Configure authorization and permissions

Grafana Cloud authorization and permissions

You can configure multiple ways to allow users to access your Grafana Cloud instance.

User authorization and authentication

Grafana Cloud uses Open Authorization, with as the authentication provider, by default, for all user accounts. If you are using a Grafana Cloud Pro or Grafana Advanced account, you also have the option to configure the following authentication or authorization methods:

  • OAuth
  • SAML
  • LDAP

You can configure Open Authorization (OAuth2) for your Grafana instance using Google, GitHub, and Azure AD client IDs. To configure SAML, LDAP, and OAuth for other providers, please contact support.

To learn how to configure and enable OAuth from your Grafana Cloud stack, see Configure Open Authorization.

User roles and permissions

You can assign users roles and permissions that allow them different capabilities. To learn more about the specific capabilities assigned to each role, see User account roles and permissions.

Configure user roles

You can assign users to one of three roles: Admin, Editor, and Viewer.

  1. From your Grafana Cloud instance home page, click the Configuration(gear) icon and select Users.
  2. In the Role column, select a role from the dropdown menu.

Authorize a service using access policies and tokens

You can use Grafana Cloud Access Policies and tokens to authorize requests to Grafana Cloud resources that do not involve users.