Secure Kibana Dasboard Iframes

kishorkumar · April 4, 2024, 5:30am

Hello @elastic #stack-kibana #dev-kibana.

We aim to create a restricted iframe that cannot be exploit it is also public iframe url but is only accessible by specific userIds. We intend to embed this iframe in our app. How can we ensure its privacy? Additionally, we want to prevent anyone from determining the iframe's existence to prevent potential exploitation.

so how do it , if you have any guide then lets know. can we restrict the traffic or get request on public iframe link of dashboard to must contain the userID

jsanz · April 30, 2024, 11:20am

There is an excellent post on the Elastic blog on different things you can do to embed Kibana in an iFrame

However, I don't think there's a way to achieve the requirements you mentioned

No way to "hide" you are using an iframe, at the end of the day, they will parse your HTML and offer that to the users (and potentially anyone to inspect it)
No way to log into Kibana using url parameters. You can set up Single Sign On to authenticate your users, though. Details here