Skip to content

How to Configure Grafana Integration with Trusted.ID Service#

In this guide, you will learn how to set up Single Sign-On (SSO) in Grafana using the Trusted.ID Service system.

📌 Grafana is an open-source data visualization system focused on IT monitoring system data.

Setting up login via Trusted.ID Service consists of several key steps performed in two different systems.

Step 1. Create Application#

  1. Log in to the Trusted.ID Service system.

  2. Create an application with the following settings:

  3. Application Address - the address of your Grafana installation;

  4. Redirect URL #1 (Redirect_uri) - <Grafana installation address>/login/generic_oauth.

    🔍 For more details on creating applications, read the instructions.

  5. Open the application settings and copy the values of the following fields:

    • Identifier (Client_id),
    • Secret Key (client_secret).

Step 2. Configure Grafana System#

Authorization setup via Trusted.ID Service is performed in the grafana.ini configuration file, which on Linux is typically located at: /etc/grafana/grafana.ini.

  1. Open the grafana.ini file in edit mode.

  2. Find or add the [auth.generic_oauth] block and set the following parameters: 

       [auth.generic_oauth]  
   enabled = true  
   name = <Trusted.ID ServiceSystemName>  
   allow_sign_up = true  
   client_id = <Client_id of the application created in Trusted.ID Service>  
   client_secret = <Client_secret of the application created in Trusted.ID Service>  
   scopes = openid profile email  
   empty_scopes = false  
   email_attribute_name = email:email  
   email_attribute_path = data.email  
   login_attribute_path = data.login  
   name_attribute_path = data.givenName  
   auth_url = https://<Trusted.ID Service system address>/api/oidc/auth  
   token_url = https://<Trusted.ID Service system address>/api/oidc/token
   api_url = https://<Trusted.ID Service system address>/api/oidc/me

    Configuring the Grafana configuration file

  3. Restart the Grafana service to apply the new settings. 

    sudo systemctl restart grafana-server

Step 3. Verify Connection#

  1. Open the Grafana login page.
  2. Ensure that the Sign in with Trusted.ID Service button has appeared.

  3. Click the button and log in using your corporate credentials:

    • You will be redirected to the Trusted.ID Service authentication page;
    • After a successful login, you will be returned to Grafana as an authorized user.

    Grafana login widget