How to Support Two Factor Authentication for Splunk Add-on/App.


Hi All,

I'm new to Splunk and learning to create a Splunk Add-on, which ingest data to Splunk from rest api calls. For now I'm using basic authentication to authenticate the rest api. I would like to know is it possible to support 2 Factor Authentication for my splunk add-on. Any inputs would be nice.

Issue:- In 2 factor authentication i need to get OTP at run time, how to do it.


Splunk Employee
Splunk Employee

I would recommend a slightly roundabout way of doing this.
1) Configure splunk to use SAML for authentication.
2) Then on your IDP configure as many factors of authentication as you want/your IDP supports.

The advantange of this method is that generally speaking IDP's can support multiple factors of auth, and splunk can support idp's so you potentially have a fairly large combination to pick from, you can just delegate the auth part to IDP, once user authenticates with IDP all splunk cares about is the assertion and it will log you in

Splunk Employee
Splunk Employee

Hi Sudarshan,

Splunk currently support DUO out of the box as a multi factor auth provider :

Custom implementations can be achieved via reverse proxy or scripted auth options:

Or to use an external identity provider that takes care of the mutli factor auth

- MattyMo
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...