Security

Does Splunk Cloud support DUO two factor authentication?

dschneider
Engager

Does Splunk Cloud support DUO two factor authentication? I am a cloud customer who is also a duo customer. I do not see the ability to add DUO under authentication methods.

Thanks in Advance!

1 Solution

pgreer_splunk
Splunk Employee
Splunk Employee

Yes, but the cloud instance needs to be at 6.5.x.

alt text

View solution in original post

john_byun
Path Finder

Is this really not possible with Splunk Cloud? Is there a workaround to get MFA working?

0 Karma

davidpaper
Contributor

Hi,

While it is true that there is no direct support for 2FA (Duo) in Splunk Cloud anymore (it was removed after 6.6 I believe), the way to still achieve 2FA is to do it at the SAML/IDP layer. As long as your IDP supports 2FA and the 2FA bits happen outside of Splunk, go for it.

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Duo IDP is not supported in in Cloud b/c it cuts off local users needed for administration in Splunk Cloud. If DUO re-writes its IDP in the future it maybe possible.

john_byun
Path Finder

Can Splunk build in an option to enable Duo on an account basis instead of globally?

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

Yes, but the cloud instance needs to be at 6.5.x.

alt text

splunkindonuts
Observer

Can Splunk please confirm that this is still a valid answer? My Splunk Cloud ver 7.2 does not appear to have any options for configuring Duo support.

This page https://docs.splunk.com/Documentation/Splunk/8.0.0/Security/AboutMultiFactorAuth clearly states

"Splunk Cloud does not support
multifactor authentication with Duo
Security."

which is a contradiction to this accepted answer.

If Duo is supported in Cloud 7.x/8.x please point us to the appropriate documentation.

0 Karma

bohanlon_splunk
Splunk Employee
Splunk Employee

I downvoted this post because this answer is obsolete (and now wrong). see splunk internal engineering reference; spl-154283

0 Karma

timroberts213
Engager

How do we find this document?

0 Karma

dschneider
Engager

Thanks Much!

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...