Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does Splunk support both SSO and token authentication at the same time?

LukasO
New Member
‎04-16-2025 01:37 AM

  Hello to the community,

I try to query Splunk from an external SDK for which I am asking from our admins for a token authentication, but I am told that Splunk does not enable coexistence of both SSO (which is used now) and token-based authentication. A quick query to ChatGPT shows that this may be possible, but I'd like to have it confirmed. Could anyone confirm using/administering such a deployment?

  B.r.

  Lukas

 

Labels (1)
Labels
0 Karma
Reply

livehybrid
Super Champion
‎04-16-2025 01:54 AM

Hi @LukasO 

Yes, you can use token authentication and SSO authentication together  

If you want to create tokens for SSO users, you will need to set up attribute query requests (AQR) or authentication extensions.
Alternatively, you can create local Splunk users and generate tokens for those users.

You can get to the token creation page at https://YourSplunkInstance/en-US/manager/search/authorization/tokens

livehybrid_0-1744796412759.png

 

🌟Did this answer help you? If so, please consider:

    • Adding karma to show it was useful
    • Marking it as the solution if it resolved your issue
    • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

Reply

LukasO
New Member
4 weeks ago

Thanks much, this seems to be a direct point to our administrators. Can you comment on the problems reported by isoutamo below?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎04-16-2025 09:46 AM

Basically you could use token with SSO user like SAML, but if I recall correctly there could be a situations when old SSO authentication cache/token/credential could vanish and then it needs that this user must login again via GUI to get it works again. If you are using token for user which are using GUI regularly probably this isn’t any real issue? But if you are adding token to any service user which are using only REST api then this could easily hit you.

For that reason you should use local user in this kind of cases if your company policy allow it.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...