I have an environment where users are authenticated against a domain, and this works perfectly. However I would like to map roles to groups that live in a seperate trusted domain.
How would I do this in Splunk?
Giving this a bump and adding some more information.
MS AD domains are configured as a bi-directional trust and I can confirm this is operational by creating shares etc. for groups in the opposite domain.
On Splunk I have tried configuring seperate strategies, however these get evaluated top down and stop evaluating on match. I have also created identical roles in both domains which evaluates, but again, if the same name exists and I want to match the 2nd strategy, this will break.
I have tried configuring the primary domain and the secondary domain in the group lookup, however Splunk complains that the secondary domain is incorrect.
This seems to me like the ability to use trusted groups is an "Active Directory feature" and Splunk is "only doing LDAP". Is this statement accurate?
If so, what are my options? I'm guessing ADFS or SAML/SSO will solve this and possibly give me the functionality I want