Splunk SSO


Hello Community!

We have a running Splunk Instance and our users actually log in via Active Directory Accounts over LDAP authentification.

Now we got the Task to configure the users Login with SSO and I started to read the docs for SSO, but now I'm confused.

I have read a lot of authenticate via SAML, which should work for Splunk SSO, but this is an LDAP authentication too.

Can I configure SSO with my existend LDAP configuration?
Is SAML the better choice for authentication?
Do I Need an additional Webserver for SSO or can I realize it with the Default Splunk components?

Maybe someone can bring light in the dark


Tags (2)
0 Karma


Is SAML the better choice for authentication?

It depends. Does your environment already run ADFS or some other product that can talk SAML?

If you're already leveraging SAML in your institution then you can take advantage of true SSO. If not then just authenticate using LDAP. A SAML Identity Provider is not a trivial thing to get up and running. Of course, I'm assuming that your splunk instance is on-premise or, if it's splunk cloud, then your security policy allows ldap connections from outside your domain.

SAML is definitely something to look into (in the future) as it's inherently more secure.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!