Security

How can I use and centrally manage native Active Directory user accounts to create dedicated admin accounts for Splunk?

daniel333
Builder

All,

I want to create dedicated admin accounts for users so they are not running as admin, except when needed. However our Active Directory team will only issue 1 AD account per user. I thought then, perhaps I can use local/native accounts, but I am not certain how to centrally manage this? I would want the same account on all boxes, same password etc.

We do use puppet config management, but after playing with a test install of Splunk, I don't see the account in a flat file anywhere.

Can someone point me in the right direction on this?

0 Karma

joesrepsolc
Communicator

Completely agree with the suggestion to create an AD Group for Splunk admins, and then map the "admin" role in Splunk to that group. When members get added/removed from that group, or de-activates, etc... changes are instantly reflected in Splunk.

0 Karma

redman1138
Explorer

/splunk/etc/passwd is the password file for all local accounts. You can always do the setup on one system and then push the file out to all systems. I do not not remember if it will require a restart or if a debug/refresh will solve it.

You can also create an AD group for admins and then map that group to the role.

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...