The integration with SSO authentication, as any custom authentication, can be arranged via our ElasticSearch plugin’s in two different ways:
Proxied authentication (
proxy_auth rule) by interposition of a SSO-capable reverse proxy.
External authentication connector, which basically checks the credentials against another web server.
Similarly for groups, we have an [external groups provider via JSON service(https://readonlyrest.com/documentation/#Users_and_Groups--Custom_groups_providers).
All the above connectors’ cache can be configured.
About the graphical user management UI.
At this point in time, we don’t have a full fledged GUI, but only a YAML editor that validates the syntax before committing the settings to the cluster.
However, as you described your use case, I agree this GUI becomes very much necessary, as at the moment the YAML editor is too powerful and operators can risk to lock everyone out with a typo.