Manage Security via Kibana


(meir) #1

Hi @sscarduzio,

I’ve start testing your free ReadOnlyREST API on my test environment
we want to purchase the enterprise license but we need to know few things before

  1. ReadOnlyREST API support Atlassian Crowd for authentication and Single sign-on (SSO)
  2. ReadOnlyREST API have permission/security management on the kibana gui?
    The permission management will be managed by our helpdesk team so they need a GUI that will be able to provide them the ability to add/grant permission to our groups/users in ELK

Thanks,
Meir.


(Simone Scarduzio) #2

Hi @meirfi,

The integration with SSO authentication, as any custom authentication, can be arranged via our ElasticSearch plugin’s in two different ways:

  1. Proxied authentication (proxy_auth rule) by interposition of a SSO-capable reverse proxy.
  2. External authentication connector, which basically checks the credentials against another web server.

Similarly for groups, we have an [external groups provider via JSON service(https://readonlyrest.com/documentation/#Users_and_Groups--Custom_groups_providers).

All the above connectors’ cache can be configured.

About the graphical user management UI.
At this point in time, we don’t have a full fledged GUI, but only a YAML editor that validates the syntax before committing the settings to the cluster.

However, as you described your use case, I agree this GUI becomes very much necessary, as at the moment the YAML editor is too powerful and operators can risk to lock everyone out with a typo.