Different anonymous users on ELK

Hi.

We are building several different dashboards with information that we want to share, but there are dashboards that we want to make public to everyone, dashboards that we want to make public at an enterprise level and dashboards "only for our eyes"

So our main idea is to separate dashboards into different spaces and sort them depending on the "access level".

Our idea is to give anonymous access to both "public" spaces, but we are wondering if we'd be able to use different anonymous users to give access to each public space, as we don't mind company users accessing public info, but we don't want that anyone accessing a public dashboard embedded on our public webpage reaching "only company" public dashboards tweaking the url from the iframe.

It's possible to configure different anonymous users? It's a good security approach for a use case like ours? There is any other security advice you can give us to achieve this three layer publication?

Hello Pablo,

I don't think you can configure more than 1 anonymous user - how would Kibana be able to detect which one to use?
Also, only allow anonymous access to content which you don't mind sharing with everyone that is able to reach your instance!

That said, I propose to use the anonymous user for the public space.

For the enterprise level, you have 2 options (depending on your license):

  1. If you have a platinum or enterprise subscription, your best bet would be to connect Kibana to your Single-Sign-On Provider
  2. Another option would be to create a normal user in Kibana and use Nginx or an Apache server as a proxy to add the authentication credentials to each request (see here for an example)

Best regards
Wolfram

Thank you Wolfram.

We were already considering usin an Apache to proxy urls to the dashboards but haven't thought about including authentication. We'll definitively look into that.

Thank you again