Unable to register a Grafana new Workspace. Network Failure trying to setup AWS SSO as authentication method.

0

Im not able to configure the AWS SSO authentication method during in configuration steps of Grafana Service workspace setup.

The error does have much detail. Simply reports: Network Failure

So, ¿Exist any precondition in the SSO configuration which can lead to this little explanatory error?

Right now I have an SSO user configured. Although I have to point out that this SSO is configured in other availability zone (Paris) while I am configuring Grafana in Ireland (this service is not avaliable in Paris). Could this be the reason?

2 Answers
0

Hi,

I understand you are experiencing the error above when trying to register a Grafana new Workspace and network failure when trying to setup AWS SSO as authentication method.

When you first enable AWS SSO, all the data that you configure in AWS SSO is stored in the Region where you configured it. This data includes directory configurations, permission sets, application instances, and user assignments to AWS account applications. If you are using the AWS SSO identity store, all users and groups that you create in AWS SSO are also stored in the same Region. It is recommended that you install AWS SSO in a Region that you intend to keep available for users, not a Region that you might need to disable. For more information about AWS SSO Region availability [1].

Please note that when using Amazon Managed Grafana and AWS SSO, users are redirected to their existing company directory to sign in with their existing credentials. When you create a workspace and choose to use AWS SSO for authentication, Amazon Managed Grafana activates AWS SSO in your account if you are not already using it. To use AWS SSO with Amazon Managed Grafana, you must also have AWS Organizations activated in your account. If you don't have it activated already, Amazon Managed Grafana activates it when it activates AWS SSO. If Amazon Managed Grafana enables Organizations, it also creates an organization for you.

AWS Organizations supports only one AWS Region at a time. To enable AWS SSO in a different Region, you must first delete your current AWS SSO configuration. Switching to a different Region also changes the URL for the user portal, and you must reconfigure all permission sets and assignments.

References:

[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html

[2] Required permissions for scenarios using AWS SSO : https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG-SSO.html

[3] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org.html

I hope the above information is helpful. Please feel free to reach out for any concerns.

Phindi
answered 2 years ago
0

Hi,

This issue might be fixed. Before the fix got Network Failure error. Test done. It is possible to deploy an Amazon Managed Grafana workspace in US-EAST-1 with Identity Center configured in SA-EAST-1.

AWS
Leo Y M
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions