14 lines
850 B
Plaintext
14 lines
850 B
Plaintext
GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
GF_AUTH_GENERIC_OAUTH_NAME=authentik
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=CLIENT_ID_GOES_HERE
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=CLIENT_SECRET_GOES_HERE
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.example.net/application/o/authorize/
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.example.net/application/o/token/
|
|
GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.example.net/application/o/userinfo/
|
|
GF_AUTH_SIGNOUT_REDIRECT_URL=https:///auth.example.net/application/o/grafana/end-session/
|
|
# Optionally enable auto-login (bypasses Grafana login screen)
|
|
GF_AUTH_OAUTH_AUTO_LOGIN=true
|
|
# Optionally map user groups to Grafana roles
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups, 'grafanaadmin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
|