* Auth: Implement org role mapping for google oauth provider
* Update docs
* Remove unused function
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Conf: Add org_mapping and org_attribute_path to github and gitlab conf
* Gitlab: Implement org role mapping
* Update docs
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* add function to static function to static service
* find email and login claims with jmespath
* rename configuration files
* Replace JWTClaims struct for map
* check for subclaims error
* query OAuth info from a new instance
* add `hd` validation flag
* add `disable_hd_validation` to settings map
* update documentation
---------
Co-authored-by: Jo <joao.guerreiro@grafana.com>
* initial changes for generic_oauth, okta
* updates
* add terraform examples for each provider
* add link to terraform registry for grafana_sso_settings resource
* remove auth_url, token_url and api_url from github, gitlab and google
* Add documentation for enabling email lookup
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Address review feedback
* Update TF provider version
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Use Azure AD for now
---------
Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Update Grafana.com org sync index.md
Included additional information regarding logging in with Grafana.com credentials that it will override what is defined within the Grafana instance.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---------
Co-authored-by: Eve Meelan <81647476+Eve832@users.noreply.github.com>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* added Descope as an OAuth2 provider
Added docs for customers of ours that have asked us how to use Descope with Grafana. We wanted to make sure they can easily find these docs on both our website and Grafana's.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Changed note to use admonition
* Prettier
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
