IAM Docs: Describe the setup for a multitenant configuration with AzureAD #87836
Conversation
linoman
added
type/docs
no-backport
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
...rces/setup-grafana/configure-security/configure-authentication/keycloak-multitenant/index.md
Show resolved
Hide resolved
linoman
force-pushed
the
linoman/multitenant_azuread
branch
from
7842825
to
f71078f
Compare
There was a problem hiding this comment.
Looks great! 🚀
I noticed on other docs, like Configure Azure AD OAuth2 authentication, we use bold text to highlight menu options and the like when giving instructions e.g. Under Manage in the side menu, click App Registrations > New Registration. Enter a descriptive name.
I think it helps readability, but it is extra work and it might not be worth it. Just wanted to mention it!
...rces/setup-grafana/configure-security/configure-authentication/keycloak-multitenant/index.md
Outdated
Show resolved
Hide resolved
|
|
||
| This guide explains how to set up multiple providers of the same type with Keycloak as an authentication provider in Grafana. | ||
|
|
||
| The idea is to setup multiple OIDC providers in Keycloak with different tenants and configure Grafana to use the same Keycloak instance as the authentication provider. |
There was a problem hiding this comment.
setup should be "set up".
|
|
||
| ## Azure AD configuration | ||
|
|
||
| For Azure AD, the following steps should be repeated for each of the tenants we want to setup in Keycloak. |
There was a problem hiding this comment.
For Azure AD, repeat the following steps for each tenant you want to set up in Keycloak.
|
|
||
| Assigning the correct access to users ensures only intended users or groups have access to the application. | ||
|
|
||
| 1. Search for **Enterprise Applications** and look for the application we just created in the previous step. |
There was a problem hiding this comment.
don't use the word "we". In this case, use "you".
| 1. Add a **new platform** and select **Web**. | ||
| 1. Paste the **Redirect URI** from Keycloak. | ||
| 1. Save the changes. | ||
| 1. Head over to the Azure Application overview and look for the **Endpoints** tab. |
There was a problem hiding this comment.
Instead of "Head over", maybe "Navigate"?
| 1. Save the changes. | ||
| 1. Head over to the Azure Application overview and look for the **Endpoints** tab. | ||
| 1. Copy the **OpenID Connect metadata document** URL. | ||
| 1. Head back to Keycloak and paste the URL in the **Discovery endpoint** field. |
There was a problem hiding this comment.
same here - use the word "Navigate"
| 1. Click Add. | ||
|
|
||
| {{% admonition type="note" %}} | ||
| Up to this point, we have created an App Registration in Azure AD, assigned users to the application, created credentials for the application, and configured the application in Keycloak. In the Keycloak Client's section, the client with ID `account` Home URL can be used to test the configuration. This will open a new tab where we can login into the correct Keycloak realm with the Azure AD tenant we just configured. |
There was a problem hiding this comment.
remove "we" and use "you"
|
|
||
| #### Configure Grafana to use Keycloak | ||
|
|
||
| Now that the Azure AD tenants are configured in Keycloak, we can configure Grafana to use Keycloak as the authentication provider. |
There was a problem hiding this comment.
remove "we" and use "you"
|
I've addressed all of the docs from the Docs squad in a follow-up PR #88134 |
What is this feature?
This add a description on how to add multiple Azure AD idps to Grafan through Keycloak.
Why do we need this feature?
This will allows users to setup multiple Azure tenants under the same Grafana instance. As referenced here: https://github.com/grafana/identity-access-team/issues/689
Who is this feature for?
IAM
Please check that: