Map org-specific user roles from your OAuth provider
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow What's new in Grafana Cloudbreadcrumb arrow Map org-specific user roles from your OAuth provider
Grafana Cloud
← Back to What's new

Map org-specific user roles from your OAuth provider

NoneAuthentication and authorization
Release date: 2024-08-27

Assign users to particular organizations with a specific role in Grafana, depending on an attribute value obtained from your identity provider.

This is a longstanding feature request from the community. We collaborated with our community to implement the request and have added this capability in Grafana 11.2.0.

For Generic OAuth and Okta, you can configure the claim (using the org_attribute_path setting) that contains the organizations which the user belongs to. Other OAuth providers use the same attribute for organization mapping that is used for group mapping: Entra ID (previously Azure AD), GitLab and Google use the current user’s Groups, and GitHub uses the user’s Teams.

To configure organization mapping for your instance, please check the documentation for the OAuth provider you are using in the Grafana documentation. You can find an example of how to configure organization mapping on each OAuth provider page under the Org roles mapping example section.