Unable to register a Grafana new Workspace. Network Failure trying to setup AWS SSO as authentication method.

0

Im not able to configure the AWS SSO authentication method during in configuration steps of Grafana Service workspace setup.

The error does have much detail. Simply reports: Network Failure

So, ¿Exist any precondition in the SSO configuration which can lead to this little explanatory error?

Right now I have an SSO user configured. Although I have to point out that this SSO is configured in other availability zone (Paris) while I am configuring Grafana in Ireland (this service is not avaliable in Paris). Could this be the reason?

已提问 2 年前742 查看次数
2 回答
0

Hi,

I understand you are experiencing the error above when trying to register a Grafana new Workspace and network failure when trying to setup AWS SSO as authentication method.

When you first enable AWS SSO, all the data that you configure in AWS SSO is stored in the Region where you configured it. This data includes directory configurations, permission sets, application instances, and user assignments to AWS account applications. If you are using the AWS SSO identity store, all users and groups that you create in AWS SSO are also stored in the same Region. It is recommended that you install AWS SSO in a Region that you intend to keep available for users, not a Region that you might need to disable. For more information about AWS SSO Region availability [1].

Please note that when using Amazon Managed Grafana and AWS SSO, users are redirected to their existing company directory to sign in with their existing credentials. When you create a workspace and choose to use AWS SSO for authentication, Amazon Managed Grafana activates AWS SSO in your account if you are not already using it. To use AWS SSO with Amazon Managed Grafana, you must also have AWS Organizations activated in your account. If you don't have it activated already, Amazon Managed Grafana activates it when it activates AWS SSO. If Amazon Managed Grafana enables Organizations, it also creates an organization for you.

AWS Organizations supports only one AWS Region at a time. To enable AWS SSO in a different Region, you must first delete your current AWS SSO configuration. Switching to a different Region also changes the URL for the user portal, and you must reconfigure all permission sets and assignments.

References:

[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html

[2] Required permissions for scenarios using AWS SSO : https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG-SSO.html

[3] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org.html

I hope the above information is helpful. Please feel free to reach out for any concerns.

Phindi
已回答 2 年前
0

Hi,

This issue might be fixed. Before the fix got Network Failure error. Test done. It is possible to deploy an Amazon Managed Grafana workspace in US-EAST-1 with Identity Center configured in SA-EAST-1.

AWS
Leo Y M
已回答 1 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则