Azure Saml SSO

I am trying to setup Single Sign-On for an instance by following this guide .

I am encountering the error 'You do not have permission to access the requested page'. I have a feeling it has to do with the role mappings. I actually do not understand how it works so I did not alter or set any role mappings. The instance currently uses LDAP and we want to change to saml sso. I will appreciate any help on this.

cc @Larry_Gregory can throw more light on this when he has some time.


Hey @Keemtaker, welcome to the discussion boards! Yes, this error message means that you were able to successfully authenticate to Kibana, but your account failed our base authorization checks. This typically means that either:

  1. Role mappings are incorrect/missing
  2. Roles are mapped correctly, but the roles do not grant access to Kibana

Since you didn't alter or set any role mappings, I'm guessing that's where we should look next. We have a guide on creating role mappings for SAML users here, which also explains why they are necessary, and what function they perform: Configuring SAML single-sign-on on the Elastic Stack | Elasticsearch Guide [8.3] | Elastic.

I'm happy to help further, but it's hard to offer more concrete guidance without more information. Let me know how you make out with this guide, and I can answer any specific questions you have from there.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.