Table of Contents

Set Up SSO for Open Source Kibana with Okta using Datawiza

3 minutes read
Share on facebook
Share on twitter
Share on linkedin
Share on email
Table of Contents

It is said that “Data is the new oil,” and it is more important than ever to keep that oil secure. If your organization relies on Kibana, sooner or later, you will want to secure access to it with single sign-on (SSO).

Kibana is a free and open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch.

If you review Authentication in Kibana, you will see that Kibana supports some authentication mechanisms, such as multiple authentication providers, basic authentication, token authentication, and so on. However, Single Sign-On (SAML, OpenID Connect, Kerberos) requires an expensive Platinum Plan license, which could cost about $10K+/server/year (including both Kibana and Elasticsearch servers). If you have many Kibana/Elasticsearch servers, the price tag could be prohibitively high.

Datawiza provides a much more cost-effective way to solve this problem. A SaaS-delivered, lightweight, proxy-based solution, Datawiza can enable SSO and granular access control for not only Kibana, but also for other open source tools, including Grafana, Jenkins, Hadoop/Spark and so on.

In this step-by-step tutorial, you will learn how to integrate a Kibana dashboard with Okta using Datawiza to implement OIDC/OAuth SSO.

 

Introduction to the Datawiza Platform

The Datawiza Platform is a cloud-delivered, SaaS-based access management solution. It includes a data plane and a control plane: Datawiza Access Broker (DAB) and Datawiza Cloud Management Console (DCMC).

DAB is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Okta on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of DABs. Such a SaaS-based design makes the whole platform much easier to use.

Step 1: Create an app integration in Okta

First, you need to set up an App Integration on Okta and get some credentials. If you don’t have one, you can follow the tutorial to create a new one on Okta. At the end of this step, you will get a client id and a client secret for the Okta app integration.

Step 2: Create an application in Datawiza Console

Next, follow the tutorial to create an application in DCMC. Note that when you configure the application, the port of  Upstream Servers should be 5601, which is the default port of Kibana, instead of 3001:

 

A view on how to add an application with Okta using Datawiza

Step 3: Run DAB container to enable SSO for Kibana

Run DAB as a sidecar (agent) to your application.

After finishing the configuration in DCMC, you can run the DAB with a YAML file. The final docker-compose YAML file should look like this:

Now, you can use docker-compose to create and start the DAB:

That’s it. After executing the command above, Kibana should have SSO enabled with Okta.

Login to Kibana via SSO

Now, let’s give it a try. Open a browser and type in http://localhost:9772. You should see the Okta login page as follows. Use the test user to log in.

Okta sign in page

 

After logging in to Okta, you will see the Kibana dashboard.

Welcome home page

Summary

This tutorial has shown you how to cost-effectively secure the Kibana dashboard with Okta using Datawiza  . Get a free trial by signing up/in here. Please email us at contact@datawiza.com if you need any help or have any questions.

 

Written by the Datawiza team — hope you enjoyed! Join us if you have any questions or need any help on our Discord server. 

You might also like