Grafana
Features
Plugins
Contribute
Dashboards
Products
Grafana Cloud
Grafana Enterprise Stack
Open Source
Grafana
Cortex
Graphite
Grafana Loki
Grafana Metrictank
Prometheus
Grafana Tanka
Grafana Tempo
Learn
Blog
Success stories
Community
Documentation
Webinars and videos
Grafana ObservabilityCON 2020
Tutorials
Downloads
Login
Contact us
Features

Learn about the monitoring solution for every database.
Plugins

Customize your Grafana experience with specialized dashboards, data sources, and apps.
Contribute

Love Grafana? Help us make it even better!
Dashboards

Browse a library of official and community-built dashboards.
Get Grafana

An easy-to-use, fully composable observability stack. Create your free account.

Grafana Cloud

An easy-to-use, fully composable observability stack. Create your free account.
Grafana Enterprise Stack

The best way to compose and scale observability on your own infrastructure.
Grafana

Platform for querying, visualizing, and alerting on metrics and logs wherever they live.
Cortex

Highly scalable, multi-tenant, durable, and fast Prometheus implementation.
Graphite

Scalable monitoring system for timeseries data.
Grafana Loki

Horizontally scalable, multi-tenant log aggregation system inspired by Prometheus.
Grafana Metrictank

Multi-tenant timeseries platform for Graphite.
Prometheus

De facto monitoring system for Kubernetes and cloud native.
Grafana Tanka

Configuration utility for Kubernetes clusters, powered by Jsonnet.
Grafana Tempo

Tempo is an easy-to-operate, high-scale, and cost-effective distributed tracing system.
Blog

The latest news, releases, features, and how-tos.
Success stories

What end users are saying about Grafana, Cortex, Loki, and more.
Community

Ask questions, request help, and discuss all things Grafana.
Documentation

Guides for installation, getting started, and more.
Webinars and videos

Step-by-step guides to help you make the most of Grafana.
Grafana ObservabilityCON 2020

On-demand sessions on Prometheus, Loki, Cortex, Tempo tracing, plugins, and more.
Tutorials

Step-by-step guides to help you make the most of Grafana.
Integrate OAuth

Integrate GEL with an existing OAuth

Grafana Enterprise Logs supports the OpenID Connect (OIDC) core standard to validate tokens. This allows you to integrate GEL with an existing OAuth token provider at your organization.

To support OIDC, provide a URL in the auth.admin.oidc.url setting. This corresponds to the jwks_uri field in the JSON object found at the OpenID Connect Discovery endpoints such as https://<example.com>/.well-known/openid-configuration.

A JWT is included as the password in HTTP basic authentication or as part of a bearer token in bearer authentication. The bearer token should have two parts separated by a :. The first part is the tenant ID. The second part is the JWT.

The JWT is validated against the URL specified above. If it is valid then an access policy name is extracted. The regular expression in auth.admin.oidc.access_policy_regex is run against the JWT claim field specified in auth.admin.oidc.access_policy_claim.

A sub-match has to be present to extract the access policy. Only the first sub-match is used. You can use the regular expression (.*) for the whole claim field.

The regular expression syntax is RE2.

Example OAuth configuration

To use OIDC specify the auth.type as enterprise. Here is an example auth section:

auth:
  type: enterprise
  admin:
    oidc:
      url: http://127.0.0.1:5556/dex/keys
      access_policy_claim: "sub"
      access_policy_regex: "pref-([0-9]+)-.*"

Here is an example payload section of a valid JWT:

{
  "sub": "pref-1234567890-abc",
  "name": "John Doe",
  "admin": true
}

The extracted access policy is 1234567890.

waving hand emoji

Keep up with us.
Product developments and observability innovations.

Copyright 2021 © Grafana Labs

Sitemap

Legal and Security
Terms of Service
Trademark Policy
Grafana Labs uses cookies for the normal operation of this website. Learn more.
Grafana Cloud

New free and paid plans for Grafana Cloud
Beautiful dashboards, logs (Loki), metrics (Prometheus & Graphite) & more

Create account Learn more