SSO Settings API
If you are running Grafana Enterprise, for some endpoints you’ll need to have specific permissions. Refer to Role-based access control permissions for more information.
The API can be used to create, update, delete, get, and list SSO Settings.
List SSO Settings
GET /api/v1/sso-settings
Lists the SSO Settings for all providers.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:read | settings:auth.{provider}:* |
Example Request:
GET /api/v1/sso-settings HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
[
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
},
{
"id": "2",
"provider": "azuread",
"settings": {
"authUrl": "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/authorize",
"clientId": "my_azuread_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "openid,email,profile"
// rest of the settings
},
"source": "system",
}
]Status Codes:
- 200 – SSO Settings found
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
Get SSO Settings
GET /api/v1/sso-settings/:provider
Gets the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:read | settings:auth.{provider}:* |
Example Request:
GET /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
ETag: db87f729761898ee
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
}Status Codes:
- 200 – SSO Settings found
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
- 404 – SSO Settings not found
Update SSO Settings
PUT /api/v1/sso-settings/:provider
Updates the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:write | settings:auth.{provider}:* |
Example Request:
PUT /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
{
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "my_github_secret",
"enabled": true,
"scopes": "user:email,read:org"
}
}Example Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
- 204 – SSO Settings updated
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
Delete SSO Settings
DELETE /api/v1/sso-settings/:provider
Deletes an existing SSO Settings entry for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:write | settings:auth.{provider}:* |
Example Request:
DELETE /api/v1/sso-settings/azuread HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
- 204 – SSO Settings deleted
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
- 404 – SSO Settings not found
Was this page helpful?
Related resources from Grafana Labs
