multi-tenant set up with two Johns

ronak · ‎01-27-2015

Setup

index defined (client1_index_mobile_event, client2_index_mobile_event)
roles defined (client1_role, client2_role)
users defined (bob, john, peter)
role to index mapping (client1_role -- > client1_index_mobile_event, client2_role -- > client2_index_mobile_event)
role to user mapping (client1_role -- > bob, john ; client2_role -- > peter)

What it achieves

• When bob or john login, they see the data from client1_index_mobile_event
• When peter logs in, he sees data from client2_index_mobile_event

For the same query of search index=*index_mobile_event | head 10

Need-1

How to configure a scenario where client1 has user called John and client2 also has user called John, so that

• John from client1 has access to data from client1_index_mobile_event
• John from client2 has access to data from client2_index_mobile_event

Need-2

I’ve an external system that maintains the data in client: username : password format e.g. for the above mentioned scenario of john, it will have information like

Client1: john:
Client2: john:

If I want to use that system for login (to provide a seamless experience to end user and off-load password management to that system) , WHAT ARE my steps to achieve this so that John from client1 still sees only clien1 data and John2 from client2 sees only for client2 index data

Any pointers would be highly appreciated.

monzy · ‎01-28-2015

you might consider using an email address instead of the first name for the users.

ronak · ‎01-28-2015

That's a good suggestion Monzy ...any input on my previous comment/question about not having userID in splunk, but only the role?

martin_mueller · ‎01-27-2015

Two users in one system can't have the same name.
I see two solutions: Change your user names to client_user to mitigate conflicts, or set up two search heads and connect one to client1's ldap and the other to client2's ldap to avoid conflicts entirely.

martin_mueller · ‎01-28-2015

I'm pretty sure Splunk will require a user context. There's preferences to store, private knowledge objects, user-created dashboards, auditing of user activity, and so on.

martin_mueller · ‎01-28-2015

If both Johns log in to the same system using the login name "john" then there's no way for the system to distinguish the two.
I don't see how custom scripted external authentication could solve this because the key problem remains the same - both type the same user name into the same box.

You'll need either different names or different systems.

ronak · ‎01-28-2015

In splunk setup, when I use external system for authentication - is defining a username within Splunk a must ? What I mean is -

my username - pwd - role combination resides in external database
In Splunk, I define role (e.g. cleint1_role, client2_role etc..) and associate appropriate indexes to it
now user logs into external system which based on context will get the role
the external system will make a call to Splunk passing the role information (client1_role or client2_role) and open a dashboard
the user who logged in to external system, can now browse thru the dashboard with relevant data

In this, I don't define John in Splunk at all...

Is that feasible option ?

ronak · ‎01-27-2015

Martin -

You are correct that , client_user is an option; but it is not a good user experience as I'll have to ask clients to suffix client_ to every use

I've search head clustering to have scalability of the setup.

Any pointers/steps for external system integration? The external system (NOT AD or LADAP, but a custom database) will maintain table with four columns - client_name, user_name, role, password .. how can splunk use that system to authenticate user and have right role associated with the log in?

Any pointers..?

multi-tenant set up with two Johns

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...