Hi All,
We have a requirement from one of our customer ,where they would like to have different URL for each Role in Splunk enterprise due to various security concerns and we do have enabled SAML for this customer.
Example:
Admin User Role: splunkadeui.abc.com
User Role User: sdeycecv.abc.com OR sdeycecv.pyru.com
Request to please share your views and how this can be address.
Regards,
Shweta
Please explain how a different URL for each role addresses any security concern.
Actually i have asked the same question to my customer, But its being mentioned as one of the vulnerability that admin and end-user uses same URL this is how the organization works for my customer.
Let me give more details ,So here customers is going to onboard multiple customer data and each customer will have some admins and END user.
This needs to be achieve either by LDAP or SAML. Please let me know if you have any thoughts on same.
Regards,
Shweta
AFAIK, the only way to do that is to have separate search heads for admins and users. That would achieve the goal of separate URLs for each class of user, but it would not be a useful "solution" because there would be no way to administer the user SH except via the command line. Changes made from the CLI often require restarting so the user experience would not be as good as it could be.
Is the customer aware that Splunk uses role-based access controls to govern who can do what?
It seems the unasked question here is how to keep customers from seeing each others data. That requires given each customer dedicated indexes and using roles to make sure only that customer's people can see that data.