Embed Kibana in Custom App

Hello Community, I have struggled with this for a bit now. How are others embedding Kibana in a custom app? What I am trying to do is as follows.

When a user logs in to our internal app, depending on their permission they have access to kibana or not. I need to load Kibana in our custom app. This can be done via iframe but setting credentials or auth headers on an iframe is unsafe. If we dont setup the creds on the iframe, the iframe will require a second authentication.

I have tried using NGINX and have it setup auth headers, but the issue is same, if someone hits the URL directly, then the will auto authenticate. Any ideas on how to achieve this?

Hi there!

There may be some other options depending on which authentication realm you're using. Are you using any of our SSO options such as SAML or LDAP?

currently using built in security in Elastic

Currently the only way we support this without requiring a second authentication is if you're using our SAML or OIDC authentication realms. If this isn't an option for you, you will either have to require the users to log in again or use a proxy as you mentioned.

We have had requests for supporting an anonymous user and if you think that would support your use case, we'd love to hear more about it in that Github issue (or even a simple :+1: on the issue helps us prioritize).

Let us know if we can help with anything else!