TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-10 12:03:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/site/docs/quickstarts/07-products.md
Max Peintner 27be460c07
feat: docs rehaul, fix missing context in console, quickstarts (#1212) 
* onboarding components, routing, steps

* onboarding component, toc

* fix onboarding mixin

* header

* refactor docs

* fix layout

* cleanup routing

* docs routing

* fix conventions

* de en routing

* docs, guide contents, nav

* rem i18n support

* fix routing from docs

* rollup onwarn changes, preload

* update svelte plugin, update rollup config

* move docs

* revert img style, remove code table

* rem de completely

* rollup optim, template

* angular quickstart, quickstart overview page, update deps

* fix link

* pack, slug

* prefetch binding, hidden links

* export log

* guards route ch

* fix homepage

* angular docs

* docs

* resolve fsh

* overview

* docs

* docs

* packages fix race condition

* nav, home link

* add vue, aspnet

* doc optimizations

* embed status pal

* angular guide

* angular guide

* dotnet, angular guide

* viewbox

* typo

* block onboarding route for non iam writers

* set links from component data

* fix: fetch org context in guard, more main cnt (#1192)

* change get started guide, fix code blockquotes, typos

* flutter guide

* h2 spacing

* highlight strong

* plus

* rm start sublinks

* add proxy quickstart

* regex

* prevent outside click, fix project grant write

Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2021-02-16 16:59:18 +01:00

4.4 KiB
Raw Blame History

title description
Products ...

Grafana Example

Grafana defines itself as "The open-source platform for monitoring and observability."

The source code is provided on Grafana's Github Repository

Authenticate Grafana with ZITADEL

To authenticate Grafana with ZITADEL you can use the provided Generic OAuth plugin.

We do not recommend that you rely on allowed_domain as means of authorizing subjects, but instead use ZITADEL's RBAC Assertion

  1. Create a new project or use an existing one
  2. Add OpenID Connect / OAuth 2.0 client to the project (See screenshot for settings)
  3. Add config to your Grafana instance and restart it
  4. Login to Grafana
[auth.generic_oauth]
enabled = true
name= ZITADEL
client_id = {ZITADEL_GENERATED_CLIENT_ID}
client_secret = {ZITADEL_GENERATED_CLIENT_SECRET}
scopes = openid profile email
auth_url = https://accounts.zitadel.ch/oauth/v2/authorize
token_url = https://api.zitadel.ch/oauth/v2/token
api_url = https://api.zitadel.ch/oauth/v2/userinfo
allow_sign_up = true

Grafanas's redirect is URI https://yourdomain.tld/login/generic_oauth

Client Settings for Grafana
Client Settings for Grafana

Authorizes Users with Roles in Grafana

ZITADEL provides projects with the option to provide Grafana with the users role.

  1. Create Roles (Admin, Editor, Viewer) in ZITADEL's project which contains Grafana
  2. Enable "Assert Roles on Authentication" so that the roles are asserted to the userinfo endpoint
  3. (Optional) Enable "Check roles on Authentication", this will prevent that someone without any role to login Grafana via ZITADEL
  4. Append the config below to your Grafana instance and reload
  5. Authorize the necessary users
[auth.generic_oauth]
...
role_attribute_path =  keys("urn:zitadel:iam:org:project:roles") | contains(@, 'Admin') && 'Admin' || contains(@, 'Editor') && 'Editor' || 'Viewer'
...
Project Settings for Grafana
Project Settings for Grafana
Authorization for Grafana Role in ZITADEL
Authorization for Grafana Role in ZITADEL
Grafana Login
Grafana Login
Grafana with Editor Role mapped from ZITADEL
Grafana with Editor Role mapped from ZITADEL

Grafana can not directly use ZITADEL delegation feature but normal RBAC works fine Additional infos can be found in the Grafana generic OAuth 2.0 documentation

ArgoCD Example

TODO

Kubernetes Example

TODO