Azure AD SAML Kibana authentication

Question

Azure AD SAML Kibana authentication

Lokesh Venugopal 21

Hi,
Greetings.

I am having a requirement to use Azure AD based SAML authentication to login to Kibana(AWS managed)
for this I need to know the procedure to get the " IdP metadata file" from Azure AD to complete the Kibana SAML setup.

I am currently not aware of the procedure to generate the " IdP metadata file" in Azure AD, need some help.

We want to use Service provider (SP) initiated based approach.

Regards
Lokesh V

Accepted answer

1 additional answer

Your answer

Answer 1

Siva-kumar-selvaraj 15,721

Hello Lokesh,

Thanks for reaching out.

You can download Federation Metadata XML file by accessing Federation Metadata Url in the format of https://login.microsoftonline.com/<Directory ID>/federationmetadata/2007-06/federationmetadata.xml , same url can be found from Azure AD App registration blade as shown below:

To learn more about SAML-based single sign-on, refer : https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-saml-single-sign-on

Hope this helps.

Regards,
Siva

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Lokesh Venugopal 21 Reputation points

2021-07-31T00:08:09.137+00:00

Thank you so much Siva. The info helped us.
But we still have confusion on how to map the AD user to Kibana Roles. Pls help with some pointers.
Regards
Lokesh V
@sikumars-msft

Answer 2

Siva-kumar-selvaraj 15,721

Please find detailed steps for Declare roles for an application, assign them to user which would be sent to application in SAML token and refer if you are setup automatic user provisioning to Kibana application if that support System for Cross-domain Identity Management (SCIM).

Hope this helps.

Lokesh Venugopal 21 Reputation points

2021-08-03T17:33:34.43+00:00

Thanks for clarifying with support links.
One last question, using manifest option

Each app role definition in the manifest must have a unique GUID for its id value.

The GUID can we put any supported value manually or is there any procedure to generate the GUID using Azure AD portal.

Many thanks.
Regards
Lokesh V
@sikumars-msft
Siva-kumar-selvaraj 15,721 Reputation points

2021-08-03T17:48:32.79+00:00

Hi Lokesh,

Yes, we can put any supported value manually for an example format: 7d2db720-eac1-4a9c-aaff-aebef9dd0a9b , but it must be unique GUID ID across tenant. Alternatively, I would recommend to use Azure UI rather than Manifest edit option because UI way would be straightforward and GUID would be generated automatically.

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#app-roles-ui
Lokesh Venugopal 21 Reputation points

2021-08-06T09:27:16.503+00:00

Thank you so much Siva.
We will try these recommendations.
Regards
Lokesh V
@sikumars-msft

Share via

Azure AD SAML Kibana authentication

1 additional answer

Your answer