Posted On: Feb 2, 2023

Amazon OpenSearch Service now supports enabling Security Assertion Markup Language (SAML) authentication for OpenSearch Dashboards during domain creation. SAML authentication for OpenSearch Dashboards enables users to integrate directly with third-party identity providers (IDP) such as Okta, Ping Identity, OneLogin, Auth0, Active Directory Federation Services (ADFS) and Azure Active Directory.

Previously this authentication method could be configured only after domain creation. Now, this feature can be enabled at domain creation using Amazon Web Services Console/SDK or using Amazon CloudFormation templates. With this feature, users can leverage their existing usernames and passwords to log in to OpenSearch Dashboards, and roles from your IDP can be used for controlling privileges, including what operations they can perform and what data they can search and visualize.

SAML authentication for OpenSearch Dashboards is available on any Amazon OpenSearch Service domain with fine-grained access control enabled. To learn more, please see the documentation.

This feature can be enabled on Amazon OpenSearch Service domains with Elasticsearch version 6.7 or higher and OpenSearch version 1.0 or higher in in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.