Security

How can I use and centrally manage native Active Directory user accounts to create dedicated admin accounts for Splunk?

daniel333
Builder

All,

I want to create dedicated admin accounts for users so they are not running as admin, except when needed. However our Active Directory team will only issue 1 AD account per user. I thought then, perhaps I can use local/native accounts, but I am not certain how to centrally manage this? I would want the same account on all boxes, same password etc.

We do use puppet config management, but after playing with a test install of Splunk, I don't see the account in a flat file anywhere.

Can someone point me in the right direction on this?

0 Karma

joesrepsolc
Communicator

Completely agree with the suggestion to create an AD Group for Splunk admins, and then map the "admin" role in Splunk to that group. When members get added/removed from that group, or de-activates, etc... changes are instantly reflected in Splunk.

0 Karma

redman1138
Explorer

/splunk/etc/passwd is the password file for all local accounts. You can always do the setup on one system and then push the file out to all systems. I do not not remember if it will require a restart or if a debug/refresh will solve it.

You can also create an AD group for admins and then map that group to the role.

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...