Trust across organizations, and more


Trust across organizations, and moreedit

Expanding trust management

In addition to inviting additional users to your organization, you can configure trust relationships between your deployments and deployments in other organizations. To know more, check the documentation on trust between organizations.


Integrations Server. Add Integrations Server to UI in deployment contexts. New deployments with versions below 8.0 will use APM, and new deployments with versions 8.0 and higher will use the new Integrations Server resource.


Add cross-org trust flyout. Bidirectional trust can now be established between deployments in different Elastic Cloud organizations.

Add execution_context.enabled to the Kibana user section allow list. It might be hard, in a distributed environment, to understand which Kibana entity initiated a request to the Elasticsearch server. To overcome this problem, Kibana introduced the execution_context service to attach domain-specific metadata to every request. execution_context propagates specified metadata from the Kibana browser app or Kibana server to the Elasticsearch server by way of the x-opaque-id header emitted to the Elasticsearch slow logs.

To enable execution_context propagation from Kibana to Elasticsearch logs, set execution_context.enabled: true. To disable the execution_context feature, set execution_context.enabled: false.

Add APM agent to production observers. Enables APM to zookeeper observers.

Prevent users from deleting Elasticsearch settings when updating other settings (using the Deployments API). The endpoint to update deployments supports updating the settings of the Elasticsearch resource (PUT "/api/v1/deployments/{deployment_id}").

PUT "api/v1/deployments/{deployment_id}" -X PUT --data '{
  "prune_orphans": false,
  "resources": {
    "elasticsearch": [
        "ref_id": "main-elasticsearch",
        "region": "us-east-1",
        "plan": {
          "cluster_topology": [...],
          "elasticsearch": {
            "version": "7.16.0"
          "deployment_template": {
            "id": "default"
        "settings": {
          "dedicated_masters_threshold": 2 <-- THESE SETTINGS

Previously, the settings passed in the body would override all the settings (even the ones not included in the request). Now, the settings not included in the request are kept and only the ones included are passed. To delete a setting, it must be passed as null.

For example, this setting updates only the dedicated_masters_threshold and the snapshot settings, leaving the rest unmodified (trust, curation, monitoring, and so on).

"settings": {
          "dedicated_masters_threshold": 10,
          "snapshot": {
            "enabled": false

This would delete the snapshot setting:

"settings": {
          "snapshot": {
            "enabled": null

Stop overwriting templates from Filebeat. Changed log delivery Filebeat to disable setup.template.overwrite. This flag was causing many PUT _template/elastic-cloud-logs-* requests which could cause increased load on monitoring deployments when using log delivery.

Re-add supporting alias lookup by X-Found-Cluster. Allow requests to resolve hosts by alias passed in the X-Found-Cluster header.

Bug fixesedit

Make a field optional for the sake of Elasticsearch 2.x. Fixed a bug that would cause plans for Elasticsearch versions older than 2.4.1 to fail with an error message that included "Null value for creator property cluster_uuid".


Remove proxy internal-ca.cert file. Removed deprecated internal-ca.cert in proxy/route-server.


Add a workaround for subscribing with already associated email. We’ve added a workaround to sign up for a new Elastic Cloud account using an email address associated with an existing account.

Update the Elasticsearch settings in the OpenID Connect with Okta documentation.