-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM Docs: Describe the setup for a multitenant configuration with AzureAD #87836
Conversation
...rces/setup-grafana/configure-security/configure-authentication/keycloak-multitenant/index.md
Show resolved
Hide resolved
7842825
to
f71078f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! 🚀
I noticed on other docs, like Configure Azure AD OAuth2 authentication, we use bold text to highlight menu options and the like when giving instructions e.g. Under Manage in the side menu, click App Registrations > New Registration. Enter a descriptive name.
I think it helps readability, but it is extra work and it might not be worth it. Just wanted to mention it!
...rces/setup-grafana/configure-security/configure-authentication/keycloak-multitenant/index.md
Outdated
Show resolved
Hide resolved
|
||
This guide explains how to set up multiple providers of the same type with Keycloak as an authentication provider in Grafana. | ||
|
||
The idea is to setup multiple OIDC providers in Keycloak with different tenants and configure Grafana to use the same Keycloak instance as the authentication provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
setup should be "set up".
|
||
## Azure AD configuration | ||
|
||
For Azure AD, the following steps should be repeated for each of the tenants we want to setup in Keycloak. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Azure AD, repeat the following steps for each tenant you want to set up in Keycloak.
|
||
Assigning the correct access to users ensures only intended users or groups have access to the application. | ||
|
||
1. Search for **Enterprise Applications** and look for the application we just created in the previous step. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't use the word "we". In this case, use "you".
1. Add a **new platform** and select **Web**. | ||
1. Paste the **Redirect URI** from Keycloak. | ||
1. Save the changes. | ||
1. Head over to the Azure Application overview and look for the **Endpoints** tab. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of "Head over", maybe "Navigate"?
1. Save the changes. | ||
1. Head over to the Azure Application overview and look for the **Endpoints** tab. | ||
1. Copy the **OpenID Connect metadata document** URL. | ||
1. Head back to Keycloak and paste the URL in the **Discovery endpoint** field. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here - use the word "Navigate"
1. Click Add. | ||
|
||
{{% admonition type="note" %}} | ||
Up to this point, we have created an App Registration in Azure AD, assigned users to the application, created credentials for the application, and configured the application in Keycloak. In the Keycloak Client's section, the client with ID `account` Home URL can be used to test the configuration. This will open a new tab where we can login into the correct Keycloak realm with the Azure AD tenant we just configured. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove "we" and use "you"
|
||
#### Configure Grafana to use Keycloak | ||
|
||
Now that the Azure AD tenants are configured in Keycloak, we can configure Grafana to use Keycloak as the authentication provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove "we" and use "you"
I've addressed all of the docs from the Docs squad in a follow-up PR #88134 |
What is this feature?
This add a description on how to add multiple Azure AD idps to Grafan through Keycloak.
Why do we need this feature?
This will allows users to setup multiple Azure tenants under the same Grafana instance. As referenced here: https://github.com/grafana/identity-access-team/issues/689
Who is this feature for?
IAM
Please check that: