Installation

How to use Splunk Secure Gateway in Splunk Cloud?

anandhalagaras1
Contributor

Hi Team,

 

We got an requirement to use the "Splunk Secure Gateway" app in our ES- Search Head and our Search head is in Splunk Cloud.

Splunk Secure Gateway version is 3.0.9

Splunk Cloud version 8.2.2203.2

We have already provided the Authentication to the Search Head via SAML (Azure) and we have created few groups ess_admin, ess_analyst, ess_user etc and provided authentication to the users and the users are logging into SH via SAML.

 

So when I navigated to the App" Splunk Secure Gateway" in the Search head it says a message as "SAML needs to be set up for Connected Experiences before devices can be registered" i.e. To configure SAML.

Then when i clicked Configure SAML it navigates to the next page and here when I clicked "Connect to a SAML IdP" (Mentioned as Needs Action) so when i clicked the Take Action under Okta or Azure option it has navigated to SAML Groups page.

And after which I am not sure what should i need to do and moreover when I tried to create authentication token i am getting an error as below "Token creation failed because: Cannot use tokens for SAML user xxx because neither attribute query requests (AQR) nor scripted auth are supported."

 

So kindly help me on how to use the app "Splunk Secure Gateway" in our Splunk Cloud Search head. 

 

 

Labels (2)

kelstahl8705
Path Finder

wondering if anyone has more insight on this one. I am having the same issue. we use azure to authenticate and have been for a while but when I go to set this app up (again) i'm just taken to our SAML page which already has a SAML configuration.

0 Karma

jfaldmomacu
Path Finder

I'm in the same boat as you @anandhalagaras1 @kelstahl8705  Were you able to get an answer to this? 

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...