Docs: Updated current-user-auth.md in light of auth changes within Gr…

…afana (#1180) * updated current user documentation in light of grafana azuread auth updates * changed value of client_authentication and removed client_authentication in the examples
grafana · Feb 11, 2025 · d782b0e · d782b0e
1 parent 4cd7f95
commit d782b0e
Showing 1 changed file with 21 additions and 4 deletions.
diff --git a/doc/current-user-auth.md b/doc/current-user-auth.md
@@ -7,20 +7,23 @@ in the future.
 
 ## Prerequisites
 
-Current User Authorization only can work together with Azure AD Grafana authentication.
+Current User Authorization only can work together with Azure AD Grafana authentication. Please refer to [Configure Azure AD/Entra ID OAuth authentication](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/azuread/) documentation for complete guidance on setting up Azure AD Grafana authentication.
 
 ## Configuration
 
-Assuming that Azure AD authentication has been already configured, for example:
+Assuming that Azure AD authentication has been already configured, for example, configuring Azure AD authentication using client secret:
 
 ```ini
 [auth.azuread]
 enabled = true
 
 auth_url = https://login.microsoftonline.com/fd719c11-a91c-40fd-8379-1e6cd3c59568//oauth2/v2.0/authorize
 token_url = https://login.microsoftonline.com/fd719c11-a91c-40fd-8379-1e6cd3c59568/oauth2/v2.0/token
+client_authentication = # defaults to 'client_secret_post' (client secret)
 client_id = f85aa887-490d-4fac-9306-9b99ad0aa31d
 client_secret = 87808761-ff7b-492e-bb0d-5de2437ffa55
+managed_identity_client_id =
+federated_credential_audience =
 ```
 
 Current User authentication can be enabled in the `[azure]` section of the Grafana config:
@@ -30,7 +33,21 @@ Current User authentication can be enabled in the `[azure]` section of the Grafa
 user_identity_enabled = true
 ```
 
-Optionally, it's possible to provide another AAD app for token exchange (On-Behalf-Of token request):
+Optionally, it's possible to override the Azure AD authentication settings in the `[azure]` section of the Grafana config:
+
+```ini
+[azure]
+user_identity_enabled = true
+
+# Set custom settings
+user_identity_client_authentication =
+user_identity_client_id =
+user_identity_client_secret =
+user_identity_managed_identity_client_id =
+user_identity_federated_credential_audience =
+```
+
+For example, it's possible to provide another AAD app for token exchange (On-Behalf-Of token request):
 
 ```ini
 [azure]
@@ -41,7 +58,7 @@ user_identity_client_id = 4fc34037-97bd-4e84-9db4-86238c78e32a
 user_identity_client_secret = 4479f5a6-444c-4271-8790-60eeb42225ae
 ```
 
-Also, it's possible to customize the token endpoint:
+In another example, it's possible to customize the token endpoint:
 
 ```ini
 [azure]