How to allow Users access Kibana on Elastic Cloud on Azure?

I deployed: Elastic Cloud (Elasticsearch managed service) Elastic Cloud (Elasticsearch managed service)

Now I need to allow users from my Azure tenant to access Kibana using their Azure AD credentials so to do something like described here: SAML based Single Sign-On with Elasticsearch and Azure Active Directory | Elastic Blog

But seems like Enterprise App that was created automatically do not allow me to create any mafiest or to be managed at all....

I'm getting this:
"The single sign-on configuration is not available for this application in the Enterprise applications experience. Elastic Cloud (Managed Service) is a multi-tenant application and the application is owned by another tenant."

Please advise how I can allow users form my tenant to access Kibana without creating separate elastci account for each person

Hey @idelix, welcome to the discussion boards!

I'm not terribly familiar with the Azure marketplace, but we do have instructions for connecting Elastic Cloud to Azure AD via OpenID Connect: Set up OpenID Connect with Azure, Google, or Okta | Elasticsearch Service Documentation | Elastic.

It sounds like the error message you're getting is from Azure, so these instructions may or may not be helpful. If not, I think your best bet would be to reach out to your support contact via support.elastic.co for further assistance.

Thank you I got this to work, had to make some changes to the original:

Elasticsearch setting had to remove this bit:
claim_patterns.principal: "^([^@]+)@<domain_name>\.tld$"

And in Role mapping I removed firstname.surname filter

So now all users from my tenant can login and become superuser, I wonder if anyone knows how to only allow one specific Azure group ?
Ideally I would add users to this group in Azure and they would be mapped to roles in kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.