Sorry, found the answer, it is using the "reserved" realm.
Didn't find "reserved" realm in the documentation "https://www.elastic.co/guide/en/elastic-stack-overview/7.0/setting-up-authentication.html"
but only through another post Authentication of [elastic] was terminated by realm [reserved]