Hi All,
I'm new to Splunk and learning to create a Splunk Add-on, which ingest data to Splunk from rest api calls. For now I'm using basic authentication to authenticate the rest api. I would like to know is it possible to support 2 Factor Authentication for my splunk add-on. Any inputs would be nice.
Issue:- In 2 factor authentication i need to get OTP at run time, how to do it.
Thanks,
Sudarshan
I would recommend a slightly roundabout way of doing this.
1) Configure splunk to use SAML for authentication.
2) Then on your IDP configure as many factors of authentication as you want/your IDP supports.
The advantange of this method is that generally speaking IDP's can support multiple factors of auth, and splunk can support idp's so you potentially have a fairly large combination to pick from, you can just delegate the auth part to IDP, once user authenticates with IDP all splunk cares about is the assertion and it will log you in
Hi Sudarshan,
Splunk currently support DUO out of the box as a multi factor auth provider :
https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/AboutMultiFactorAuth
Custom implementations can be achieved via reverse proxy or scripted auth options:
https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/HowSplunkSSOworks
https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentic...
Or to use an external identity provider that takes care of the mutli factor auth