Splunk SSO

RobertRi · ‎07-16-2018

Hello Community!

We have a running Splunk Instance and our users actually log in via Active Directory Accounts over LDAP authentification.

Now we got the Task to configure the users Login with SSO and I started to read the docs for SSO, but now I'm confused.

I have read a lot of authenticate via SAML, which should work for Splunk SSO, but this is an LDAP authentication too.

Can I configure SSO with my existend LDAP configuration?
Is SAML the better choice for authentication?
Do I Need an additional Webserver for SSO or can I realize it with the Default Splunk components?

Maybe someone can bring light in the dark

Regards
Robert

suarezry · ‎07-16-2018

Is SAML the better choice for authentication?

It depends. Does your environment already run ADFS or some other product that can talk SAML?

If you're already leveraging SAML in your institution then you can take advantage of true SSO. If not then just authenticate using LDAP. A SAML Identity Provider is not a trivial thing to get up and running. Of course, I'm assuming that your splunk instance is on-premise or, if it's splunk cloud, then your security policy allows ldap connections from outside your domain.

SAML is definitely something to look into (in the future) as it's inherently more secure.

Splunk SSO

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!