Map org-specific user roles from your OAuth provider
Assign users to particular organizations with a specific role in Grafana, depending on an attribute value obtained from your identity provider.
This is a longstanding feature request from the community. We collaborated with our community to implement the request and have added this capability in Grafana 11.2.0.
For Generic OAuth and Okta, you can configure the claim (using the org_attribute_path
setting) that contains the organizations which the user belongs to. Other OAuth providers use the same attribute for organization mapping that is used for group mapping: Entra ID (previously Azure AD), GitLab and Google use the current user’s Groups, and GitHub uses the user’s Teams.
To configure organization mapping for your instance, please check the documentation for the OAuth provider you are using in the Grafana documentation. You can find an example of how to configure organization mapping on each OAuth provider page under the Org roles mapping example section.