Cloud Elastic with Azure AD Authentication

I am currently evaluating the Cloud Elastic Service as for my organization. I have created my deployment and would like to connect it to our Azure AD to use AD as authentication to Kibana and map Elastic Roles with groups from our AD. How is this done? From the documentation I have seen, edits are needed to config files that to my knowledge I cannot access in the cloud. Is there a guide/walk-through to help me with this?

That is possible, provided that you're happy to use SAML to connect to Azure AD.

Instructions for SAML in Elastic Cloud are here:

We also have a blog article specifically about SAML with Azure AD. It uses an on-premises install of Elasticsearch, but the instructions can adapted for use with Cloud.

This looks good, and I am ok with using SAML in Azure AD if that is needed. I guess my confusion comes with uploading the idp-metadata.xml file to the ES instance. Since it is hosted with Elastic, I'm not sure how to accomplish this step.

Hi there,

It is not required to upload the idp-metadata.xml file, you can also reference the URL in the realm configuration and Elasticseach will fetch the metadata from that URL.

See point <5> in step 3 in the Instructions that Tim shared with you above for how to reference the metadata by URL, and the ( optional ) step 7 in the same document for how you can upload the metadata document if need be.

Awesome! Thanks, I will take a look at the link provided.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.