Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Does anyone know how to programmatically create SA...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have an outside SAML system (Okta) which we are using to login to our Splunk system and we are defining indexes for people in different buildings to work against (named after thebuildings). The problem is that people move around from buildings to building and they seem to accrete access to virtually every index (building) and we need to stop this by making sure that everyone only gets the access that they need for their building on its own (so creating and revoking access is all controlled within Okta. The other issue is that our organisation moves buildings quite often (due to the nature of the business).
So... I have created the following:
Okta User->Okta group
Splunk Role->Building Index
I need to be able to programmatically make the link of SAML Group->Splunk Role.
I can read the link between SAML Group and Splunk Role with the REST API using the information in the following page (using /services/admin/SAML-groups), but I cannot find any documentation about creating and deleting the links.
https://docs.splunk.com/Documentation/Splunk/9.2.2/RESTREF/RESTaccess
I know that I can maintain the links using the information the below URL, but not programmatically as yet.
https://docs.splunk.com/Documentation/Splunk/9.2.1/Security/Modifyorremoverolemappings
Does anyone know how I can do this programmatically, please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.
The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."
This action does as my description says.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the answer - use a POST to admin/SAML-groups and add the names of the external groups and the internal roles.
The English in the documentation is "sub-par" and I will be asking for it to be updated. The description of the API POST call for "admin/SAML-groups" says "Convert an external group to internal roles." What it should say is, "Creates a mapping between between the external SAML group and the internal roles."
This action does as my description says.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
