Enable SSO in Elastic Cloud

antony_kavin · October 29, 2020, 9:19am

Hi team,

I want to enable SSO in my Kibana dashboard. I am using Elasticsearch and Kibana version 7.9.2. I am currently in the Gold Plan. I went through the elasticsearch guide and it was not clear. I have the below questions

1)Is configuring SSO free?
2)I went through the features of the different plans like Standard,Gold,Platinum and Enterprise. I saw that there is a feature called Single sign-on (SAML, OpenID Connect, Kerberos) available in the Platinum plan. Does this mean that I can enable Single Sign on if I upgrade to the Platinum plan?
3)Is there any documentation/videos which I can refer to, for enabling the Single Sign on?

Thanks,
Antony.

rashmi · October 29, 2020, 4:13pm

Hi

Have you checked https://www.elastic.co/pricing/ It will give you a clear picture of our pricing model.

Here is the documentation/blog which will talk about it more .

There is also a note at the very bottom of this blog post (same for SAML):

 We covered how to authenticate users via Kibana using OpenID Connect and different providers (Azure, Google, and Okta). If you are looking for other authentication methods, Elasticsearch Service also supports SAML and Kerberos. Please note that OpenID Connect support is only available for Platinum and Enterprise subscriptions.

Thanks
Rashmi

antony_kavin · October 30, 2020, 11:30am

Hi Rashmi,

Thanks for the reply. The link that you shared was really helpful. I have some follow up questions:

I think the best option to enable SSO would be do an OpenID connect(via google). I know that this is available only in the Platinum version. I am currently a Gold member and I am ready to upgrade to Platinum. Will there by any other cost(from the google cloud console side) associated with this process?
I want to ensure that all the people from my organization will be able to use the Kibana dashboard in a secure way. So, I want all the people with my company domain to be able to access the dashboard. How can I set this up? Will it be possible at a global level? Or should I do it at an individual email level?
Is there any way to track the people who are using the dashboard?
How does user roles and SSO work together? If I want to ensure that only a certain group to view dashboard 'A' and another group to view dashboard 'B', can I set this up by using user roles and SSO together?

Thanks,
Antony.

system · November 27, 2020, 11:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.