Streamlined Authentication, More Plugins, and Better Permission Structures with Grafana Enterprise

Published: 5 Sep 2019 by Leonard Gram RSS

With the recent release of Grafana 6.3 substantial refactoring and improvements to plugins, external auth systems, and permissions have been introduced in Grafana Enterprise. Let’s take a look at some of the latest Enterprise features here.

Premium Datasources

We work hard for you to be able to use Grafana as your single pane of glass, making it possible to visualize data from many different sources in one dashboard because we know most of you use more than one system to track what’s going on within an infrastructure.

With Enterprise we take this further, adding support for your Oracle databases and SaaS providers, like DataDog.

Current offerings include:
- Splunk
- AppDynamics
- DataDog
- Dynatrace
- New Relic
- Amazon Timestream
- Oracle Database

Authentication

Open source Grafana supports LDAP, OAuth, and Auth Proxy as alternative auth solutions. This solves the auth needs for most users. But as anyone who’s worked within a big Enterprise company knows, the devil is in the details.

To that end, SAML support has been added in Grafana Enterprise as another way to authenticate users.

The LDAP integration is improved by adding active synchronization, making it so that Grafana can continuously update the roles, permissions, and information of users who are logged into Grafana using LDAP. This is a subtle difference from what is available in open source but greatly improves control. For example, a user who is removed from LDAP will be disabled and logged out of Grafana as soon as synchronization happens.

Permissions

While many open source Grafana installations will only have a couple of users, an Enterprise company might have thousands. In those cases, it becomes more important to be able to control who has access to what, not only to block users from seeing what they shouldn’t. Increased oversight over permissions also helps to declutter the UI.

Open source Grafana has an extensive permissions system for dashboards, folders, and teams, which allows users to structure access. Teams can be used to group users, giving a designated number of people editor access to all the dashboards within a folder while others only get view access or are blocked completely.

To further improve upon permissions, two more features have been added to Grafana Enterprise.

1. Team Sync

With Team Sync, it’s possible to map groups in LDAP to teams in Grafana so that users automatically get added to Grafana teams when they login or are synchronized. This makes it a lot easier to setup the permissions structure described above.

Team Sync is supported with:
- LDAP
- GitHub OAuth
- Auth Proxy

Learn more about Team Sync here.

2. Datasource Permissions

The final piece of the puzzle is Datasource Permissions, which makes it possible to configure which users can access which data sources.

Datasource Permissions

Learn more about Datasource Permissions here.

What’s Next?

We are committed to building on Grafana Enterprise, improving existing features and adding new ones.

One goal is for Grafana Enterprise 6.4 to further support Team Sync when using GitLab OAuth as well as making it possible to create and send out PDF reports from your dashboards.

Learn more about Grafana Enterprise here.