Users in kibana to lockout for 3 incorrect attempts

Gauti · January 27, 2020, 7:58am

Hi All,

There is a requirement for us from security perspective stating

whenever user trying to login to kibana should get locked out for 3 incorrect passwords
Users password should expire in 30 days.

I dont find any type of settings related to this in kibana user management, is this something achievable in kibana? or is there any other way around.

Note: we are using elastic cloud with version 7.3 and as per support team Active Directory integration is not possible in this version.

Any help would help us a lot.

Thanks
Gauti

Marius_Dragomir · January 28, 2020, 3:23pm

Hello,
There is no way in Kibana to enforce this. A possible workaround is to use SAML or OIDC as an identity provider and enforce it in there.

Topic		Replies	Views
Security Management in Kibana Kibana elastic-stack-security	5	259	August 2, 2021
How to block particular user account after enter multiple times of wrong password? Kibana	0	30	August 29, 2024
User Authentication/Lockout mechanism Elasticsearch elastic-stack-security	3	912	February 11, 2021
Expiration date password for kibana users Kibana	2	557	July 12, 2023
KIBANA Session TIME OUT for Users Kibana	2	366	December 31, 2019