Amazon Elasticsearch Service adds native SAML Authentication for Kibana

Posted on: Oct 28, 2020

Amazon Elasticsearch Service now natively supports using Security Assertion Markup Language (SAML) to offer single sign-on (SSO) for Kibana. SAML authentication for Kibana enables users to integrate directly with third-party identity providers (IDP) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory. With this feature, your users can leverage their existing usernames and passwords to log in to Kibana, and roles from your IDP can be used for controlling privileges in Elasticsearch and Kibana, including what operations they can perform and what data they can search and visualize.  

SAML Authentication for Kibana is available on any Amazon Elasticsearch Service domain with Fine Grained Access Control enabled. To learn more, please see the documentation.

SAML Authentication for Kibana is powered by Open Distro for Elasticsearch, an Apache 2.0-licensed distribution of Elasticsearch. To learn more about Open Distro for Elasticsearch and this feature, visit the project website.

SAML Authentication for Kibana is now available for Amazon Elasticsearch Service domains across 24 regions globally: US East (N. Virginia, Ohio), US West (Oregon, N. California), AWS GovCloud (US-Gov-East, US-Gov-West), Canada (Central), South America (Sao Paulo), Africa (Cape Town), Middle East (Bahrain), EU (Ireland, London, Frankfurt, Paris, Stockholm, Milan), Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai, Hong Kong), and China (Beijing – operated by Sinnet, Ningxia – operated by NWCD). Please refer to the AWS Region Table for more information about Amazon Elasticsearch Service availability.