, refer to [Roles and permissions]({{< relref "../../../../administration/roles-and-permissions" >}}).
1. In the configuration file, set [`assertion_attribute_role`]({{< relref "../../../configure-grafana/enterprise-configuration#assertion_attribute_role" >}}) option to the attribute name where the role information will be extracted from.
@ -533,10 +513,6 @@ role_values_grafana_admin = superadmin
**Important**: When role sync is configured, any changes of user roles and organization membership made manually in Grafana will be overwritten on next user login. Assign user organizations and roles in the IdP instead.
{{% admonition type="note" %}}
Available in Grafana version 9.2 and later.
{{% /admonition %}}
If you don't want user organizations and roles to be synchronized with the IdP, you can use the `skip_org_role_sync` configuration option.
Example configuration:
@ -548,10 +524,6 @@ skip_org_role_sync = true
### Configure organization mapping
{{% admonition type="note" %}}
Available in Grafana version 7.0 and later.
{{% /admonition %}}
Organization mapping allows you to assign users to particular organization in Grafana depending on attribute value obtained from identity provider.
1. In configuration file, set [`assertion_attribute_org`]({{< relref "../../../configure-grafana/enterprise-configuration#assertion_attribute_org" >}}) to the attribute name you store organization info in. This attribute can be an array if you want a user to be in multiple organizations.
@ -574,10 +546,6 @@ You can use `*` as the SAML Organization if you want all your users to be in som
- `org_mapping = *:2:Editor` to map all users to `2` in Grafana as Editors.
{{% admonition type="note" %}}
Available in Grafana version 9.2 and later.
{{% /admonition %}}
You can use `*` as the Grafana organization in the mapping if you want all users from a given SAML Organization to be added to all existing Grafana organizations.
- `org_mapping = Engineering:*` to map users from `Engineering` to all existing Grafana organizations.
@ -585,10 +553,6 @@ You can use `*` as the Grafana organization in the mapping if you want all users
### Configure allowed organizations
{{% admonition type="note" %}}
Available in Grafana version 7.0 and later.
{{% /admonition %}}
With the [`allowed_organizations`]({{< relref "../../../configure-grafana/enterprise-configuration#allowed_organizations" >}}) option you can specify a list of organizations where the user must be a member of at least one of them to be able to log in to Grafana.
To put values containing spaces in the list, use the following JSON syntax: