Looking for help logging into Graphana using JumpCloud SSO

Hi,

Thank you for reaching out to us! I understand that you are facing this error message "{"message":"corresponding relay state is not found: "}" while trying to authenticate into Amazon Managed Grafana using JumpCloud SSO. Please correct me if I misunderstood your use case.

From the error message, it seems that the RelayState parameter is not set.

"RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO."

• https://aws.amazon.com/blogs/security/how-to-use-saml-to-automatically-direct-federated-users-to-a-specific-aws-management-console-page/

The above document walks through creating a deep link for federated users via the SAML 2.0 RelayState parameter in Active Directory Federation Services (AD FS). I do understand that you aren't using AD FS as your IdP, however I wanted to provide you an example use case for it.

I was able to find the following 3rd party documentation from JumpCloud that explains how you are able to set the Default RelayState parameter:

"Default RelayState - Enter a value that designates the default location to which your users will be redirected after single sign-on is complete. It will be sent by JumpCloud as the RelayState either in IdP-initiated SSO or if no RelayState is received from the service provider during SP-initiated flow. The service provider may supply you with this value and refer to it as the Target URL, RelayState, or Target."

• https://support.jumpcloud.com/support/s/article/SSO-Application-Connector-Fields

Please note that since this is a 3rd party documentation, I cannot comment on its validity. However, you may reach out to JumpCloud support team for any related questions or concerns.

I was also able to confirm with Amazon Managed Grafana (AMG) team that AMG supports IdP-initiated authentication and the external identity providers that have been mentioned in the following documentation have been tested with Amazon Managed Grafana.

• https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG-SAML.html#authentication-in-AMG-SAML-providers

The AMG team mentioned that you may configure the 'Grafana workspace url' as the redirection URL for the RelayState parameter. They also mentioned that there isn't a way to set this parameter in Grafana. Therefore, I would recommend reaching out to JumpCloud support team for assistance in setting this parameter.

However, if you did have any further questions for us, could you please reach out to us via a support case so we can discuss in detail?

Note: All questions and answers posted to re:Post are public. You should open a support case if your question involves sensitive information.

Please feel free to reach back with any further questions or concerns!

I know this response is old but I'm getting the same error when integrating through Okta. Sumukhi response seems to indicate that managed grafana does support IdP-initiated requests but the documentation says it doesn't. So just want to clarify if it does.

For my case, I'm getting {"message":"corresponding relay state is not found: "} when clicking on the okta tile, but logging in from grafana itself works.