This is documentation for the next version of Grafana. For the latest stable release, go to the latest version.
SSO Settings API
If you are running Grafana Enterprise, for some endpoints you’ll need to have specific permissions. Refer to Role-based access control permissions for more information.
Note
Available in Public Preview in Grafana 10.4 and on Grafana Cloud behind thessoSettingsApifeature toggle.
The API can be used to create, update, delete, get, and list SSO Settings.
List SSO Settings
GET /api/v1/sso-settings
Lists the SSO Settings for all providers.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:read | settings:auth.{provider}:* |
Example Request:
GET /api/v1/sso-settings HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
[
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
},
{
"id": "2",
"provider": "azuread",
"settings": {
"authUrl": "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/authorize",
"clientId": "my_azuread_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "openid,email,profile"
// rest of the settings
},
"source": "system",
}
]Status Codes:
- 200 – SSO Settings found
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
Get SSO Settings
GET /api/v1/sso-settings/:provider
Gets the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:read | settings:auth.{provider}:* |
Example Request:
GET /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
ETag: db87f729761898ee
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
}Status Codes:
- 200 – SSO Settings found
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
- 404 – SSO Settings not found
Update SSO Settings
PUT /api/v1/sso-settings/:provider
Updates the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:write | settings:auth.{provider}:* |
Example Request:
PUT /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
{
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "my_github_secret",
"enabled": true,
"scopes": "user:email,read:org"
}
}Example Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
- 204 – SSO Settings updated
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
Delete SSO Settings
DELETE /api/v1/sso-settings/:provider
Deletes an existing SSO Settings entry for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
settings:write | settings:auth.{provider}:* |
Example Request:
DELETE /api/v1/sso-settings/azuread HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
- 204 – SSO Settings deleted
- 400 – Bad Request
- 401 – Unauthorized
- 403 – Access Denied
- 404 – SSO Settings not found
Was this page helpful?
Related resources from Grafana Labs
