Merge pull request #1 from mike-sol/add-centrify-docs

Adding Centrify configuration for Oauth

Merge pull request #1 from mike-sol/add-centrify-docs
Adding Centrify configuration for Oauth
6b0de126 · Mike Sollanych · GitHub · 35a24032 · 55e42b5f · 6b0de126
Commit 6b0de126 authored Sep 10, 2018 by Mike Sollanych Committed by GitHub Sep 10, 2018
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 0 deletions

docs/sources/auth/generic-oauth.md
+30 -0

No files found.
--- a/docs/sources/auth/generic-oauth.md
+++ b/docs/sources/auth/generic-oauth.md
@@ -174,6 +174,36 @@ allowed_organizations =
    allowed_organizations =
    ```

+## Set up OAuth2 with Centrify
+
+1.  Create a new Custom OpenID Connect application configuration in the Centrify dashboard.
+
+2.  Create a memorable unique Application ID, e.g. "grafana", "grafana_aws", etc.
+
+3.  Put in other basic configuration (name, description, logo, category)
+
+4.  On the Trust tab, generate a long password and put it into the OpenID Connect Client Secret field.
+
+5.  Put the URL to the front page of your Grafana instance into the "Resource Application URL" field.
+
+6.  Add an authorized Redirect URI like https://your-grafana-server/login/generic_oauth
+
+7.  Set up permissions, policies, etc. just like any other Centrify app
+
+8.  Configure Grafana as follows:
+
+    ```bash
+    [auth.generic_oauth]
+    name = Centrify
+    enabled = true
+    allow_sign_up = true
+    client_id = <OpenID Connect Client ID from Centrify>
+    client_secret = <your generated OpenID Connect Client Sercret"
+    scopes = openid email name
+    auth_url = https://<your domain>.my.centrify.com/OAuth2/Authorize/<Application ID>
+    token_url = https://<your domain>.my.centrify.com/OAuth2/Token/<Application ID>
+    ```
+
 <hr>