Can we enable LDAP and SAML authentication on Splu...

Navanitha · ‎12-05-2023

We have recently setup SAML Authentication on our Splunk search which will be accessed by our Vendor using SSO authentication. I wanted to enquire if LDAP authentication can also be enabled which will be local to my team ?

Also, what if SAML authentication or group mapping on our idP (Azure AD) breaks at some time and we will not be able to get into Splunk. Is there or can we enable local admin login on the Splunk search which will be managed by our Splunk admin?

richgalloway · ‎12-05-2023

You can have either SAML or LDAP authentication, but not both. Splunk authentication is always available.

To force Splunk authentication, go to http://<your Splunk URL>/en-us/account/login?loginType=Splunk. The "en-us" part can be replaced with your own locale specifier.

---
If this reply helps you, Karma would be appreciated.

isoutamo · ‎12-05-2023

Hi

it’s like @richgalloway said, but I think that you could try to write your own “backend” and use scripted authentication method in splunk? But I’m quite sure that this is not worth of needed work for create and update that backend?

r. Ismo

Can we enable LDAP and SAML authentication on Splunk Search head ?

administration

configuration

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?