Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How does DUO authentication for SPLUNK work?

pfabrizi
Path Finder
‎05-15-2018 08:04 AM

WE performed a test this morning with DUO\SPLUNK and it worked fine, however it also forced our local splunk accounts to use DUO. We are also not sure on how this would impact those local accounts that are used in scripts that access the API.
Is there a way around this or is it all or nothing?

Thanks!

Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-15-2018 03:47 PM

Docs start here, if you haven't found them yet: About two-factor authentication with Duo Security in the Securing Splunk Enterprise manual.

The Configure Splunk Enterprise to use Duo Security two-factor authentication topic states that you can use it with scripted authentication.

0 Karma
Reply

pfabrizi
Path Finder
‎05-16-2018 04:13 AM

so these docs are great, however I already had DUO setup, the issue I ran into is that built in ADMIN account when logging on the UI is also pushed through 2 factor auth. We use Active directory, which that account is not part of. So I was actually looking to see if there was a configuration setting that allowed certain ID's to bypass 2 factor?

I also use the API from C# and Python, so not sure if that uses the same auth method or not.

Thanks!

0 Karma
Reply

javier_oshiro
Explorer
‎01-06-2026 07:56 AM

We are currently trying to figure this problem out.
Have you managed to get around the local admin issue?

0 Karma
Reply

xpac
SplunkTrust
SplunkTrust
‎05-15-2018 08:36 AM

Hey,
I haven't used DUO with Splunk yet, but have used DUO as additional protection for SSH logins.
There, you could exclude certain user accounts, or source IPs from having to use the DUO two-factor.
It was simply available in the DUO admin interface on their website - look for something like bypass.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...