Why does enabling Duo in Splunk break local admin ...

wrangler2x · ‎09-13-2018

I'm on the 6.5.2 release and I have Duo turned on in the Splunk configs. It has been working great, but I just found out that I cannot login as user admin in Splunk Web. I get this message:

Access Denied. The username you have entered cannot authenticate with Duo Security. Please contact your system administrator.

That's rather inconvenient! Surely there is a way around this?

mstjohn_splunk · ‎09-13-2018

hi @wrangler2x,

are you using the Duo Splunk Connector or the Duo Log Add-on?

wrangler2x · ‎09-14-2018

No, this has nothing to do with add-on software. I've configured Splunk to require Duo MFA at logon time. See this here:

https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureDuo

javier_oshiro · ‎01-06-2026

We are currently trying to get around this issue.
Have you managed to exclude the local admin account from the DUO mfa?

Why does enabling Duo in Splunk break local admin login and is there a way around that?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation