Hi @nickgregz,
I can confirm that there are only two ways that we recommend for such use case currently:
- Use SSO (SAML, OIDC, Kerberos) or PKI
- Use reverse proxy in front of Kibana that will be adding
Authorization
header
Yes, all requests will be made on behalf of a dedicated user. You can of course create a dedicated read-only user with specific set of permissions, privileges etc, but it may not work for your use case.
You can also try to integrate Third Party Auth.
Let me know if you still have questions,
Oleg