https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398938#M9673 <P>so these docs are great, however I already had DUO setup, the issue I ran into is that built in ADMIN account when logging on the UI is also pushed through 2 factor auth. We use Active directory, which that account is not part of. So I was actually looking to see if there was a configuration setting that allowed certain ID's to bypass 2 factor?</P> <P>I also use the API from C# and Python, so not sure if that uses the same auth method or not.</P> <P>Thanks!</P> Wed, 16 May 2018 11:13:37 GMT pfabrizi 2018-05-16T11:13:37Z https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398935#M9670 <P>WE performed a test this morning with DUO\SPLUNK and it worked fine, however it also forced our local splunk accounts to use DUO. We are also not sure on how this would impact those local accounts that are used in scripts that access the API.<BR /> Is there a way around this or is it all or nothing?</P> <P>Thanks!</P> Tue, 15 May 2018 15:04:45 GMT https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398935#M9670 pfabrizi 2018-05-15T15:04:45Z https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398936#M9671 <P>Hey,<BR /> I haven't used DUO with Splunk yet, but have used DUO as additional protection for SSH logins.<BR /> There, you could exclude certain user accounts, or source IPs from having to use the DUO two-factor.<BR /> It was simply available in the DUO admin interface on their website - look for something like bypass.</P> <P>Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 15 May 2018 15:36:23 GMT https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398936#M9671 xpac 2018-05-15T15:36:23Z https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398937#M9672 <P>Docs start here, if you haven't found them yet: <A href="http://docs.splunk.com/Documentation/Splunk/7.1.0/Security/AboutMultiFactorAuth">About two-factor authentication with Duo Security</A> in the <EM>Securing Splunk Enterprise</EM> manual.</P> <P>The <A href="http://docs.splunk.com/Documentation/Splunk/7.1.0/Security/ConfigureDuo">Configure Splunk Enterprise to use Duo Security two-factor authentication</A> topic states that you can use it with scripted authentication.</P> Tue, 15 May 2018 22:47:57 GMT https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398937#M9672 ChrisG 2018-05-15T22:47:57Z https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398938#M9673 <P>so these docs are great, however I already had DUO setup, the issue I ran into is that built in ADMIN account when logging on the UI is also pushed through 2 factor auth. We use Active directory, which that account is not part of. So I was actually looking to see if there was a configuration setting that allowed certain ID's to bypass 2 factor?</P> <P>I also use the API from C# and Python, so not sure if that uses the same auth method or not.</P> <P>Thanks!</P> Wed, 16 May 2018 11:13:37 GMT https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/398938#M9673 pfabrizi 2018-05-16T11:13:37Z https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/757006#M18564 <P>We are currently trying to figure this problem out.<BR />Have you managed to get around the local admin issue?</P> Tue, 06 Jan 2026 15:56:40 GMT https://community.splunk.com/t5/Security/How-does-DUO-authentication-for-SPLUNK-work/m-p/757006#M18564 javier_oshiro 2026-01-06T15:56:40Z