Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Does Splunk ODBC work with Single Sign On (SSO)?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our Enterprise Splunk instance is SSO enabled using Ping Fed. Will this work and if so does the user just put in "domain/userid" and their AD "password" into the setup?
Also we are running a Search Head Cluster so I would assume we point this at the VIP we have setup for the F5.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, Splunk ODBC will not use Single Sign-On. You will need to configure ODBC to connect with either admin or another local account you created in splunk.
Is the splunk management port 8089 open through your F5? If so then yes you can point it at your VIP.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, Splunk ODBC will not use Single Sign-On. You will need to configure ODBC to connect with either admin or another local account you created in splunk.
Is the splunk management port 8089 open through your F5? If so then yes you can point it at your VIP.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll have to do some checking as the way SSO is setup any time we hit that VIP name it sends it to Ping Fed. Also if the individual server names are used it's rerouted through SSO so there is basically no way, that I know of, to use a local account. I'm not sure if all of that is true hitting the management port but I'll find out.
Thanks for the info, I figured that was the case but hadn't found anything that specifically says that.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSO is done through the splunk web port (8000 by default). This is open at your VIP if it's already working. Local authentication still works even if SSO is enabled, ie:
https://yourSplunkSH1.yourdomain.com:8000/en-US/account/login?loginType=splunk
Splunk ODBC talks to the search head using splunk api through the management port 8089. This may or may not be open at the F5, you will need to confirm.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the local auth link, yea I'm checking the F5 config.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
