Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does anyone know how to programmatically create SAML group to Splunk Role mappings in Splunk 9.2?

BlueSocket
Contributor
‎07-18-2024 09:41 AM

I have an outside SAML system (Okta) which we are using to login to our Splunk system and we are defining indexes for people in different buildings to work against (named after thebuildings). The problem is that people move around from buildings to building and they seem to accrete access to virtually every index (building) and we need to stop this by making sure that everyone only gets the access that they need for their building on its own (so creating and revoking access is all controlled within Okta. The other issue is that our organisation moves buildings quite often (due to the nature of the business).

So... I have created the following:

Okta User->Okta group

Splunk Role->Building Index

I need to be able to programmatically make the link of SAML Group->Splunk Role.

I can read the link between SAML Group and Splunk Role with the REST API using the information in the following page (using /services/admin/SAML-groups), but I cannot find any documentation about creating  and deleting the links.

https://docs.splunk.com/Documentation/Splunk/9.2.2/RESTREF/RESTaccess

I know that I can maintain the links using the information the below URL, but not programmatically as yet.

https://docs.splunk.com/Documentation/Splunk/9.2.1/Security/Modifyorremoverolemappings

Does anyone know how I can do this programmatically, please?

Labels (3)
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

BlueSocket
Contributor
‎07-19-2024 03:07 AM

Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.

The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."

This action does as my description says.

View solution in original post

Reply
Solved! Jump to solution
Solution

BlueSocket
Contributor
‎07-19-2024 03:07 AM

Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.

The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."

This action does as my description says.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...