OpenDistro Security Plugin and Azure OpenID Connect

Hi All,

I have recently integrated OpenDistro Security with Azure AD using OpenID Connect following the documentation. When I map my user email with the specific role in role binding, everything works fine.

My problem is, I need to provide number of users to access Kibana and Elasticsearch using OIDC. Mapping individual users with specific role via role mapping does not seem very healthy approach. User information in case of Azure AD is mapped with graph URL. Is it any way possible we can map access using Azure AD groups. I am not able to find any documentation specific to this scenerio. Please anyone can help.


In AzureAD you should be able to assign groups to the users using “App roles”, this can then be extracted from JWT using below config.yml settings:

    openid_connect_url: ...
    subject_key: "preferred_username"
    roles_key: "roles"

These extracted roles will act as backend roles and need to be mapped to the correct roles in odfe using roles_mapping.yml file

Hope this helps

1 Like

Thanks @Anthony. It really helps.