https://community.splunk.com/t5/Security/Splunk-SSO/m-p/439047#M10279 <P>Hello Community!</P> <P>We have a running Splunk Instance and our users actually log in via Active Directory Accounts over LDAP authentification.</P> <P>Now we got the Task to configure the users Login with SSO and I started to read the docs for SSO, but now I'm confused.</P> <P>I have read a lot of authenticate via SAML, which should work for Splunk SSO, but this is an LDAP authentication too.</P> <P>Can I configure SSO with my existend LDAP configuration? <BR /> Is SAML the better choice for authentication?<BR /> Do I Need an additional Webserver for SSO or can I realize it with the Default Splunk components?</P> <P>Maybe someone can bring light in the dark</P> <P>Regards<BR /> Robert</P> Mon, 16 Jul 2018 08:51:59 GMT RobertRi 2018-07-16T08:51:59Z https://community.splunk.com/t5/Security/Splunk-SSO/m-p/439047#M10279 <P>Hello Community!</P> <P>We have a running Splunk Instance and our users actually log in via Active Directory Accounts over LDAP authentification.</P> <P>Now we got the Task to configure the users Login with SSO and I started to read the docs for SSO, but now I'm confused.</P> <P>I have read a lot of authenticate via SAML, which should work for Splunk SSO, but this is an LDAP authentication too.</P> <P>Can I configure SSO with my existend LDAP configuration? <BR /> Is SAML the better choice for authentication?<BR /> Do I Need an additional Webserver for SSO or can I realize it with the Default Splunk components?</P> <P>Maybe someone can bring light in the dark</P> <P>Regards<BR /> Robert</P> Mon, 16 Jul 2018 08:51:59 GMT https://community.splunk.com/t5/Security/Splunk-SSO/m-p/439047#M10279 RobertRi 2018-07-16T08:51:59Z https://community.splunk.com/t5/Security/Splunk-SSO/m-p/439048#M10280 <BLOCKQUOTE> <P>Is SAML the better choice for authentication?</P> </BLOCKQUOTE> <P>It depends. Does your environment already run ADFS or some other product that can talk SAML?</P> <P>If you're already leveraging SAML in your institution then you can take advantage of true SSO. If not then just authenticate using LDAP. A SAML Identity Provider is not a trivial thing to get up and running. Of course, I'm assuming that your splunk instance is on-premise or, if it's splunk cloud, then your security policy allows ldap connections from outside your domain.</P> <P>SAML is definitely something to look into (in the future) as it's inherently more secure.</P> Mon, 16 Jul 2018 14:33:00 GMT https://community.splunk.com/t5/Security/Splunk-SSO/m-p/439048#M10280 suarezry 2018-07-16T14:33:00Z