Session storage for embedded iframes with kibana dashboards and anonymous user

Quick questions. My team is using iframes to host embeded dashboards and we want to use anonymous users to avoid having users have to provide their own credentials. The how to for that piece is clear. We however are worried that the anonymous cookie will be stored and after using our iframes a user may pull up elastic in another tab and be auto logged in as the anonymous user due to a stored cookie. Is this the case? is the cookie from the authenticated iframe stored in session and will that cause users that use elastic concern that they may be doing work on the anonymous account and not there own

You're correct that we do not support multiple Kibana users in a single browser context. So, if you enable anonymous access, it does not just apply to your iframe embedding. As long as the anonymous service user's permissions are properly configured, Kibana will only allow very restricted read-only access.

If the person has already logged into Elastic with their personal account, viewing the embedded Kibana won't erase their auth—instead, it will treat them as an authenticated user with access to anything they would normally have access to.

However, if they first view the embedded Kibana as an anonymous user and then visit Kibana in another tab, they will be viewing Kibana as an anonymous user. This will quickly become clear since they won't actually be able to edit anything. You can set a specific avatar for the anonymous user profile to make it even more obvious that they aren't logged in as themself.

Screenshot 2023-08-04 at 9.40.31 AM

Does that help?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.