Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

migrate to auth0 for SAML friendly username instead of user_id

klim
Path Finder
‎01-24-2024 10:24 AM

I am migrating to using auth0 for SAML which authenticates with active directory for splunk. Currenlty splunk just uses active directory. I have the realName field set to the “nickname” attribute in the saml response which is the username but when I run searches or make dashboards/alerts it is assigned to the user_id attribute which is gibberish.

I’m wondering how we can make the knowledge objects assigned to the friendly username instead of the user_id because I’m curious if a user will still be able to see their historical knowledge objects since the owner value is now different. Unless it is somehow mapped to it. 

Labels (2)
Labels
0 Karma
Reply

datadevops
Path Finder
‎01-28-2024 02:21 AM

Hi there, 

  1. Map User IDs:
    • Create a lookup table or KV store to map the old AD user_ids to their corresponding friendly usernames (nicknames).
  2. Update Existing Objects:
    • Use a search-and-replace command like | rename owner = lookup_username owner to update the owner field in existing knowledge objects.
  3. Adjust Searches and Apps:
    • Modify searches and apps to use the realName field (mapped to nickname) for user-related actions.
  4. Handle New Objects:
    • Configure Splunk to use the realName field as the owner field for new knowledge objects.

Additional Tips:

  • Test Thoroughly: Test the migration process with a small group of users before rolling it out fully.
  • Backup Data: Always back up your Splunk data before making significant changes.
  • Consult Documentation: Refer to Splunk and Auth0 documentation for specific configuration guidance.
  • Consider Support: If you're unsure about any steps, reach out to Splunk or Auth0 support for assistance.

~ If the reply helps, a Karma upvote would be appreciated

Reply

klim
Path Finder
‎01-29-2024 12:31 PM

Thanks for the response. How do I step 4 modifying searches/apps to use the realName field as the owner?

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...