[User-Management] Automatic Creation of Users

1

Hi,

we are planing to go for the Enterprise Version of RoR. There is one thing which we want to know before going ahead.
Is there any option to create Users in an autoamtic way? For example writing directly into the clusterwide settings index or something similar?

Thank you,
Salko

2

Hello @salkonuhannovic,

You can certainly automate writes into the clusterwide settings to create local users.

However, if your users are created in an external system like (LDAP/SAML/Oauth+JWT) you could more practicly use dynamic variables to create a tenancy on the fly when a new user authenticates for the first time.

For example:

Using LDAP with dynamic variables to automatically create tenancies for new/unknown LDAP users.

The following configuration allows you to automatically create new Kibana tenancies simply by adding new users to an LDAP server.

readonlyrest:
    
    access_control_rules:

    - name: "Kibana tenants from LDAP"
      indices: [".kibana_@{user}", "@{user}_logstash_*"]
      kibana_index: ".kibana_@{user}"
      ldap_auth:
        name: "ldap1"                                       # ldap name from below 'ldaps' section
        groups: ["kibana_ldap_tenants", "it_admins"]   # group within 'ou=Groups,dc=example,dc=com'
      

    ldaps:
    
    - name: ldap1
      host: "ldap1.example.com"
      port: 389                                                        
      ssl_enabled: true                                          
      ssl_trust_all_certs: true                                   
      bind_dn: "cn=admin,dc=example,dc=com"     # optional, skip for anonymous bind
      bind_password: "password"

Steps to implement this:

  1. An working LDAP server configured into ROR
  2. Add a new user “new_user” into LDAP (without changing anything in ROR settings)
  3. The new user tries to authenticate to ROR Enterprise
  4. ROR forwards the authentication request to LDAP
  5. Authentication is successful, and the user belongs to either “kibana_ldap_tenants”, or “it_admins”
  6. ROR will create a brand new Kibana tenancy (kibana index: “.kibana_new_user”)

I hope this helps.