Embed OpenSearch Dashboards using iframe without providing user access to the cluster

Hi guys!

We have a site with permission control for different clients. We are building an opensearch solution for all clients and would like to display each dashboard in an iframe on our site. How can we enable client permission to view dashboards in iframe without having to re-build the same access pattern in Opensearch, and without users from being able to login to the domain?

I.e A solution which access control is done through users being able to see what is displayed in the iframe, since user are only able to view our site pages which they have access to. Access to the opensearch domain itself is not provided.

Hi @zhan2819,

Have you considered using JWT authentication for your iframe?

more here: JSON Web Token - OpenSearch Documentation

a similar case has been discussed here: Bypass sign-in to an embedded Opensearch dashboard iframe

best,
mj

Thanks @Mantas! this is very helpful. We have two additional questions if you don’t mind:

  1. Can we put the dataset discover page in an iframe for user to query on? Can they export from it?
  2. If so, is there a way to prevent user from selecting another dataset in the discover dashboard, as dataset belonging to other clients will be there?

Thank you.