Integrate Grafana with UNICOM Intelligence authentication

Developer Documentation Library > Interviewer - Server > Monitoring and tuning system performance > Monitoring and tuning the system > Monitoring the system by using Prometheus and Grafana > Integrate Grafana with UNICOM Intelligence authentication

You can authenticate Grafana users by using UNICOM Intelligence, so that they do not have use two user names and passwords.

1 In DPM Explorer, add a new client to the UNICOM Intelligence OpenID Connect Provider:

a Add a properties collection called “Grafana” under \Site\Properties\Oidc\Clients.

b Add the following properties to the properties collection:

AllowedScopes: openid

ClientName: Grafana

ClientSecrets: <unique_string>

Flow: AuthorizationCode

RedirectUris: http://<public_hostname>/grafana/login/generic_oauth

RequireConsent: False

2 Edit the Grafana custom.ini file, and then set the following properties in the [auth.generic_oauth] section:

enabled = true
name = UNICOM Intelligence
client_id = Grafana
client_secret = <string_that_you_set_in_DPM>
scopes = openid
email_attribute_path = name
name_attribute_path = name
role_attribute_path = contains(role[*], 'grafanaadmin') && 'Admin' || contains(role[*], 'grafanaeditor') && 'Editor' || contains(role[*], 'grafanaviewer') && 'Viewer' || 'Denied'
role_attribute_strict = true
auth_url = http://<public_hostname>/SPSSMR/Oidc/connect/authorize
token_url = http://<public_hostname>/SPSSMR/Oidc/connect/token
api_url = http://<public_hostname>/SPSSMR/Oidc/connect/userinfo
tls_skip_verify_insecure = true (for testing if HTTP is being used)

3 In UNICOM Intelligence Interviewer - Server Admin, go to User Administration, and then add the following roles:

GrafanaAdmin

GrafanaEditor

GrafanaViewer

4 Assign the preceding Grafana roles to UNICOM Intelligence Interviewer - Server Admin users as appropriate.

5 Restart the Grafana service.

6 Go to the following URL:

http://<public_hostname>/grafana

The Grafana login page now has a Sign In with UNICOM Intelligence button.

7 Click Sign In with UNICOM Intelligence, and then log into UNICOM Intelligence Interviewer - Server Admin by using a user account which has been allocated one of the Grafana roles.

Signing in

To redirect Grafana to the UNICOM Intelligence Interviewer - Server Admin login page instead of the Grafana authentication page, set the following property in the [auth] section of the Grafana custom.ini file:

oauth_auto_login=true

Signing out

Set the following property in the [auth] section of the Grafana custom.ini file:

signout_redirect_url=http://<public_hostname>/SPSSMR/Oidc/connect/endsession"