@ -923,7 +923,7 @@ reset to the default organization role on every login. [See `auto_assign_org_rol
`skip_org_role_sync` default value is `false`.
With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See provider specifities in the tables below.
With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See your provider in the tables below.
With `skip_org_role_sync` set to `true`, when a user logs in for the first time, Grafana sets the organization role based on the value specified in `auto_assign_org_role` and forces the organization to `auto_assign_org_id` when specified, otherwise it falls back to OrgID `1`.
@ -77,17 +77,6 @@ For embedding to work, you must enable `allow_embedding` in the [security sectio
In a scenario where it is not possible to rewrite the request headers you
can use URL login instead.
## Skip organization role
To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration.
```ini
[auth.jwt]
# ...
skip_org_role_sync = true
```
### URL login
`url_login` allows grafana to search for a JWT in the URL query parameter
If the `role_attribute_path` property returns a `GrafanaAdmin` role, Grafana Admin is not assigned by default, instead the `Admin` role is assigned. To allow `Grafana Admin` role to be assigned set `allow_assign_grafana_admin = true`.
### Skip organization role mapping
To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration.
Eric Leijonmarck
3 years ago
committed by