How to use service accounts in Azure Managed Grafana

In this guide, learn how to use service accounts. Service accounts are used to run automated operations and authenticate applications in Grafana with the Grafana API.

Common use cases include:

  • Provisioning or configuring dashboards
  • Scheduling reports
  • Defining alerts
  • Setting up an external SAML authentication provider
  • Interacting with Grafana without signing in as a user

Prerequisites

Enable service accounts

If your existing Grafana workspace doesn't have service accounts enabled, enable them by updating the preference settings of your Grafana instance using the Azure portal or the Azure CLI.

  1. In the Azure portal, under Settings, select Configuration, and then under API keys and service accounts, select Enable.

    Screenshot of the Azure platform. Enable service accounts.

  2. Select Save to confirm that you want to enable API keys and service accounts in Azure Managed Grafana.

Create a service account

Follow the steps below to create a new Grafana service account and list existing service accounts:

  1. Go to your Grafana instance endpoint, then select Users and access > Service accounts from the left menu, and Add service account.

    Screenshot of Grafana. Add service account page.

  2. Enter a Display name and a Role for your new Grafana service account from the options No basic role, Viewer, Editor or Admin, and select Create. No role is assigned by default.

  3. Once the service account is created, Grafana displays information about the new service account, including its creation date, existing tokens and permissions associated with it. You will create a first token in a next step.

  4. Optionally select Service accounts from the left menu to view a list of all the service accounts in your Grafana instance.

Add a service account token

Once you've created a service account, add one or more access tokens. Access tokens are generated strings used to authenticate with the Grafana API without using a username and password. Each token is associated with specific permissions, allowing you to control the level of access granted to different users or applications. Tokens can be created, managed, and revoked as needed.

In the Grafana UI:

  1. To create a service account token, select Add service account token.

  2. Use the automatically generated Display name or enter a name of your choice. By default, the expiration date is set to one day after its creation date. Optionally update the suggested Expiration date or select No expiration.

    Screenshot of the Azure platform. Add service account token page.

  3. Select Generate token. The token is displayed only once, so make sure to copy and save it securely. If you lose this token, you will need to generate a new one.

  4. The token is now listed in the service account details.

Edit a service account

In this section, you learn how to update a Grafana service account.

Actions:

  • To edit the name, select the service account and under Information select Edit.
  • To edit the role, select the service account and under Information, select the role and choose another role name.
  • To disable a service account, select a service account and at the top of the page select Disable service account, then select Disable service account to confirm. Disabled service accounts can be re-enabled by selecting Enable service account.

Screenshot of the Azure platform. Edit service account page.

The notification Service account updated is instantly displayed.

Delete a service account

To delete a Grafana service account, select a service account and at the top of the page select Delete service account, then select Delete service account to confirm. Deleting a service account is final and a service account can't be recovered once deleted.

Delete a service account token

To delete a service account token, select a service account and under Tokens, select Delete (x). Select Delete to confirm.

Screenshot of the Azure platform. Deleting service account token page.

Next steps

In this how-to guide, you learned how to create and manage service accounts and tokens to run automated operations in Azure Managed Grafana. When you're ready, explore more articles: