transition from local splunk authentication to sam...

ips_mandar · ‎01-07-2021

Hi, currently I have local splunk accounts for all users. Now I am setting up SAML (okta) authentication for all those user. So how can I transition each user local account to SAML account without losing there knowledge objects created including any private knowledge objects as well.
Consider I have same username in both i.e. in local as well as SAML account.
What process I should follow please help.
Thanks,

richgalloway · ‎01-08-2021

If the local usernames are identical to the SAML usernames then you only need to map SAML groups to Splunk roles. The private KOs will not need to change.

---
If this reply helps you, Karma would be appreciated.

ips_mandar · ‎01-08-2021

Thanks @richgalloway
After mapping SAML groups to Splunk roles do I need to delete local authentication for all users? and which will take precedence while loging in?

richgalloway · ‎01-08-2021

Local authentication has priority over external authentication. That means you'd need to delete the local accounts, but I believe that will also delete the local KOs. One workaround is to copy the $SPLUNK_HOME/etc/users directory and restore it after deleting the accounts.

---
If this reply helps you, Karma would be appreciated.

transition from local splunk authentication to saml authentication

configuration

using Splunk Enterprise

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?