Google OAuth2 Authentication

To enable the Google OAuth2 you must register your application with Google. Google will generate a client ID and secret key for you to use.

Create Google OAuth keys

First, you need to create a Google OAuth Client:

Enable Google OAuth in Grafana

Specify the Client ID and Secret in the Grafana configuration file. For example:

  1. [auth.google]
  2. enabled = true
  3. client_id = CLIENT_ID
  4. client_secret = CLIENT_SECRET
  5. scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
  6. auth_url = https://accounts.google.com/o/oauth2/auth
  7. token_url = https://accounts.google.com/o/oauth2/token
  8. allowed_domains = mycompany.com mycompany.org
  9. allow_sign_up = true

You may have to set the root_url option of [server] for the callback URL to be correct. For example in case you are serving Grafana behind a proxy.

Restart the Grafana back-end. You should now see a Google login button on the login page. You can now login or sign up with your Google accounts. The allowed_domains option is optional, and domains were separated by space.

You may allow users to sign-up via Google authentication by setting the allow_sign_up option to true. When this option is set to true, any user successfully authenticating via Google authentication will be automatically signed up.