Solved: Splunk Secure Gateway Connect to SAML IdP

las · ‎07-25-2023

Hi.

I'm using Splunk Enterprise 9.0.4 on-Prem.

The Search head has been set up with AzureAD as IdP and normal user login functions as expected.

I tried to connect the Splunk Mobile App to my search head, but it complains that "SAML needs to be set up for Connected Experiences before devices can be registered", so I log on as administrator, and navigate to "SAML Configuration" in Splunk Secure Gateway. Here it states, that I need to connect to a SAML IdP, and when I look at Okta or Azure it states this: "To use Okta or Azure, use a provided authentication script to establish a persistent connection."

Now it seems that there should be a provided script, that I can use in my SAML configuration, I just can't find anywhere, where it states wich script it is.

Hopefully someone is less blind than me, and can point me in the right direction.

Kind regards

/las

las · ‎11-15-2023

This was solved with the help of PS.

On the Application API in AzureAD add the User.read.All of type Application to the configured permissions.

Remember to add all the users that needs to access Splunk to the Enterprise Application

View solution in original post

las · ‎11-15-2023

This was solved with the help of PS.

On the Application API in AzureAD add the User.read.All of type Application to the configured permissions.

Remember to add all the users that needs to access Splunk to the Enterprise Application

Splunk Secure Gateway Connect to SAML IdP

administration

configuration

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability