This is documentation for the next version of Grafana documentation. For the latest stable release, go to the latest version.
Troubleshoot SCIM provisioning
This page provides solutions for common issues you might encounter when configuring and using SCIM provisioning in Grafana.
User provisioning issues
Error: “invalid namespace”
Cause: The SCIM endpoint URL is incorrectly formatted.
Solution: Verify your URL follows the correct format:
https://{$GRAFANA_URL}/apis/scim.grafana.app/v0alpha1/namespaces/{$STACK_ID}/Users
Where:
{$GRAFANA_URL}
is your Grafana URL (subdomain format){$STACK_ID}
is your Grafana stack ID:- Grafana Cloud: Format like
stack-123
(found in your Grafana Cloud dashboard) - On-premises: Use
default
or the name of the organization
- Grafana Cloud: Format like
Authentication issues
Error: “HTTP 403 Forbidden”
Cause: Either incorrect token or insufficient permissions.
Solution:
- Check token: Generate a new token from the Service Account details page
- Verify permissions: Ensure the service account has
Editor
orAdmin
role in the Grafana instance
Error: “HTTP 401 Unauthorized”
Cause: Invalid or expired authentication token.
Solution: Generate a new token from the Service Account details page in Grafana.
Login issues
Error: “User sync failed”
Cause: The user’s unique identifier field is not correctly configured in SAML assertions.
Solution: Add the required SAML assertion based on your identity provider:
SAML Assertion | Identity Provider | Value |
---|---|---|
userUID | Azure AD | objectId |
userUID | Okta | user.getInternalProperty("id") |