Security

Splunk SSO

RobertRi
Communicator

Hello Community!

We have a running Splunk Instance and our users actually log in via Active Directory Accounts over LDAP authentification.

Now we got the Task to configure the users Login with SSO and I started to read the docs for SSO, but now I'm confused.

I have read a lot of authenticate via SAML, which should work for Splunk SSO, but this is an LDAP authentication too.

Can I configure SSO with my existend LDAP configuration?
Is SAML the better choice for authentication?
Do I Need an additional Webserver for SSO or can I realize it with the Default Splunk components?

Maybe someone can bring light in the dark

Regards
Robert

Tags (2)
0 Karma

suarezry
Builder

Is SAML the better choice for authentication?

It depends. Does your environment already run ADFS or some other product that can talk SAML?

If you're already leveraging SAML in your institution then you can take advantage of true SSO. If not then just authenticate using LDAP. A SAML Identity Provider is not a trivial thing to get up and running. Of course, I'm assuming that your splunk instance is on-premise or, if it's splunk cloud, then your security policy allows ldap connections from outside your domain.

SAML is definitely something to look into (in the future) as it's inherently more secure.

0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...