首先在Azure Portal创建应用。
Azure AD -> App registrations -> New applicaiton registration,Display name 随便填,Reply URL 填http://example.com/login/generic_oauth(域名部分根据你的真实情况填写)。点创建。创建完成后,前往Settings -> Keys,在Password表中随便填一个description,expires选Never expires,点保存,value中会显示一个随机字符串key,记下这个字符串。
然后你需要复制:
- Azure AD的GUID(点击Portal右上角Directory + subscription后可以看到)
- 你刚创建的应用的Application ID(在Registered app页面可以看到)
- Secret,即你刚创建的Key
接着编辑Grafana配置文件/etc/grafana/grafana.ini:
#################################### Generic OAuth ########################## [auth.generic_oauth] enabled = true name = Azure AD allow_sign_up = true client_id = <Application GUID> client_secret = <Secret> scopes = openid email name auth_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/authorize token_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/token api_url = team_ids = allowed_organizations = ;tls_skip_verify_insecure = false ;tls_client_cert = ;tls_client_key = ;tls_client_ca = ; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header ; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload ;send_client_credentials_via_post = false
重启Grafana,大功告成。