How to Protect Access to Elasticsearch and Kibana

Elasticsearch and Kibana are popular applications in the “Elastic Stack” that are commonly deployed as on-premise software. Due to the sensitive data those products often contain, securing access to them is imperative. Unfortunately, Elastic doesn’t offer authentication or authorization capabilities out of the box. Security features such as single sign-on (SSO) support and even user authentication and management, are only available on higher tiered paid plans that can be cost prohibitive for smaller businesses (especially if they run multiple instances of Elasticsearch in multiple environments). Additionally, even when those features are available, misconfiguring security for Elasticsearch can lead to a massive exposure of data.

Twingate is an easy and convenient way to add your identity provider’s SSO functionality to Elasticsearch and Kibana, without requiring any changes to those applications, and without requiring an Elastic plan that includes SSO support. You can also set up an access policy in Twingate that allows your identity provider to enforce MFA for Elasticsearch and Kibana.

Layering on SSO and MFA to Elastic only takes a minute - just add the relevant servers as resources in your Twingate admin console. See here for step-by-step instructions.

The other benefit of controlling access with Twingate is that users can be provisioned and deprovisioned from one central location - your identity provider - and there’s no need to maintain separate user accounts for Elasticsearch and Kibana, or to remember to deprovision them when a user no longer needs access.

Additionally, Twingate also allows you to hide the servers that house your Elastic instance within your private network so no one on the internet can directly access it or even see the network it sits in.

Last updated 9 months ago