Merge pull request #13217 from mike-sol/master

Add Centrify documentation for generic_oauth

Merge pull request #13217 from mike-sol/master
Add Centrify documentation for generic_oauth
2f9675b3 · Carl Bergquist · GitHub · b8a88164 · 6b0de126 · 2f9675b3
Commit 2f9675b3 authored Sep 11, 2018 by Carl Bergquist Committed by GitHub Sep 11, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 0 deletions

docs/sources/auth/generic-oauth.md
+30 -0

No files found.
--- a/docs/sources/auth/generic-oauth.md
+++ b/docs/sources/auth/generic-oauth.md
@@ -174,6 +174,36 @@ allowed_organizations =
    allowed_organizations =
    ```
+## Set up OAuth2 with Centrify
+1.  Create a new Custom OpenID Connect application configuration in the Centrify dashboard.
+2.  Create a memorable unique Application ID, e.g. "grafana", "grafana_aws", etc.
+3.  Put in other basic configuration (name, description, logo, category)
+4.  On the Trust tab, generate a long password and put it into the OpenID Connect Client Secret field.
+5.  Put the URL to the front page of your Grafana instance into the "Resource Application URL" field.
+6.  Add an authorized Redirect URI like https://your-grafana-server/login/generic_oauth
+7.  Set up permissions, policies, etc. just like any other Centrify app
+8.  Configure Grafana as follows:
+    ```bash
+    [auth.generic_oauth]
+    name = Centrify
+    enabled = true
+    allow_sign_up = true
+    client_id = <OpenID Connect Client ID from Centrify>
+    client_secret = <your generated OpenID Connect Client Sercret"
+    scopes = openid email name
+    auth_url = https://<your domain>.my.centrify.com/OAuth2/Authorize/<Application ID>
+    token_url = https://<your domain>.my.centrify.com/OAuth2/Token/<Application ID>
+    ```
 <hr>