It is said that “Data is the new oil,” and it is more important than ever to keep that oil secure. If your organization relies on Kibana, sooner or later, you will want to secure access to it with single sign-on (SSO).
Kibana is a free and open source frontend application that sits on top of the Elastic Stack, providing search and data visualization capabilities for data indexed in Elasticsearch.
If you review Authentication in Kibana, you will see that Kibana supports some authentication mechanisms, such as multiple authentication providers, basic authentication, token authentication, and so on. However, Single Sign-On (SAML, OpenID Connect, Kerberos) requires an expensive Platinum Plan license, which could cost about $10K+/server/year (including both Kibana and Elasticsearch servers). If you have many Kibana/Elasticsearch servers, the price tag could be prohibitively high.
Datawiza provides a much more cost-effective way to solve this problem. A SaaS-delivered, lightweight, proxy-based solution, Datawiza can enable SSO and granular access control for not only Kibana, but also for other open source tools, including Grafana, Jenkins, Hadoop/Spark and so on.
In this step-by-step tutorial, you will learn how to integrate a Kibana dashboard with Okta using Datawiza to implement OIDC/OAuth SSO.
Introduction to the Datawiza Platform
The Datawiza Platform is a cloud-delivered, SaaS-based access management solution. It includes a data plane and a control plane: Datawiza Access Proxy and Datawiza Cloud Management Console (DCMC).
Datawiza Access Proxy is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Okta on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of Datawiza Acess Proxy. Such a SaaS-based design makes the whole platform much easier to use.
Step 1: Create an app integration in Okta
First, you need to set up an App Integration on Okta and get some credentials. If you don’t have one, you can follow the tutorial to create a new one on Okta. At the end of this step, you will get a client id and a client secret for the Okta app integration.
Step 2: Create an application in Datawiza Console
Next, follow the tutorial to create an application in DCMC. Note that when you configure the application, the port of Upstream Servers should be 5601, which is the default port of Kibana, instead of 3001:
Step 3: Run Datawiza Access Proxy container to enable SSO for Kibana
Run Datawiza Access Proxy as a sidecar (agent) to your application.
After finishing the configuration in DCMC, you can run the Datawiza Access Proxy with a YAML file. The final docker-compose YAML file should look like this:
Now, you can use docker-compose to create and start the Datawiza Access Proxy:
That’s it. After executing the command above, Kibana should have SSO enabled with Okta.
Login to Kibana via SSO
Now, let’s give it a try. Open a browser and type in http://localhost:9772. You should see the Okta login page as follows. Use the test user to log in.
After logging in to Okta, you will see the Kibana dashboard.
This tutorial has shown you how to cost-effectively secure the Kibana dashboard with Okta using Datawiza . Get a free trial by signing up/in here. Please email us at firstname.lastname@example.org if you need any help or have any questions.