you could do this by defining two sets of users. One for the Kibana users (humans I assume), and another for the Elasticsearch/Logstash users (services&processes I'd guess).
The Kibana users you would authenticate using the AD-realm. Ensure each has at least the
kibana_user-role mapped to the appropriate AD-group, as well as (read/write) access to the required data/indices (https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html)
For the ES/Logstash users, use the native realm. So you can create these users with the ES user-api (cf. https://www.elastic.co/guide/en/x-pack/current/native-realm.html).
Let me know if this is what you're looking for,