SSO Settings API
If you are running Grafana Enterprise, for some endpoints you’ll need to have specific permissions. Refer to Role-based access control permissions for more information.
The API can be used to create, update, delete, get, and list SSO Settings.
List SSO Settings
GET /api/v1/sso-settings
Lists the SSO Settings for all providers.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
|
|
Example Request:
GET /api/v1/sso-settings HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
[
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
},
{
"id": "2",
"provider": "azuread",
"settings": {
"authUrl": "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/authorize",
"clientId": "my_azuread_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "openid,email,profile"
// rest of the settings
},
"source": "system",
}
]Status Codes:
-
200 – SSO Settings found
-
400 – Bad Request
-
401 – Unauthorized
-
403 – Access Denied
Get SSO Settings
GET /api/v1/sso-settings/:provider
Gets the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
|
|
Example Request:
GET /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 200
Content-Type: application/json
ETag: db87f729761898ee
{
"id": "1",
"provider": "github",
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "*********",
"enabled": true,
"scopes": "user:email,read:org"
// rest of the settings
},
"source": "system",
}Status Codes:
-
200 – SSO Settings found
-
400 – Bad Request
-
401 – Unauthorized
-
403 – Access Denied
-
404 – SSO Settings not found
Update SSO Settings
PUT /api/v1/sso-settings/:provider
Updates the SSO Settings for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
|
|
Example Request:
PUT /api/v1/sso-settings/github HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
{
"settings": {
"apiUrl": "https://api.github.com/user",
"clientId": "my_github_client",
"clientSecret": "my_github_secret",
"enabled": true,
"scopes": "user:email,read:org"
}
}Example Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
-
204 – SSO Settings updated
-
400 – Bad Request
-
401 – Unauthorized
-
403 – Access Denied
Delete SSO Settings
DELETE /api/v1/sso-settings/:provider
Deletes an existing SSO Settings entry for a provider.
Required permissions
See note in the introduction for an explanation.
| Action | Scope |
|---|---|
|
|
Example Request:
DELETE /api/v1/sso-settings/azuread HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkExample Response:
HTTP/1.1 204
Content-Type: application/jsonStatus Codes:
-
204 – SSO Settings deleted
-
400 – Bad Request
-
401 – Unauthorized
-
403 – Access Denied
-
404 – SSO Settings not found