Installation

How to use Splunk Secure Gateway in Splunk Cloud?

anandhalagaras1
Communicator

Hi Team,

 

We got an requirement to use the "Splunk Secure Gateway" app in our ES- Search Head and our Search head is in Splunk Cloud.

Splunk Secure Gateway version is 3.0.9

Splunk Cloud version 8.2.2203.2

We have already provided the Authentication to the Search Head via SAML (Azure) and we have created few groups ess_admin, ess_analyst, ess_user etc and provided authentication to the users and the users are logging into SH via SAML.

 

So when I navigated to the App" Splunk Secure Gateway" in the Search head it says a message as "SAML needs to be set up for Connected Experiences before devices can be registered" i.e. To configure SAML.

Then when i clicked Configure SAML it navigates to the next page and here when I clicked "Connect to a SAML IdP" (Mentioned as Needs Action) so when i clicked the Take Action under Okta or Azure option it has navigated to SAML Groups page.

And after which I am not sure what should i need to do and moreover when I tried to create authentication token i am getting an error as below "Token creation failed because: Cannot use tokens for SAML user xxx because neither attribute query requests (AQR) nor scripted auth are supported."

 

So kindly help me on how to use the app "Splunk Secure Gateway" in our Splunk Cloud Search head. 

 

 

Labels (2)

kelstahl8705
Path Finder

wondering if anyone has more insight on this one. I am having the same issue. we use azure to authenticate and have been for a while but when I go to set this app up (again) i'm just taken to our SAML page which already has a SAML configuration.

0 Karma

jfaldmomacu
Path Finder

I'm in the same boat as you @anandhalagaras1 @kelstahl8705  Were you able to get an answer to this? 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...