Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I add the "edit_tokens_settings" capability to the Roles capability list?

nicholashartman
New Member
‎07-15-2019 03:09 PM

I need to enable hardware token authentication for Splunk login via LDAP which is configured for smart card/token authentication. While running through the Splunk instructions for enabling token authentication, it indicates that I need to add the "edit_tokens_settings" capability for the admin role which will allow me to enable or disable token authentication. However, that capability is missing from the list under Access Controls>Roles>Admin. Further, the instructions say to go under settings and there should be a 'Tokens' page but that's missing as well. What am I missing? Is there an Add-on that enables this? Are the instructions I'm looking at for soft token authentication and I'm barking up the wrong tree? Any help would be appreciated!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

horsefez
Motivator
‎07-15-2019 03:49 PM

Hey @nicholashartman,

do you have the chance to edit authorize.conf directly on the server?

https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/authorizeconf#.5Bcapability::edit_tokens_se...

You can simply add the following settings in your local authorize.conf (If there isn't a local authorize conf yet, make one)

[admin]
edit_tokens_settings = enabled

View solution in original post

Reply
Solved! Jump to solution

nicholashartman
New Member
‎07-15-2019 04:07 PM

Thanks for the reply! I can try that - I don't have access at the moment so I was trying to go the GUI route or see if anyone knew why the options weren't showing.

0 Karma
Reply
Solved! Jump to solution
Solution

horsefez
Motivator
‎07-15-2019 03:49 PM

Hey @nicholashartman,

do you have the chance to edit authorize.conf directly on the server?

https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/authorizeconf#.5Bcapability::edit_tokens_se...

You can simply add the following settings in your local authorize.conf (If there isn't a local authorize conf yet, make one)

[admin]
edit_tokens_settings = enabled

Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...