Azure active directory integration with elasticsearch

Thank you!!! @ikakavas

Now I have implemented saml authentication using Auth0 as IDP. I wanted to ask is there a way to use the saml authenticated users which are store in auth0 to access the elasticsearch API's ??

Beacuse I can only access kibana API's using those users.

No, not really. We support the SAML 2.0 Web Browser Single Sign On profile, which as the name suggests is geared towards browser based access. What's more, in out architecture Elasticsearch+Kibana constitute a SAML Service Provider together so it's not that straightforward to decouple these two.We also don't store any shadow users on ES side.

We have information on how to use SAML for authentication without Kibana, here but this would require that you build and use a custom web application on your side and is targeted for power users that require specifically this kind of functionality.

I would suggest that you look into our API Keys so that your users can authenticate via SAML and then get themselves an API key that they can use for accessing the REST APIs. You'll need to grant your users a role that gives them the manage_own_api_key privilege for them to be able to do that. This approach also might have caveats though as for instance, once they log in via SAML And get an API key, they would be able to bypass SAML authentication from then on and just use the API key to access elasticsearch, which might or might not be ok for your use case

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.