Menu
Grafana Cloud Account management Authorization and permissions
Grafana Cloud

Configure authorization and permissions

You can configure multiple ways to allow users to access your Grafana Cloud instance.

User authorization and authentication

Grafana Cloud uses Open Authorization, with Grafana.com as the authentication provider, by default, for all user accounts. You also have the option to configure the following authentication or authorization methods:

  • LDAP
  • SAML
  • OAUTH

Add an LDAP configuration

To add an LDAP configuration, click Open a Support Ticket from the Cloud Portal. We will request the ldap.toml file and configuration parameters and provision the provider in your Grafana instance.

To learn more about LDAP, see LDAP configuration in the Grafana documentation.

Configure SAML and OAuth

To learn how to configure and enable SAML from your Grafana Cloud stack, see Configure SAML authentication using the Grafana user interface

To learn how to configure and enable OAuth from your Grafana Cloud stack, see Configure Open Authorization.

Enable Team Sync

Grafana Cloud Free and Advanced accounts and Enterprise accounts can use Team Sync to enable synchronization between your auth provider’s teams and Grafana. This is available once LDAP, SAML, or OAuth2 are configured. For more information, see Team Sync.

You can configure Team Sync with Support when you contact them to set up your authentication.

Data source permissions

Cloud admins can set data source permissions that allow you to restrict user access to data source querying. For more information, see Data source permissions in the Grafana documentation.

User roles and permissions

You can assign users roles and permissions that allow them different capabilities. To learn more about the specific capabilities assigned to each role, see User account roles and permissions.

Configure user roles

You can assign users to one of three roles: Admin, Editor, and Viewer.

  1. In your Grafana Cloud instance, click Administration and then select Users.
  2. In the Role column, select a role from the dropdown menu.

Authorize a service using access policies and tokens

You can use Grafana Cloud Access Policies and tokens to authorize requests to Grafana Cloud resources that do not involve users.