All Apps and Add-ons

splunk add-on for Box - authentication woes

tsizzlebuffet
Observer

We have a cloud storage provider setup with Box. Due to organizational requirements we require SSO/SAML auth. Working off their docs: https://developer.box.com/guides/authentication/sso/

This means we can't use a service style account to authenticate as it requires a token on a user side. We have some generic service account that you have to login as admin first, then switch too in Box UI.

The docs for the splunk add on for box seem to only allow an oauth2 client token/secret which requires SSO login: https://docs.splunk.com/Documentation/AddOns/released/Box/ConfigurecredentialsonBox

Has anyone had luck with another option that would not require the SSO or have another idea for logs ingestion method for something such as Box? 

We can link to a user account directly, but then if the user leaves, you have to migrate everything to another account. and we have like 4 or 5 box accounts. ideally we could use JWT or App Token authentication. For other tools that connect to box, we do the auth on the Box side so it just works.

Labels (2)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...