DocsICP FilingConsole
官方文档
首页

Splunk SSO

更新时间:
复制 MD 格式
产品详情
我的收藏

Configure single sign-on (SSO) between Identity as a Service (IDaaS) and Splunk Enterprise using SAML. After setup, users log on to Splunk through IDaaS—either from the IDaaS portal or directly from the Splunk login page.

Prerequisites

Before you begin, ensure that you have:

  • An IDaaS instance with administrator access

  • A running Splunk Enterprise deployment with administrator access

  • The Splunk service URL (for example, https://splunk.example.com)

How it works

IDaaS acts as the identity provider (IdP) and Splunk Enterprise acts as the service provider (SP). The configuration involves three parts:

  1. Add Splunk Enterprise as an application in IDaaS and download the IdP metadata XML file.

  2. Upload the metadata file to Splunk and configure SAML settings.

  3. Map an IDaaS application account to a Splunk group to control access.

Step 1: Add Splunk Enterprise in IDaaS

  1. Log on to the IDaaS console. On the EIAM page, click the instance you want to manage.

  2. In the left-side navigation pane, click Applications, then click Add Application.

  3. On the Marketplace tab, search for Splunk Enterprise. In the Splunk Enterprise card, click Add Application.

  4. In the dialog box that appears, confirm the application name and click Add. IDaaS redirects you to the SSO configuration page.

Configure SSO in IDaaS

  1. In the Splunk Service URL field, enter the URL of your Splunk deployment.

  2. Set Authorize to All Users for testing purposes.

    You can specify which IDaaS accounts are allowed to access the application. For more information, see Application account.

  3. Click Save.

Download the IdP metadata file

In the Application Settings section at the bottom of the SSO configuration page, download the IdP metadata XML file. You will upload this file to Splunk in the next step. All other parameters in this section can be ignored.

Step 2: Configure SSO in Splunk

Configure SAML

  1. Log on to the Splunk management platform. In the top navigation bar, choose set up > Verification Method and select SAML as the external authentication method.

  2. Click Configure Splunk to use SAML.

  3. Click SAML configuration. In the dialog box that appears, click Select File next to the Metadata XML File parameter and upload the metadata file you downloaded from IDaaS. Splunk automatically populates the related parameters.

  4. In the General settings section, set Entity ID to splunkEntityId.

  5. Before saving, verify that your metadata file and entity ID are correct.

    Warning

    After SAML takes effect, the built-in Splunk administrator login is disabled. You can use only an IDaaS account to log on to the application. If the configuration is invalid, you are locked out of your account.

  6. Click Save.

Create a Splunk group

Splunk uses group membership to assign roles. The group name in Splunk must match the application account name in IDaaS.

  1. In Splunk, click New Group.

  2. Set Group Name to admin.

  3. From the Splunk roles drop-down list, select admin.

  4. Click save.

    In production, use a group name and role that reflect your actual access policy.

Create an application account in IDaaS

You must configure an identity for each IDaaS account to assume in the Splunk application. Make sure that your application account name in IDaaS is the same as your group name in Splunk.

  1. In the IDaaS console, go to Applications in the left-side navigation pane.

  2. Click the Splunk Enterprise application, then click the Sign-In tab.

  3. Click the Application User tab.

  4. Search for the IDaaS account that will access Splunk, and set its application account name to admin. The application account name must match the group name you created in Splunk. This mapping determines the user's role in Splunk after SSO.

  5. Confirm the configuration.

Step 3: Test SSO

Splunk supports both IdP-initiated SSO and SP-initiated SSO.

IdP-initiated SSO

  1. Log on to the IDaaS portal using the IDaaS account you configured.

  2. Click the Splunk Enterprise icon. If the configuration is correct, you are logged on to Splunk.

SP-initiated SSO

SP-initiated SSO starts on the Splunk side. Splunk detects that you are not authenticated and redirects you to IDaaS for login.

  1. Open a private browser window and go to the Splunk login page.

    Use a private browser window to ensure there is no existing IDaaS session that could mask a misconfiguration.

  2. Log on with your IDaaS account. After authentication, you are logged on to Splunk.

Previous:Jenkins SSONext:Identity as a Service:SonarQube SSO