Zum Inhalt springen

How to configure Grafana access

Zuletzt aktualisiert am

There are four ways to access your Grafana instance:

  • Single Sign-On (SSO)
  • Default admin user (Deprecated)
  • Basic auth user
  • Anonymous access (disabled by default)

For a broader conceptual understanding of how authentication works across STACKIT Observability, refer to our Authentication Overview.

You can list all registered users directly in the Grafana UI:

  1. Open the left sidebar in Grafana.
  2. Navigate to Administration.
  3. Select Users and access.
  4. Click on Users.

In this section, you can also remove users from Grafana to free up user slots. Please note that Single Sign-On (SSO) users are automatically (re-)created upon their next login.

Single Sign-On (SSO) enables easy access to Grafana using your STACKIT account, without needing additional credentials. STACKIT SSO is enabled by default.

You can enable or disable STACKIT SSO in the STACKIT Portal or programmatically via the Observability API grafana-configs endpoint. Through the API, you can also configure your own SSO provider using the genericOauth attribute. Please note that to do this, you must first disable STACKIT SSO.

Permission mapping for STACKIT SSO

Project permissions from the STACKIT Portal are mapped to the corresponding Grafana roles. If you update a user’s role or permissions, they may need to log in to Grafana again for the changes to take effect.

When ordering an Observability instance that includes Grafana, you can choose whether to create a default Grafana admin user (with Basic Authentication). For security reasons, we recommend disabling the creation of this user.

You can remove the default admin user from existing instances using the STACKIT Portal (via the corresponding button in the Grafana tab) or programmatically via the Observability API instance update endpoint.

You can still create new Basic Authentication users via the Grafana UI, as described below.

To create a Basic Auth user, navigate to the Users section in the Grafana UI as described above. Here, you can add new users for the whole Grafana instance or for a specific Grafana organization. Please ensure the total number of users stays within your instance’s user limit.

If you want to allow access to your Grafana instance without requiring a login, you can enable the Public read access option. Please be aware that this means that anyone with the link can view your Grafana dashboards.