Authentication identifies an individual. To gain access to restricted resources, a user must prove their identity, via passwords, credentials, or some other means (typically referred to as authentication tokens).
The Elastic Stack authenticates users by identifying the users behind the requests that hit the cluster and verifying that they are who they claim to be. The authentication process is handled by one or more authentication services called realms.
You can use the native support for managing and authenticating users, or integrate with external user management systems such as LDAP and Active Directory.
The Elastic Stack security features provide built-in realms such as
saml. If none of the built-in realms
meet your needs, you can also build your own custom realm and plug it into the
When security features are enabled, depending on the realms you’ve configured, you must attach your user credentials to the requests sent to Elasticsearch. For example, when using realms that support usernames and passwords you can simply attach basic auth header to the requests.