Other Usage

No valid Splunk role found in local mapping - Microsoft Azure Entra SSO

JRacca
Explorer

Hi,

We are integrating the Splunk to our Microsoft Azure SSO, and followed instructions from https://learn.microsoft.com/en-us/entra/identity/saas-apps/splunkenterpriseandsplunkcloud-tutorial#c...

But after all the configuration, we are hitting the "No valid Splunk role found in local mapping"

 

Also checked Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider - Splunk Documentation to remove the alias but was not able to make it work.

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

The docs say to use the group ID or UUID.  I have little experience with Azure so I can't help much there.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Did you continue to the next step "Map SAML groups to Splunk Enterprise roles "?

---
If this reply helps you, Karma would be appreciated.

JRacca
Explorer

Yes I did and put in the Object ID of the Application created on Azure as the Group Name.
I'm trying to figure out how is it not working.

Did I put the correct Object ID?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The docs say to use the group ID or UUID.  I have little experience with Azure so I can't help much there.

---
If this reply helps you, Karma would be appreciated.

JRacca
Explorer

Hi!

Thank you! UUID did not work but Group ID did 🙂
This was my mis-out thank you

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...