mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
a568d421f8
* builds out refactored setup topics * Automatically fix some relrefs with mv-manager Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Use refs for tutorials content which is outside of this repository Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Manually fix complicated relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * consolidates team sync and db encryption topics * Fix relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * updates setup index file * Convert TOML to YAML Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add current alias for new alerting content Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add current aliases to new setup-grafana and configure-security pages Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * moves saml docs, updates order in TOC * Manually fix relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * added usage insights topics, adjusted weights * corrected relrefs * Fix relrefs broken in rebase Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
119 lines
3.7 KiB
Markdown
119 lines
3.7 KiB
Markdown
---
|
|
aliases:
|
|
- /docs/grafana/latest/auth/github/
|
|
- /docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/
|
|
description: Grafana OAuthentication Guide
|
|
keywords:
|
|
- grafana
|
|
- configuration
|
|
- documentation
|
|
- oauth
|
|
title: Configure GitHub OAuth2 Authentication
|
|
weight: 1400
|
|
---
|
|
|
|
# Configure GitHub OAuth2 authentication
|
|
|
|
To enable the GitHub OAuth2 you must register your application with GitHub. GitHub will generate a client ID and secret key for you to use.
|
|
|
|
## Configure GitHub OAuth application
|
|
|
|
You need to create a GitHub OAuth application (you will find this under the GitHub
|
|
settings page). When you create the application you will need to specify
|
|
a callback URL. Specify this as callback:
|
|
|
|
```bash
|
|
http://<my_grafana_server_name_or_ip>:<grafana_server_port>/grafana/login/github
|
|
```
|
|
|
|
This callback URL must match the full HTTP address that you use in your
|
|
browser to access Grafana, but with the suffix path of `/login/github`.
|
|
When the GitHub OAuth application is created you will get a Client ID and a
|
|
Client Secret. Specify these in the Grafana configuration file. For
|
|
example:
|
|
|
|
## Enable GitHub in Grafana
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
allow_sign_up = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
team_ids =
|
|
allowed_organizations =
|
|
```
|
|
|
|
You may have to set the `root_url` option of `[server]` for the callback URL to be
|
|
correct. For example in case you are serving Grafana behind a proxy.
|
|
|
|
Restart the Grafana back-end. You should now see a GitHub login button
|
|
on the login page. You can now login or sign up with your GitHub
|
|
accounts.
|
|
|
|
You may allow users to sign-up via GitHub authentication by setting the
|
|
`allow_sign_up` option to `true`. When this option is set to `true`, any
|
|
user successfully authenticating via GitHub authentication will be
|
|
automatically signed up.
|
|
|
|
### team_ids
|
|
|
|
Require an active team membership for at least one of the given teams on
|
|
GitHub. If the authenticated user isn't a member of at least one of the
|
|
teams they will not be able to register or authenticate with your
|
|
Grafana instance. For example:
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
team_ids = 150,300
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
allow_sign_up = true
|
|
```
|
|
|
|
### allowed_organizations
|
|
|
|
Require an active organization membership for at least one of the given
|
|
organizations on GitHub. If the authenticated user isn't a member of at least
|
|
one of the organizations they will not be able to register or authenticate with
|
|
your Grafana instance. For example
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
allow_sign_up = true
|
|
# space-delimited organization names
|
|
allowed_organizations = github google
|
|
```
|
|
|
|
### Team Sync (Enterprise only)
|
|
|
|
> Only available in Grafana Enterprise v6.3+
|
|
|
|
With Team Sync you can map your GitHub org teams to teams in Grafana so that your users will automatically be added to
|
|
the correct teams.
|
|
|
|
Your GitHub teams can be referenced in two ways:
|
|
|
|
- `https://github.com/orgs/<org>/teams/<slug>`
|
|
- `@<org>/<slug>`
|
|
|
|
Example: `@grafana/developers`
|
|
|
|
[Learn more about Team Sync]({{< relref "../configure-team-sync/" >}})
|