elastic · benironside · Oct 17, 2025 · Oct 6, 2025 · Oct 7, 2025 · Oct 7, 2025
@@ -36,15 +36,23 @@ Two deployment technologies are available: agentless and agent-based.
 4. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account.
 5. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
 6. In **Deployment options**, select **Agentless**.
-7. Next, you’ll need to authenticate to AWS. Two methods are available:
+7. Next, you’ll need to authenticate to AWS. Three methods are available:
 
-    * Option 1: Direct access keys/CloudFormation (Recommended). For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in Kibana.
+
+      ::::{important}
+      in order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup.
+      ::::
+
+    * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
 
        ::::{note}
        If you don’t want to monitor every account in your organization, specify which to monitor using the `OrganizationalUnitIDs` field that appears after you click **Launch CloudFormation**.
        ::::
 
-    * Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/asset-disc-aws.md#cad-aws-temp-credentials).
+    * Option 3: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/asset-disc-aws.md#cad-aws-temp-credentials).
 
 8. Once you’ve selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 

@@ -38,7 +38,11 @@ Two deployment technologies are available: agentless and agent-based.
 4. Select **Azure**, then either **Azure Organization** to onboard your whole organization, or **Single Subscription** to onboard an individual subscription.
 5. Give your integration a name that matches the purpose or team of the Azure subscription/organization you want to monitor, for example, `dev-azure-account`.
 6. In **Deployment options**, select **Agentless**.
-7. Next, you’ll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/asset-disc-azure.md#cad-azure-client-secret).
+7. Next, you’ll need to authenticate to Azure. Two methods are available:
+
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID` then enter them in Kibana.
-    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID` then enter them in Kibana.
+    * Option 1: Cloud Connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview`
+       Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID` then enter them in {{kib}}.
-    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID` then enter them in Kibana.
+    * Option 1: Cloud Connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview`
+       Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID` then enter them in {{kib}}.
+
+    * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/asset-disc-azure.md#cad-azure-client-secret).
 8. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
 ## Agent-based deployment [cad-azure-agent-based]

@@ -47,15 +47,23 @@ Two deployment technologies are available: agentless and agent-based.
 :::
 
 7. In **Deployment options** select **Agentless**.
-8. Next, you’ll need to authenticate to AWS. Two methods are available:
+8. Next, you’ll need to authenticate to AWS. Three methods are available:
 
-    * Option 1: Direct access keys/CloudFormation (Recommended). For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in Kibana.
+
+      ::::{important}
+      in order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup.
+      ::::
+
+    * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the instructions to automatically create the necessary credentials using CloudFormation.
 
        ::::{note}
        If you don’t want to monitor every account in your organization, specify which to monitor using the `OrganizationalUnitIDs` field that appears after you click **Launch CloudFormation**.
        ::::
 
-    * Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/get-started-with-cspm-for-aws.md#cspm-use-temp-credentials).
+    * Option 3: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/get-started-with-cspm-for-aws.md#cspm-use-temp-credentials).
 
 9. Once you’ve selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 

@@ -50,7 +50,13 @@ Two deployment technologies are available: agentless and agent-based.
 :::
 
 7. For **Deployment options**, select **Agentless**.
-8. For **Setup Access**, authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret).
+8. Next, you’ll need to authenticate to Azure. Two methods are available:
+
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID`, then enter them in Kibana.
+
+    * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret).
+
+
 9. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
 ## Agent-based deployment [cspm-azure-agent-based]

@@ -0,0 +1,24 @@
+---
+navigation_title: Cloud connector authentication for agentless
+applies_to:
+  stack: preview 9.2
+  serverless:
+    security: preview
+---
+
+# Quickly authenticate agentless integrations using cloud connectors
+
+Cloud connector authentication for agentless integrations allows you to quickly provide Elastic with access to your third-party cloud service provider accounts. Cloud connectors provide a simple, reusable means of authentication, making it easier to manage deployments with many integrations collecting data from multiple cloud security providers. This reduces your administrative burden by eliminating the need to keep track of credentials such as API keys or passwords. 
+
+## Where is cloud connector authentication supported?
+
+At the current stage of this technical preview, a limited selection of cloud providers and integrations are supported.
+
+You can use cloud connector deployment to authenticate with AWS and Azure while deploying either Elastic's Cloud Security Posture Management (CSPM) or Asset Discovery integration. For deployment instructions, refer to:
+
+- Asset Discovery: [Asset Discovery on Azure](/solutions/security/cloud/asset-disc-azure.md); [Asset Discovery on AWS](/solutions/security/cloud/asset-disc-aws.md)
+- CSPM: [CSPM on Azure](/solutions/security/cloud/get-started-with-cspm-for-azure.md); [CSPM on AWS](/solutions/security/cloud/get-started-with-cspm-for-aws.md)
+
+::::{important}
+in order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup.
+::::
@@ -531,7 +531,9 @@ toc:
               - file: security/get-started/automatic-import.md
               - file: security/get-started/content-connectors.md
               - file: security/get-started/agentless-integrations.md
-              - file: security/get-started/agentless-integrations-faq.md
+                children:
+                  - file: security/get-started/cloud-connector-deployment.md
+                  - file: security/get-started/agentless-integrations-faq.md
           - file: security/get-started/spaces-elastic-security.md
             children:
               - file: security/get-started/spaces-defend-faq.md