Versions Compared

Version Old Version 7 New Version 8
Changes made by

Pooja Gupta (Unlicensed)

Pooja Gupta (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts

Prerequisite

  • Server should implement https protocol with Apache Httpd

  • The SSO integration implemented using the SAML protocol

  • Client should have relevant SSO IDP details and configure SSO in SSO provider portal.

  • We might also need SSO provider jks file to import it in our file.

Enable SSO

  1. In server-config.json, change "autheticationProtocol":”SAML”

  2. In uiConfig.json, change "autheticationProtocol":”SAML” and singleSignOnConfig section to "singleSignOnConfig": {
    "loginURL": "/PlatformService/saml/login",
    "logoutURL": "/PlatformService/saml/logout"
    },

  3. Open grafana default.ini file and enable following [auth.proxy] section, do not change other property[auth.proxy]
    enabled = true
    header_name = X-WEBAUTH-USER
    header_property = username
    auto_sign_up = true
    ldap_sync_ttl = 60
    whitelist =
    headers =

...

12 Login with your organization credential

Disable SSO

  1. Mark "autheticationProtocol":"NativeGrafana" in server-config.json

  2. Mark "autheticationProtocol":"NativeGrafana" in uiConfig.json

  3. Open grafana default.ini file and disable in [auth.proxy] section and make sure that [auth.basic] enabled 

  4. Remove following in Apache Httpd vhost file Apache24\conf\extra\httpd-vhosts.conf

...