Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to integrate Splunk and Tableau with Okta to SSO between both systems?

euroa
Engager
‎10-12-2016 12:46 PM

Currently we use LDAP to authenticate to our Splunk Cloud environment. We have hundreds of users in our system and we have a few mapped roles. We are wanting to implement SSO because of another system that uses it (Tableau). They would like seamless integration between both systems so Splunk won't ask for credentials when users are logged into Tableau and run a report from that system. I am concerned about user names getting deleted because we would move away from the LDAP integration and go into SAML. The SSO solution we would be using is Otka. Please let me know.

0 Karma
Reply

aaraneta_splunk
Splunk Employee
Splunk Employee
‎12-01-2016 07:27 PM

@euroa - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post. If no, please leave a comment with more feedback. Thanks.

0 Karma
Reply

suarezry
Builder
‎10-13-2016 05:48 AM

I'm only guessing at this point because I haven't done a migration from ldap to saml, only a clean install with saml...

With SAML, okta includes a nameid in the response after the user authenticates. This is used to uniquely identify the user. See nameIDFormat in the splunk docs. If you pass the saml nameid as the same format you used for the ldap user name attribute then I'm guessing splunk will continue to use the same users after you migrate.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎10-12-2016 07:03 PM

OKTA is a supported provider for Splunk Cloud and straightforward to setup. However, your users will have to be authenticated through OKTA in order to login. They won't be able to login to tableau and then login directly to Splunk Cloud.

Regarding users being overwritten and orphaned searches, there is no way around this at this time. Your Splunk admin would need to audit the existing users and migrate their private knowledge objects to the accounts.

0 Karma
Reply

burwell
SplunkTrust
SplunkTrust
‎10-12-2016 01:29 PM

There was a good talk at .conf 2016 about SAML 2.0. The slides and talks have not been posted yet but I would encourage you to see what is new in the new Splunk SAML implementation.

I haven't gone to SAML yet but my colleagues have in 6.4. As I understand it, there are issues you need to be careful of to make sure that saved searches belonging to users don't get assigned to nobody etc.

From the talk, things have improved in SAML 2.0 as they call it but it's still a bit of work.

Here's the latest docs: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/ConfigureSAMLSSO

0 Karma
Reply

euroa
Engager
‎10-12-2016 01:58 PM

I am definitely concerned with a lot of orphaned searches getting generated due to switching from LDAP to SAML.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...