New in Grafana 10: A UI to easily configure SAML authentication
In addition to the built-in user authentication that utilizes usernames and passwords, Grafana also provides support for various mechanisms to authenticate users, so you can securely integrate your instance with external identity providers.
We are excited to announce that with the release of Grafana 10.0, we have introduced a new user interface that simplifies the configuration of SAML authentication for your Grafana instances. This new UI is available for Grafana Enterprise, as well as for Grafana Cloud’s Free, Pro, and Advanced offerings.
Configuring SAML authentication: config file vs. UI
You can configure SAML authentication in Grafana using either the Grafana configuration file or the newly introduced user interface. Both options provide the same configuration options, and your choice between them will depend on your preferences and specific use cases.
If you prefer to have all of Grafana’s configurations in one place, you may opt to keep all of the SAML settings configured within the configuration file. However, the Grafana SAML UI offers several advantages:
- Available in Grafana Cloud. You can now configure SAML settings inside of your Grafana Cloud instance without needing to file a support request to have it enabled.
- Real-time configuration validation. When using the SAML UI, all settings are validated in real time, providing immediate feedback on the correctness of the configuration. This streamlines the setup process, allowing you to verify the configuration more efficiently.
- No need to restart Grafana. Unlike configuring SAML through the configuration file, using the UI eliminates the need to restart Grafana after making changes.
- RBAC authorization. You have the flexibility to authorize specific users to access the SAML UI by utilizing role-based access control (RBAC). This ensures limited access to the setup with the least-required privileges.
Exploring the SAML user interface
To access the UI in Grafana Enterprise or Grafana Cloud, navigate to Administration > Authentication > Configure SAML section in the navigation menu of your Grafana instance. Please note that in order to access this page, a user must have the settings:read
and settings:write
permissions with the settings:auth.saml:*
scope. For detailed prerequisite setup instructions, please refer to the documentation.
The SAML user interface follows a step-by-step process to configure authentication. Each step validates the input, and if anything is incorrect, an error message will be displayed. In the final step, you can test the correctness of your configuration before enabling it.
If needed, you can disable the SAML configuration at any time using the UI.
Configuration precedence
We do not recommend setting up SAML authentication in multiple places, such as having some settings in the configuration file and others in the UI. However, Grafana still allows partial configurations to be done both in the UI and the configuration file. Additionally, Grafana supports the use of environment variables to override configuration settings in the file. When configurations exist in multiple places, Grafana follows a specific precedence order when loading the configuration:
- Settings that were set up using UI
- Settings from environment variables
- Settings from the Grafana configuration file
For instance, if you have SAML configuration specified in a configuration file and you override a property using an environment variable while also setting it in the UI, Grafana will prioritize the value set in the UI.
When a specific configuration setting is removed from the UI, Grafana will utilize the value inherited from the other sources in reverse order of precedence (first from environment variables, then from the configuration file).
Please ensure consistency and avoid mixing configurations across different sources to prevent confusion and ensure the desired behavior of SAML authentication in Grafana.
What’s next?
We hope that this new user interface for configuring SAML authentication enhances your experience with Grafana and simplifies the setup process.
We are also looking into bringing in more interfaces to Grafana to make setting up authentication and authorization a smooth and easy experience for Grafana administrators. If you are looking into setting up other authentication integrations, you can check out how to configure authentication in Grafana.
Grafana Cloud is the easiest way to get started with metrics, logs, traces, and dashboards. We recently added new features to our generous forever-free tier, including access to all Enterprise plugins for three users. Plus there are plans for every use case. Sign up for free now!