You do not need to configure any additional settings to use the security features in Kibana. They are enabled by default.
General security settingsedit
By default, Kibana automatically detects whether to enable the security features based on the license and whether Elasticsearch security features are enabled.
Do not set this to
false; it disables the login form, user and role management screens, and authorization using Kibana privileges. To disable security features entirely, see Elasticsearch security settings.
trueto enable audit logging for security events. By default, it is set to
false. For more details see Audit Logging.
User interface security settingsedit
You can configure the following settings in the
Sets the name of the cookie used for the session. The default value is
- An arbitrary string of 32 characters or more that is used to encrypt credentials in a cookie. It is crucial that this key is not exposed to users of Kibana. By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when Kibana restarts. In addition, high-availability deployments of Kibana will behave unexpectedly if this setting isn’t the same for all instances of Kibana.
secureflag of the session cookie. The default value is
false. It is automatically set to
server.ssl.enabledis set to
true. Set this to
trueif SSL is configured outside of Kibana (for example, you are routing requests through a load balancer or proxy).
Sets the session duration. The format is a string of
<count>[ms|s|m|h|d|w|M|Y](e.g. 70ms, 5s, 3d, 1Y). By default, sessions stay active until the browser is closed. When this is set to an explicit idle timeout, closing the browser still requires the user to log back in to Kibana.
Sets the maximum duration, also known as "absolute timeout". The format is a
<count>[ms|s|m|h|d|w|M|Y](e.g. 70ms, 5s, 3d, 1Y). By default, a session can be renewed indefinitely. When this value is set, a session will end once its lifespan is exceeded, even if the user is not idle. NOTE: if
idleTimeoutis not set, this setting will still cause sessions to expire.
- Adds a message to the login screen. Useful for displaying information about maintenance windows, links to corporate sign up pages etc.