This is documentation for the next version of Grafana Tempo documentation. For the latest stable release, go to the latest version.

Documentation

Grafana Tempo

Manage

Authentication

Open source

Manage authentication

Grafana Tempo does not come with any included authentication layer. You must run an authenticating reverse proxy in front of your services.

We recommend that in all deployment modes you add a reverse proxy to be deployed in front of Tempo, to direct client API requests to the various components.

A list of open-source reverse proxies you can use:

HAProxy
NGINX using their guide on restricting access with HTTP basic authentication
OAuth2 proxy
Pomerium, which has a guide for securing Grafana

Note
When using Tempo in multi-tenant mode, Tempo requires the HTTP header X-Scope-OrgID to be set to a string identifying the tenant. It’s assumed that clients setting X-Scope-OrgID are trusted clients, and the responsibility of populating this value should be handled by the authenticating reverse proxy. For more information, read the multi-tenancy documentation.

Was this page helpful?

Suggest an edit in GitHub

Create a GitHub issue

Email docs@grafana.com

Help and support

Community

Manage authentication

Was this page helpful?

Related resources from Grafana Labs