Configure authorization and permissions
You can configure multiple ways to allow users to access your Grafana Cloud instance.
User authorization and authentication
Grafana Cloud uses Open Authorization, with Grafana.com as the authentication provider, by default, for all user accounts. You also have the option to configure the following authentication or authorization methods:
- LDAP
- SAML
- OAUTH
Add an LDAP configuration
To add an LDAP configuration, click Open a Support Ticket from the Cloud Portal. We will request the ldap.toml
file and configuration parameters and provision the provider in your Grafana instance.
To learn more about LDAP, see LDAP configuration in the Grafana documentation.
Configure SAML and OAuth
To learn how to configure and enable SAML from your Grafana Cloud stack, see Configure SAML authentication using the Grafana user interface
To learn how to configure and enable OAuth from your Grafana Cloud stack, see Configure Open Authorization.
Enable Team Sync
Grafana Cloud Free and Advanced accounts and Enterprise accounts can use Team Sync to enable synchronization between your auth provider’s teams and Grafana. This is available once LDAP, SAML, or OAuth2 are configured. For more information, see Team Sync.
You can configure Team Sync with Support when you contact them to set up your authentication.
Data source permissions
Cloud admins can set data source permissions that allow you to restrict user access to data source querying. For more information, see Data source permissions in the Grafana documentation.
User roles and permissions
You can assign users roles and permissions that allow them different capabilities. To learn more about the specific capabilities assigned to each role, see User account roles and permissions.
Configure user roles
You can assign users to one of three roles: Admin, Editor, and Viewer.
- In your Grafana Cloud instance, click Administration and then select Users.
- In the Role column, select a role from the dropdown menu.
Authorize a service using access policies and tokens
You can use Grafana Cloud Access Policies and tokens to authorize requests to Grafana Cloud resources that do not involve users.