Enable Team Sync with Azure AD group in Azure Managed Grafana

Miriam 31 Reputation points
2022-10-06T10:54:12.823+00:00

We have created an Azure Managed Grafana, and are trying to get Teams Sync to function with Azure AD groups, as we want to use Grafana Teams to control which Dashboards different users can see/edit. We are currently able to log into Grafana using users that have been added to a Azure AD Group that have been given the Grafana Viewer role in Azure AD, but these users are not automatically added to the Grafana Teams where we have tried to enable External Group Sync.

I have tried to follow this guide https://grafana.com/docs/grafana/v9.0/setup-grafana/configure-security/configure-team-sync/, and it seems like one should only need to add the Object ID of the Azure AD group to get the team members syncing, but this does not seem to result in any sync of the group. We have also tried typing in the group name, but this does not seem to help either.

We see that users get their own Grafana user after first logging in to Grafana with their Azure AD user. This Grafana user can be added to the Grafana Team, and is then able to see the dashboards the Team have access to. However, we are not able to add users that have not yet logon to Grafana (even though they are part of an Azure AD group with Grafana viewer rights), and users are not automatically added to the Grafana Team their Azure AD group has been added to upon first access to Grafana.

We have tried using both the managed identity that was created when the Azure Managed Grafana was created, and an application registration.
We feel like we are missing some specific configuration that we have not understood that we need to add.

The question is thus: Have anyone been able to sync an Azure AD group with a Grafana Team in Azure Managed Grafana, so that one can use Grafana Teams to control which users have access to which dashboards?

Thank you for any help.

Azure Managed Grafana
Azure Managed Grafana
An Azure service used to deploy Grafana dashboards for analytics and monitoring solutions.
84 questions
0 comments No comments
{count} vote

Accepted answer
  1. Ye Gu 351 Reputation points Microsoft Employee
    2022-10-13T15:54:30.527+00:00

    You can manually configure dashboard access inside Grafana, though you can only do that for users who've logged in instead of a priori when you're setting up RBAC on your instance. We'll investigate Team Sync. We don't have a timeline yet.


3 additional answers

Sort by: Most helpful
  1. Ye Gu 351 Reputation points Microsoft Employee
    2022-10-12T16:30:14.833+00:00

    Dashboard (or folder) level access control isn't supported currently. That's on our roadmap.

    1 person found this answer helpful.

  2. Philip 6 Reputation points
    2022-10-11T14:49:02.443+00:00

    Hello Miriam-5530,
    hello Microsoft Team,

    Actually i have the same question. It would be great if MS can implement that feature.

    Greetings Philip

    0 comments No comments

  3. Ye Gu 351 Reputation points Microsoft Employee
    2022-10-11T23:25:40.117+00:00

    With Azure Managed Grafana, you can use an AAD group directly in the RBAC role assignments. This allows you to centralize and secure your identity management in AAD. We don't sync AAD data since there are many issues with that approach.

    Hope this helps!