You can configure Elastic Stack security features to use Public Key Infrastructure (PKI) certificates to authenticate users in Elasticsearch. This requires clients to present X.509 certificates.
You can use PKI certificates to authenticate users in Elasticsearch as well as Kibana.
To use PKI in Elasticsearch, you configure a PKI realm, enable client authentication on the desired network layers (transport or http), and map the Distinguished Names (DNs) from the user certificates to roles. You create the mappings in a role mapping file or use the create role mappings API. If you want the same users to also be authenticated using certificates when they connect to Kibana, you must configure the Elasticsearch PKI realm to allow delegation and to enable PKI authentication in Kibana.
See also Configuring a PKI realm.