Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does anyone know how to programmatically create SAML group to Splunk Role mappings in Splunk 9.2?

BlueSocket
Communicator
‎07-18-2024 09:41 AM

I have an outside SAML system (Okta) which we are using to login to our Splunk system and we are defining indexes for people in different buildings to work against (named after thebuildings). The problem is that people move around from buildings to building and they seem to accrete access to virtually every index (building) and we need to stop this by making sure that everyone only gets the access that they need for their building on its own (so creating and revoking access is all controlled within Okta. The other issue is that our organisation moves buildings quite often (due to the nature of the business).

So... I have created the following:

Okta User->Okta group

Splunk Role->Building Index

I need to be able to programmatically make the link of SAML Group->Splunk Role.

I can read the link between SAML Group and Splunk Role with the REST API using the information in the following page (using /services/admin/SAML-groups), but I cannot find any documentation about creating  and deleting the links.

https://docs.splunk.com/Documentation/Splunk/9.2.2/RESTREF/RESTaccess

I know that I can maintain the links using the information the below URL, but not programmatically as yet.

https://docs.splunk.com/Documentation/Splunk/9.2.1/Security/Modifyorremoverolemappings

Does anyone know how I can do this programmatically, please?

Labels (3)
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

BlueSocket
Communicator
‎07-19-2024 03:07 AM

Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.

The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."

This action does as my description says.

View solution in original post

Reply
Solved! Jump to solution
Solution

BlueSocket
Communicator
‎07-19-2024 03:07 AM

Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.

The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."

This action does as my description says.

Reply
Get Updates on the Splunk Community!

Meet Duke Cyberwalker | A hero’s journey with Splunk

We like to say, the lightsaber is to Luke as Splunk is to Duke. Curious yet? Then read Eric Fusilero’s latest ...

The Future of Splunk Search is Here - See What’s New!

We’re excited to introduce two powerful new search features, now generally available for Splunk Cloud Platform ...

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...