Integrating Okta with Grafana

If you ever tried to integrate OKTA with Grafana, you might have ended up a bit frustrated after following all the instructions in the official Grafana documentation.

After creating an Okta application and enabling Okta OAuth in Grafana, you might have faced the following error:

Error: The ‘redirect_uri’ parameter must be a Login redirect URI in the client app settings

Why is this happening?

If you inspect the payload of the callback request made when trying to sign in with Okta, you’ll se that the redirect_uri doesn’t match the one set in Okta, as per the instructions in the official documentation:

The login redirect uri set in Okta was: https://grafana.example.com/login/okta, which doesn’t match our redirect_uri parameter

How do we fix it?

The solution is quite simple. In the [server] section of your Grafana configuration file, add the following parameters:

[server]
domain = grafana.example.com
root_url = https://%(domain)s/

The root_url is the full URL used to access Grafana from a web browser. This is important if you use OAuth authentication for the callback URL to be correct.

Note you need to replace grafana.example.com with the domain you use to access Grafana through your web browser in both your Okta app and Grafana configuration file.

Nice and simple!