Setting up SAML with an admin group

Hello there,

I have been working to setup SAML and am pretty much there, but my understanding is that you lose access to the internal ‘admin’ user, once it has been setup.

With ODFE 1.12.0 (docker), via SAML, I can login as my user and can see my AD group membership passed back as the Role in the SAML assertion. I am a member of the AD group grp_Elastic_Admins.

I can successfully map that backend role to various system and user defined roles, eg kibana_user, own_index and some other custom roles, but I want to map that backend role to the all_access role, so that being a member of grp_Elastic_Admins gives me the Security tab in Kibana (which is currently not visible).

I have the following config

  reserved: false
  - "admin"
  - "grp_Elastic_Admins"
  description: "Maps admin to all_access"

I have tried reloading the config and rolesmapping via running but I cannot get kibana to recognise that I am mapped to the all_access role.

Am I missing something fundamental here, or going about this the wrong way? Happy to provide snippets of config if this will help.

Thanks, Will.

Should anyone else come across this - I have answered this myself.

The config was correct, however, as I am using docker and mapping individual files through to the container I don’t believe configs were being correctly pushed through, so was seeing cached old copies.