Regarding the API key for configuring the authentication extension for the OKTA

dhana22 — Thu, 25 Apr 2024 02:33:46 GMT

Hello, We are trying to configure the authentication extensions for the Okta identity provider and below are the steps as per the Splunk documentation.Log into Splunk Platform as an administrator level user.

From the system bar, click Settings > Authentication Methods.

Click "Configure Splunk to use SAML". The "SAML configuration" dialog box appears.

In the Script path field within the Authentication Extensions section of the "SAML configuration" dialog box , type in SAML_script_okta.py.

In the Script timeout field, type in 300s.

In the Get User Info time-to-live field, type in 3600s.

Click the Script functions field.

In the pop-up window that appears, click getUserInfo.

Under Script Secure Arguments, click Add Input.

In the Key field, type in apiKey.

In the Value field, type in the API key for your IdP.

Click "Add input" again.

In the "Key" field, type in baseUrl.

in the "Value" field, type in the URL of your Okta instance.

Click Save. Splunk Cloud Platform saves the Okta configuration and returns you to the SAML Groups page.

Could anyone confirm whether these steps will work for the Splunk OnPrem too? or it is applicable for the Splunk Cloud?

Also, as per Step (In the Value field, type in the API key for your IdP.), we have to provide the API key for the Idp, our security team is asking what permission does the Okta API token needs? any thoughts? Please advice.

Thank you!

Re: Regarding the API key for configuring the authentication extension for the OKTA

PaulPanther — Mon, 13 May 2024 16:41:44 GMT

You've shared the splunk enterprise manual to set up scripted authentication extensions with okta with us.

Configure authentication extensions to interface with your SAML identity provider - Splunk Documentation

So that should be fine if you proceed with this manual.

Regarding the permissiona check the python script and the endpoints that are used in the script. Probably based on the endpoints you could figure out with your IAM colleagues which capabilities are needed.

topic Regarding the API key for configuring the authentication extension for the OKTA in Splunk Enterprise

Regarding the API key for configuring the authentication extension for the OKTA

Re: Regarding the API key for configuring the authentication extension for the OKTA