I have configure ELastic cloud with OpenId using google succesfly and i can logged in with my email.'
My problem is every gmail account can be logged in
There is any way to restrict only access to chosed users and manage their roles.
In google documentation we have obligation to check our database.
https://developers.google.com/identity/protocols/OpenIDConnect#authuser
After obtaining user information from the ID token, you should query your app's user database.
Just a clarification for future readers, that this means "every user in your Gmail tenant" and not every gmail user
I would argue that this is something that needs to be restricted on the authenticating side , i.e. the OpenID Provider, which is Google in your case. If google doesn't offer that feature/functionality, then what you can do on the Elastic Stack side is to create role mappings that only assign the necessary roles to specific groups of users. Then all the others ( that are not intended to log in ) will get no roles and as such will get a 403 from Kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.