I would like the users of my web app to access Kibana Cloud dashboard by embedding them into the app. Users access my app via Auth0. I am using Elastic Cloud with Kibana.
I need help understanding how to implement these two options:
Maybe use my Auth0 account to also sign the users into elastic kibana via SSO?
Or a Service account that logs into kibana on behalf of the logged in user.
I need to find the right docs that do either of these via Elastic Cloud specifically, as I do not manage the backend configuration myself. For example, how do I setup a service account login and enable anonymous authentication specifically in Elastic Cloud, not self- managed.
Ideally, I could leverage Auth0 since I'm aleady using it.
Any recommendations to make it as secure as possible either way?
I think I answered most of this here If I understand what you're trying to do.
You will create a role that represents the access that you want and assign that to the user that you use for the anonymous user
You can also take out the other normal basic and elastic cloud SSO logins
xpack.security.authc.providers:
basic.basic1: <!--- TAKE out this if you don't want normal login
order: 0 <!--- TAKE out this if you don't want normal login
anonymous.anonymous1:
order: 1
credentials:
username: "dashboard-user"
password: "dashboard1234!"
to disable the Cloud Kibana SSO
In your kibana.yml setting on the edit deployment page
This is kinda a hidden / inferred setting xpack.security.authc.providers.saml.cloud-saml-kibana.showInSelector: false
If you don’t want a specific provider to show up at the Login Selector UI (e.g. to only support third-party initiated login) you can hide it with showInSelector setting set to false. However, in this case, the provider is presented in the provider chain and may be consulted during authentication based on its order. To disable the provider, use the enabled setting.
Thank you @stephenb . Very helpful. I decided to try the saml option in my Auth0 so it can be more secure than anonymous. I think I got it working because SSO works when logging into kibana or through my app with same Auth0 user.
My question to you is how do I ensure the embed is actually using the saml? I tried setting the iframe auth_provider_hint=saml.cloud-saml . Is that correct way to do it?
xpack.security.authc.providers:
saml.cloud-saml:
order: 0
realm: cloud-saml
description: "Log in with SSO"
icon: logoElasticsearch
hint: "Typically for most users"
Thanks. I edited the url.
In the embed frame it prompts me to login with SSO or login with Elastic Cloud (as admin) . Somehow it still gives that option even when only saml.cloud-saml is there.
Appreciate the help ... learned some things today so I appreciate you pointing me in the general direction!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.