Security

How do I allow multiple users to login with the same shared account?

tusharsaran1
Path Finder

We have a requirement to allow approx 50 users to login simultaneously to Splunk using the same shared account. The reason we want to do this is because these users do not have access, and we want them to do a bit of hands-on during a live demo.

Does Splunk support this feature or do we need to look for an alternative solution?

Tags (2)
0 Karma

DalJeanis
SplunkTrust
SplunkTrust

That's not a real requirement.

"Using the same shared account" has nothing to do with the stated use case of giving 50 people temporary access for demo training purposes.

Sure, you could do it that way, but then you'd hit the problem of max concurrent searches per user. Do you want the 50 people to be actually able to DO anything when they are all logged on? If so, you need to give them different user ids with the same role, so that they each get their own concurrent search limits.

Also, if you are letting newbies all on in a flock, then for your own sake, please start them out with default time limits not being "all time", no realtime search, and a default index that won't kill your instances. In other words, if they enter the word "foo" and hit enter, make sure that by default the system will search to see if the word "foo" appears in your index="training" for the preceding 24 hours, rather than checking your entire organization's proxy logs for all time.

tusharsaran1
Path Finder

Why is that not a real requirement?
For the purpose of a demo, we don't know who the users are going to be, hence we can't create individual user accounts for them. That is the reason why I am thinking about creating a single account and sharing the credentials with all of the users.
Good suggestions regarding configuring default time limits, no real time search and a default index. I will configure these. My main concern was whether Splunk allows x number of users to login simultaneously with the same user id. If the answer is yes, I can create a shared account and map it to a role with the above mentioned configuration.

0 Karma

Rob2520
Communicator

You can create a local account and share the credentials to all 50 users. You can delete the account once the demo is done if needed.

0 Karma

derekf
Explorer

Did you ever figure this out?

Our use case is we have an organization that would sign in to only use the REST api with a webapp we have built. The users do not need to sign in to view the dashboards, so having a single shared user to just present the data within our application is ideal.

0 Karma

sudosplunk
Motivator

Hi, what are the limitations with splunk default authentication mechanism? I mean, you can create a role and assign this role to all 50 users, so that they all have same set of capabilities and permissions. Is this something which is not possible w.r.t your requirement?

0 Karma

tusharsaran1
Path Finder

We don't know who the audience is going to be, so we can't create individual user accounts for them.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...