@@ -22,4 +22,16 @@ GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
|||||||
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
|
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
|
||||||
|
|
||||||
# 4. Map the Name (optional, but good for profile)
|
# 4. Map the Name (optional, but good for profile)
|
||||||
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
||||||
|
|
||||||
|
# Example mapping:
|
||||||
|
# If 'groups' contains 'admin', make them 'Admin'.
|
||||||
|
# If 'groups' contains 'editor', make them 'Editor'.
|
||||||
|
# Otherwise, default to 'Viewer'.
|
||||||
|
#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH="contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
|
||||||
|
# Sets the default role for ALL OAuth users
|
||||||
|
GF_AUTH_GENERIC_OAUTH_AUTO_ASSIGN_ORG_ROLE=Editor
|
||||||
|
GF_USERS_AUTO_ASSIGN_ORG_ROLE=Editor
|
||||||
|
# Tell Grafana NOT to try and sync roles from the OIDC claims
|
||||||
|
GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
|
||||||
|
GF_LOG_LEVEL=debug
|
||||||
Reference in New Issue
Block a user