Multi-tenant dashboards in iframe

zhan2819 · October 3, 2024, 4:25am

Hi guys, we are utilizing jwt token to by pass signin when embedding opensearch dashboards in iframe in our website. When embedding the dashboard, can we

Automatically select the tenant used
Prevent user from switching tenant, as datasets belonging to other clients are under other tenants in the same domain?

Thank you.

Mantas · October 3, 2024, 10:25am

Hi @zhan2819,

Yes, I do believe that is achievable on both points.
On point #1, you could set the "default_tenant" : "Private" more info here. So then the user (JWT in your case) gets authorized it will get to the tenancy base on the roles:
i.e:

{
  "iss": "example.com",
  "exp": 1300819380,
  "name": "John",
  "roles": "john_role"
}

john_role:
 reserved: false
 hidden: false
 cluster_permissions:
..
 index_permissions:
 - index_patterns:
..
 tenant_permissions:
 - tenant_patterns:
   - "John"
   allowed_actions:
   - "level of permissions needed"
 static: false
_meta:
 type: "roles"
 config_version: 2

And on point #2 you can disable the Global_tenant so that the user in this case “john” can only access private tenancy (defined in the roles mapped to the user):


opendistro_security.multitenancy.tenants.enable_global: false

Best,
mj

Topic		Replies	Views
Share dashboard using the multitenancy login Security	1	236	March 29, 2023
Issue with Multi-Tenancy and Tenant-specific Dashboard saving in Opensearch Dashboards Security	3	250	February 29, 2024
Embed OpenSearch Dashboards using iframe without providing user access to the cluster OpenSearch discuss , troubleshoot , configure	2	53	October 1, 2024
Bypassing Login Page for Shared iFrame with Multitenancy in OpenSearch 2.6.0 Security	8	1040	June 20, 2023
How to provide Tenants access OpenSearch	1	241	February 24, 2023

Multi-tenant dashboards in iframe

Related Topics