Splunk Enterprise

Regarding the API key for configuring the authentication extension for the OKTA

dhana22
Explorer

Hello, We are trying to configure the authentication extensions for the Okta identity provider and below are the steps as per the Splunk documentation.Log into Splunk Platform as an administrator level user.

From the system bar, click Settings > Authentication Methods.
Click "Configure Splunk to use SAML". The "SAML configuration" dialog box appears.
In the Script path field within the Authentication Extensions section of the "SAML configuration" dialog box , type in SAML_script_okta.py.
In the Script timeout field, type in 300s.
In the Get User Info time-to-live field, type in 3600s.
Click the Script functions field.
In the pop-up window that appears, click getUserInfo.
Under Script Secure Arguments, click Add Input.
In the Key field, type in apiKey.
In the Value field, type in the API key for your IdP.
Click "Add input" again.
In the "Key" field, type in baseUrl.
in the "Value" field, type in the URL of your Okta instance.
Click Save. Splunk Cloud Platform saves the Okta configuration and returns you to the SAML Groups page.
 
Could anyone confirm whether these steps will work for the Splunk OnPrem too? or it is applicable for the Splunk Cloud? 
 
Also, as per Step (In the Value field, type in the API key for your IdP.), we have to provide the API key for the Idp, our security team is asking what permission does the Okta API token needs? any thoughts? Please advice. 
 
Thank you!

 

 

Labels (2)
0 Karma

PaulPanther
Builder

You've shared the splunk enterprise manual to set up scripted authentication extensions with okta with us.

Configure authentication extensions to interface with your SAML identity provider - Splunk Documenta...

So that should be fine if you proceed with this manual.

Regarding the permissiona check the python script and the endpoints that are used in the script. Probably based on the endpoints you could figure out with your IAM colleagues which capabilities are needed.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...