From 497ac5e3d0e07cf846deb29042a8b91bc69a237a Mon Sep 17 00:00:00 2001 From: andymarden <63465082+andymarden@users.noreply.github.com> Date: Wed, 7 May 2025 18:33:42 +0100 Subject: [PATCH] website/integrations: improve grafana docs (#14408) * Update index.mdx Better reflected the stuff at https://github.com/goauthentik/authentik/issues/8673 Signed-off-by: andymarden <63465082+andymarden@users.noreply.github.com> * Update website/integrations/services/grafana/index.mdx Co-authored-by: Dominic R Signed-off-by: Tana M Berry * Update website/integrations/services/grafana/index.mdx Co-authored-by: Dominic R Signed-off-by: Tana M Berry --------- Signed-off-by: andymarden <63465082+andymarden@users.noreply.github.com> Signed-off-by: Tana M Berry Co-authored-by: Tana M Berry Co-authored-by: Dominic R --- website/integrations/services/grafana/index.mdx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index 0df0c4749f..95cc53691c 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -129,6 +129,8 @@ environment: GF_AUTH_OAUTH_AUTO_LOGIN: "true" # Optionally map user groups to Grafana roles GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'" + # Required if Grafana is running behind a reverse proxy + GF_SERVER_ROOT_URL: "https://grafana.company" ``` @@ -194,7 +196,8 @@ For more information on group/role mappings, see [Grafana's docs](https://grafan ### Grafana Configuration Considerations -Make sure in your configuration that `root_url` is set correctly, otherwise your redirect url might get processed incorrectly. For example, if your grafana instance is running on the default configuration and is accessible behind a reverse proxy at `https://grafana.company`, your redirect url will end up looking like this, `https://grafana.company/`. +To ensure redirects work correctly in Grafana, make sure the `root_url` in your configuration accurately reflects how users access Grafana through your reverse proxy. For example, if your Grafana instance is behind a proxy and accessed at `https://grafana.company`, set `root_url` to `https://grafana.company`. This ensures that OAuth and other redirects use the correct URL, such as `https://grafana.company/login/generic_oauth`, instead of defaulting to something like `localhost:3000`. + If you get `user does not belong to org` error when trying to log into grafana for the first time via OAuth, check if you have an organization with the ID of `1`, if not, then you have to add the following to your grafana config: ```ini