Add "Forgot Password" feature in Kibana login UI

[AlonaNadler]

In the login screen, customer needs a way via UI to allow users to reset their password using the user email address, assuming the SMTP is configured

I understand Kibana user passwords can be set via API, but I do not want to go to the extent of writing my own password management portal for my users if it is on Elastic's list of things to do (I sincerely hope it is).

cc: @elastic/kibana-security

[abdalians]

+1

[Skoetting]

+1

[vishalbrevitaz]

+1

[kobelb]

For transparency, we've traditionally resisted implementing features like these which verge on the Native realm in Elasticsearch becoming a full-fledged identity provider. The current thought is that if you want features like this, you should be using a separate identity provider and integrating it into ES/Kibana using SAML, OpenID Connect, LDAP, etc.

[ryankeairns]

Also see: #61808

For clarification, #61808 would direct Cloud users to reset the Kibana password that was generated when they deployed their cluster.

In this use case, they've essentially forgotten their password (which is not retrievable or viewable) and need to reset their Kibana user password which is separate from their Cloud credentials. The reset link on the Kibana login page would send them to the deployment settings/security section in the Cloud UI for the given deployment.

For basic non-Cloud users, which this issue covers, a separate reset password solution would be needed. It's likely that the Cloud solution will arrive first and thus a reset password link will only appear for Cloud users.

(This is all my understanding coming out of the Cloud SSO product review. Please call out anything I've misstated. I note them here as an input to the design/UX mockups.)