TL;DR
Kibana was designed for internal ops teams, not customer-facing SaaS products. Embedding it via iframe means fighting double authentication, manual multi-tenant configuration per customer, impossible white-labeling (browser security blocks CSS injection), 2–4 MB JavaScript bundles with 3–5 second load times, and zero SDK support. If your customers need analytics in your product, use a purpose-built embedded analytics solution instead.
Table of Contents
- The Core Problem: Kibana Was Built for Internal Use
- Limitation 1: Authentication Nightmares with Iframe Embedding
- Limitation 2: Multi-Tenancy Requires Manual Configuration Per Customer
- Limitation 3: Security Misconfigurations Are Easy and Dangerous
- Limitation 4: White-Labeling Is Essentially Impossible
- Limitation 5: Performance Tax on Embedded Dashboard
- Limitation 6: No SDK for Programmatic Control
- When Kibana Actually Makes Sense
- What Customer-Facing Elasticsearch Analytics Actually Requires
- The Bottom Line
- Frequently Asked Questions
- Next Steps
- Related Resources
Kibana is excellent at what it was designed for: giving internal teams a window into Elasticsearch data. But if you’re trying to embed Kibana dashboards into a customer-facing SaaS product, you’ve likely discovered it wasn’t built for that use case.
This isn’t speculation. It’s documented in Elastic’s own forums, GitHub issues, and countless developer threads. Let’s examine the specific limitations that make Kibana problematic for customer-facing analytics.
The Core Problem: Kibana Was Built for Internal Use
Kibana’s architecture assumes a trusted internal user base with centralized authentication. When you try to expose it to external customers, you’re fighting against its fundamental design.
What Internal Tools Assume vs. What SaaS Requires
| Internal Tool Assumption | SaaS Requirement |
|---|---|
| Users share a login system | Each customer has separate auth |
| Single tenant, shared data | Strict data isolation per customer |
| IT manages security | Self-service with zero admin overhead |
| Branding doesn’t matter | White-label, native look and feel |
| Power users tolerate complexity | Business users need simplicity |
Kibana checks every box on the left. SaaS embedded analytics requires every box on the right.
Kibana’s internal-tool design assumptions clash with what customer-facing SaaS products require across authentication, multi-tenancy, branding, and performance.
Limitation 1: Authentication Nightmares with Iframe Embedding
When you embed Kibana via iframe, authentication becomes immediately problematic.
The Double Authentication Problem
According to discussions in the Elastic community, there’s no formal solution to embedding Kibana without forcing users through double authentication. Your customers authenticate to your app, then face a second Kibana login prompt inside the iframe.
Common workarounds and why they fail:
- Anonymous access: Exposes data to anyone with the URL
- Shared credentials: Security nightmare, no audit trail
- Proxy authentication: Complex to build, maintain, and secure
- Cookie passing: Blocked by modern browsers’ SameSite policies
Recent Regression: embed=true Missing
In Kibana 8.15.x, the embed=true parameter stopped appearing in generated embed URLs, causing the full Kibana navigation bar to display in embedded views. This exposes internal UI elements to your customers, a regression that remained in production.
<!-- What you want -->
<iframe src="https://kibana:5601/app/dashboards#/view/abc?embed=true">
<!-- What Kibana 8.15.x generates -->
<iframe src="https://kibana:5601/app/dashboards#/view/abc">
<!-- Full nav bar visible to customers -->
Limitation 2: Multi-Tenancy Requires Manual Configuration Per Customer
If you have 100 customers, each needing to see only their data, Kibana requires extensive manual configuration.
Spaces Alone Don’t Provide Data Isolation
A critical fact from Elastic’s documentation: Spaces alone don’t prevent you from seeing other customers’ information. Spaces provide organizational separation for dashboards and visualizations, but not true data isolation.
To achieve actual multi-tenancy, you need to combine:
- Kibana Spaces (one per customer)
- Elasticsearch role-based access control
- Index-level permissions with document-level security
- Custom role definitions per tenant
The Configuration Burden
For each new customer, you must:
# 1. Create a Kibana Space
POST /api/spaces/space
{
"id": "tenant-acme",
"name": "Acme Corporation"
}
# 2. Create an Elasticsearch role with data filtering
PUT /_security/role/tenant_acme_role
{
"indices": [{
"names": ["logs-*"],
"privileges": ["read"],
"query": {"term": {"tenant_id": "acme"}}
}]
}
# 3. Create and assign users to the role
# 4. Copy dashboard templates to the Space
# 5. Configure index patterns in the Space
Multiply this by hundreds of customers. Then maintain it as customers change, dashboards update, and Kibana versions upgrade.
Limitation 3: Security Misconfigurations Are Easy and Dangerous
Kibana’s security model is powerful but complex. In a customer-facing context, this complexity creates risk.
