« Authentication plugins Configure Azure »
Elastic Docs Elasticsearch Plugins and Integrations [8.19] Authentication plugins

Microsoft Graph Authz

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Microsoft Graph Authz

edit

The Microsoft Graph Authz plugin uses Microsoft Graph to look up group membership information from Microsoft Entra ID.

This is primarily intended to work around the Microsoft Entra ID maximum group size limit (see Group overages).

Installation

edit

If you’re using a self-managed Elasticsearch cluster, then this plugin can be installed using the plugin manager:

sudo bin/elasticsearch-plugin install microsoft-graph-authz

The plugin must be installed on every node in the cluster, and each node must be restarted after installation.

You can download this plugin for offline install from https://artifacts.elastic.co/downloads/elasticsearch-plugins/microsoft-graph-authz/microsoft-graph-authz-8.19.4.zip. To verify the .zip file, use the SHA hash or ASC key.

For all other deployment types, refer to plugin management.

Removal

edit

The plugin can be removed with the following command:

sudo bin/elasticsearch-plugin remove store-smb

The node must be stopped before removing the plugin.

Configuration

edit

To learn how to configure the Microsoft Graph Authz plugin, refer to configuration properties.

« Authentication plugins Configure Azure »