Security

How to assign newly created roles to existing LDAP Authentication users in Splunk Web?

Abilan1
Path Finder

Hi Team,

We have created a new role in splunk, and now we would like to assign that to our existing users. Users are already created using LDAP authentication method. Is it possible to assign the role or recreate the LDAP Authentication users from Splunk Web? if not, what is the possible way to do that?

Thank You!

Tags (4)
0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Refer to the documentation at : http://docs.splunk.com/Documentation/Splunk/6.3.0/Security/SetupuserauthenticationwithLDAP

If you have configured Splunk to authenticate via your LDAP server, you can map your LDAP groups to Splunk roles. If you do not use groups, you can also map LDAP users individually.

For information about setting up LDAP groups in Splunk Web, see "Configure LDAP with Splunk Web" in this manual.

Note: You can map either users or groups, but not both. If you are using groups, all users you want to access Splunk must be members of an appropriate group. Groups inherit capabilities from the highest level role they're a member of.

All users are visible in the Users page in Splunk Manager. To assign roles to groups in Splunk Web:

  1. Click Settings in Splunk Web.

  2. In the Users and authentication section, click Access controls.

  3. Click Authentication method.

  4. Select the LDAP radio button.

  5. Click Configure Splunk to use LDAP and map groups. This takes you to the LDAP strategies page.

  6. Click Map groups in the Actions column for a specific strategy. This takes you to the LDAP Groups page. You can use the search field in the upper right corner of the page to qualify the list of groups; for example, to search for groups containing specific users.

  7. Click on a group name. This takes you the mapping page, which includes a list of available roles and a list of LDAP users for that group.

  8. To map a role to a group, click the arrow to the left of a role in the "Available Roles" list. This moves the group into the "Selected Roles" list. You can map multiple roles to the group.

  9. Click Save. This takes you back to the LDAP Groups page.

  10. Repeat the process for each group that you want to assign Splunk roles to.

  11. List item

brendan_wilson
Engager

Thanks for the info. I found that documentation and still wasn't seeing the created group, but it turns out that the group creation simply hadn't propagated to the domain controller we were connecting to for LDAP info. My bad!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...