a568d421f8
* builds out refactored setup topics * Automatically fix some relrefs with mv-manager Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Use refs for tutorials content which is outside of this repository Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Manually fix complicated relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * consolidates team sync and db encryption topics * Fix relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * updates setup index file * Convert TOML to YAML Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add current alias for new alerting content Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Add current aliases to new setup-grafana and configure-security pages Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Torkel Ödegaard <torkel@grafana.com> * moves saml docs, updates order in TOC * Manually fix relrefs Signed-off-by: Jack Baldry <jack.baldry@grafana.com> * added usage insights topics, adjusted weights * corrected relrefs * Fix relrefs broken in rebase Signed-off-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Jack Baldry <jack.baldry@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.com>
2.9 KiB
| aliases | description | title | weight | ||||
|---|---|---|---|---|---|---|---|
|
Learn how to use Team Sync to synchronize between your authentication provider teams and Grafana teams. | Configure Team Sync | 1000 |
Configure Team Sync
Team sync lets you set up synchronization between your auth providers teams and teams in Grafana. This enables LDAP, OAuth, or SAML users who are members of certain teams or groups to automatically be added or removed as members of certain teams in Grafana.
Note: Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Advanced]({{< ref "/docs/grafana-cloud" >}}).
Grafana keeps track of all synchronized users in teams, and you can see which users have been synchronized in the team members list, see LDAP label in screenshot.
This mechanism allows Grafana to remove an existing synchronized user from a team when its group membership changes. This mechanism also enables you to manually add a user as member of a team, and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.
Currently the synchronization only happens when a user logs in, unless LDAP is used with the active background synchronization that was added in Grafana 6.3.
Supported providers
- [Auth Proxy]({{< relref "configure-authentication/auth-proxy/#team-sync-enterprise-only" >}})
- [Azure AD]({{< relref "configure-authentication/azuread/#team-sync-enterprise-only" >}})
- [GitHub OAuth]({{< relref "configure-authentication/github/#team-sync-enterprise-only" >}})
- [GitLab OAuth]({{< relref "configure-authentication/gitlab/#team-sync-enterprise-only" >}})
- [LDAP]({{< relref "configure-authentication/enhanced_ldap/#ldap-group-synchronization-for-teams" >}})
- [Okta]({{< relref "configure-authentication/okta/#team-sync-enterprise-only" >}})
- [SAML]({{< relref "configure-authentication/saml/#configure-team-sync" >}})
Synchronize a Grafana team with an external group
If you have already grouped some users into a team, then you can synchronize that team with an external group.
{{< figure src="/static/img/docs/enterprise/team_add_external_group.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
-
In Grafana, navigate to Configuration > Teams.
-
Select a team.
-
On the External group sync tab, and click Add group.
-
Insert the value of the group you want to sync with. This becomes the Grafana
GroupID. Examples:- For LDAP, this is the LDAP distinguished name (DN) of LDAP group you want to synchronize with the team.
- For Auth Proxy, this is the value we receive as part of the custom
Groupsheader.
-
Click
Add groupto save.