Common Security Issues
Misconfigurations occur when:
- Security features aren’t fully enabled
- User roles lack necessary permissions
- Document-level security queries have errors
- Index patterns expose unintended data
Real-world failure pattern:
One missing filter in a role definition can expose months of another customer’s data. You won’t know until a customer reports seeing someone else’s information or worse, doesn’t report it.
Limitation 4: White-Labeling Is Essentially Impossible
Your customers expect analytics that look native to your product. Kibana makes this extremely difficult.
What You Can’t Remove or Customize
- Kibana logo and branding
- Navigation elements and menus
- Default color schemes
- “Powered by Elastic” attributions
- Kibana-specific UI patterns
Why CSS Hacks Don’t Work
/* This doesn't work - cross-origin iframes are isolated */
iframe[src*="kibana"] .kibana-header {
display: none !important;
}Browser same-origin policies prevent CSS or JavaScript injection.
Limitation 5: Performance Tax on Embedded Dashboard
Kibana’s UI was built for power users on internal networks, not customer-facing embedded contexts.
Bundle Size and Load Times
| Metric | Kibana Iframe | Purpose-Built Embed |
|---|---|---|
| Initial JavaScript bundle | 2–4 MB | 100–200 KB |
| Time to first meaningful paint | 3–5 seconds | < 1 second |
| Memory footprint | 150–300+ MB | 20–50 MB |
Limitation 6: No SDK for Programmatic Control
// What you want (SDK approach)
const dashboard = new AnalyticsSDK({
container: '#analytics',
tenantId: user.organizationId,
onChartClick: (data) => navigateToDetail(data.id)
});
// What Kibana gives you
const url = `https://kibana:5601/app/dashboards?embed=true`;
When Kibana Actually Makes Sense
Kibana is the right choice when:
- Internal teams only
- Single tenant
- Technical users
- No embedding required
- Budget constraints
What Customer-Facing Elasticsearch Analytics Actually Requires
| Requirement | Why It Matters |
|---|---|
| Token-based multi-tenancy | Automatic data filtering |
| White-label capabilities | Native product experience |
| SDK integration | Programmatic control |
| Sub-second load times | Customer experience |
| SSO integration | No double login |
| Native Elasticsearch support | Direct queries |
The Bottom Line
Kibana is a powerful tool for internal use. For customer-facing analytics, every workaround costs engineering time that should be spent shipping product.
Frequently Asked Questions
Can Kibana be used for customer-facing dashboards?
Technically yes, but it’s not what Kibana was designed for. Using Kibana in a customer-facing SaaS product requires workarounds like iframe embedding, custom authentication proxies, and manual tenant configuration. Most teams find the engineering effort and security risk outweigh the benefits.
Why is Kibana embedding considered problematic?
Kibana embedding relies on iframes, which introduce multiple issues: double authentication, limited control over UI and behavior, poor performance, and no programmatic interaction. These limitations make it difficult to deliver a seamless, native analytics experience inside your product.
What is the double authentication problem in Kibana?
When Kibana is embedded, users must authenticate twice, once in your application and again inside the Kibana iframe. Elastic does not provide an official, secure way to pass authentication context from your app to embedded Kibana dashboards without exposing security risks.
Does Kibana support multi-tenant SaaS use cases out of the box?
No. Kibana Spaces only separate saved objects like dashboards, not the underlying data. True multi-tenancy requires combining Spaces with Elasticsearch role-based access control, document-level security, and per-tenant configuration, all managed manually.
Can Kibana dashboards be white-labeled?
Not reliably. When Kibana is embedded via a cross-origin iframe, browser security prevents injecting CSS or JavaScript to remove branding or UI elements. Fully white-labeling Kibana typically requires risky same-origin setups or fragile HTML-rewriting proxies.
How does Kibana embedding impact application performance?
Embedded Kibana dashboards load large JavaScript bundles (2–4 MB), take several seconds to render, and consume significant memory. Elastic itself recommends limiting embedded dashboards due to their performance and bandwidth impact.
Does Kibana offer an SDK for embedded analytics?
No. Kibana does not provide a JavaScript SDK for embedding. You cannot programmatically control dashboards, respond to user interactions, or dynamically apply filters beyond manipulating iframe URLs.
When does Kibana make sense to use?
Kibana is a strong choice for internal teams such as DevOps, security, and operations, where users are technical, authentication is centralized, and dashboards are not embedded into another application.
What should I use instead of Kibana for customer-facing analytics?
For SaaS products, purpose-built embedded analytics platforms are a better fit. These tools offer token-based multi-tenancy, native white-labeling, SDKs for integration, SSO support, and performance optimized for customer-facing use cases.
Can Kibana still be used alongside an embedded analytics solution?
Yes. Many companies use Kibana internally for operational monitoring while using a dedicated embedded analytics platform for customer-facing dashboards. The two approaches serve very different needs.
Next Steps
Already frustrated with Kibana embedding?
- Read: Best Tools for Elasticsearch Analytics
- Explore: Kibana Alternative
- See how: The Complete Guide to Embedded Analytics
Request a Demo → See Customer-Ready Elasticsearch Analytics
