Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Assign default role to users with SAML authentication

alexis11
Observer
‎11-27-2020 12:43 AM

Hello,

Let me explain the use case: we are using SAML as authentication system, and we need to give specific users specific roles, there is no group information in the IdP that can be correctly mapped to the roles. The role attribution can be very specific and also on-demand. Because of that, we thought we could use the "mail" attribute to map roles, this way we could manually give the specific roles to the individual users, and it would work.

But now we also want that all other users trying to access Splunk would be able to sign on and automatically get a very limited default role with minimal permissions, without having to assign this limited role manually to each one of them.

We tried using the configuration:

 

[saml]
defaultRoleIfMissing = my_limited_role
...

 

But random/unmapped users who tries to access Splunk gets the error "No valid splunk role found in local mapping." and can't sign on, so I was wondering if is was possible to do it in some way.

Thank you for your help !

Labels (5)
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...