Enabling SSO for Grafana
Single Sign On (SSO) enables an easy access to Grafana using the STACKIT account without the need of any additional credentials.
Role mapping
Section titled “Role mapping”The project roles from the STACKIT Portal will be mapped to the corresponding Grafana roles.
| Portal Role | Grafana Role |
|---|---|
| owner | admin |
| editor | editor |
| reader | viewer |
Observability API
Section titled “Observability API”SSO can be enabled using the Observability API grafana-configs endpoint.
Prerequisites
Section titled “Prerequisites”An access token from a STACKIT service account, the project id and the instance id are needed to enable SSO via API.
PROJECT_ID=<your_project_id>INSTANCE_ID=<your_instance_id>ACCESS_TOKEN=<your_access_token>Enabling the SSO
Section titled “Enabling the SSO”curl -X PUT -H "Authorization: Bearer $ACCESS_TOKEN" -d '{"useStackitSso": true}' https://argus.api.eu01.stackit.cloud/v1/projects/$PROJECT_ID/instances/$INSTANCE_ID/grafana-configs
{"message": "Successfully updated grafana config"}Afterwards the Grafana UI will look like this.
You can login by using the Sign in with STACKIT button. This will redirect to the STACKIT IDP asking for an identity.
After login the permissions are granted as described above (Role mapping).