Authorization for clients to only view a single dashboard


(dob) #1

I have the following:

  • A ES 6.0 index for each of my domains
  • Clients who subscribe to a domain
  • a login app with its own authentication & authorization for clients.
  • After being authenticated by the login app, the user's domain dashboard is rendered through an iframe (dashboard sharing)

I want to do the following:

  • Provide authentication and authorization for Kibana so that clients can only view their domain's dashboard through my login app
  • single sign-on

I have looked into the following:

  • using a reverse proxy to provide user roles for limiting kibana endpoints to only a single dashboard
  • creating a kibana instance for each domain with basic authentication
  • Xpack user roles
  • ReadonlyREST

What is the best method for accomplishing what I want to do? And any details/description of implementation? Any resources or examples would be really helpful

Many thanks


(David Snider (Kibana Design)) #2

Hey there. Currently the best option for limiting access to dashboards is through "Dashboard Only Mode" within the management section. This will only limit users to the dashboard app in general and not access to specific dashboards.

We are working towards addressing this need with some new features in an upcoming Xpack release.


(dob) #3

Hi there. Thanks for the quick reply.

I cant have clients able view other client's dashboards, so the "dashboard only mode" by itself won't satisfy my requirements. Is there another best option until this issue is addressed with a Xpack release?

Again, thanks


(David Snider (Kibana Design)) #4

Unfortunately not yet. Your only other option would be running a separate instance of Kibana and limiting your data there.

We are aware this isn't a great solution and are working towards something more elegant in a future release.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.