Security
Highlighted

How to bypass SSO when a user as never logged in Splunk?

Explorer

Hi,

I enabled SSO for Splunk which works almost fine. I found a very annoying behavior with SSO.

If a new user has never logged in Splunk and that user has right to login, SSO keeps shouting that the user is unknow. What I found, is that a new user never logged in Splunk using the login page, splunk didn't add it to the user list and therfore the user.

Any clue how to resolve this annoying behavior ?

David

Tags (2)
0 Karma
Highlighted

Re: How to bypass SSO when a user as never logged in Splunk?

Champion

i doubt suck things happen. When you add the AD group the users can be seen in the users list. Where do you see unknown? if there are frequent change in the AD group refresh it periodically.

0 Karma
Highlighted

Re: How to bypass SSO when a user as never logged in Splunk?

Explorer

Hi,

The user is shown in the "Map Group" settings in the authentication. Even if I remap the user, the user doesn't appear in the user list.

Splunk check in the "User List" to map with SSO, so until the first manual login, the user is redirect to the Splunk SSO Error Page saying that there is no matching user.

David

0 Karma
Highlighted

Re: How to bypass SSO when a user as never logged in Splunk?

Splunk Employee
Splunk Employee

you can use new variant of SSO i.e. Proxy SSO. It does not require user to be present in splunk account. More details here:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/AboutProxySSO

0 Karma