Hi @ikakavas
Yeah, The Kibana SSO login is working after Elastic Cloud help enable the below option on ElasticSearch settings.
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
There has a new issue found after we enabled Kibana SSO.
We can only see an attribute with subject on AWS Application SSO settings, Don't know if it's normal? when I logged on to Kibana with my AD account(robin.guo), It's not the username that what I logged on.
Could you please advise which attributes should we in place between elastic cloud and AWS SSO?
The default mappings between AWS SSO and Microsoft AD as following
| User attribute in AWS SSO | Maps to this attribute in your Microsoft AD directory |
|---|---|
| AD_GUID | ${dir:guid} |
| ${dir:windowsUpn} | |
| familyName | ${dir:lastname} |
| givenName | ${dir:firstname} |
| middleName | ${dir:initials} |
| name | ${dir:displayname} |
| preferredUsername | ${dir:displayname} |
| subject | ${dir:windowsUpn} |
eg.
Attribute mappings
Kibana Login
