Splunk® Enterprise

Securing Splunk Enterprise

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

About user authentication

Authentication lets you add users, assign roles to them, and give those roles access to resources as you need for your organization.

An authentication scheme, also known as an authentication method, is a way that the Splunk platform authorizes a user to access services and resources that the platform provides. The Splunk platform has several schemes that you can use for authentication. You must have an active Splunk license for authentication to work.

The Splunk platform uses the following authentication schemes:

Scheme Splunk platform types Description
Native Splunk authentication all Native Splunk authentication takes precedence over any external authentication schemes. The native scheme provides the Admin, Power, and User roles by default. You can define your own roles using a list of Splunk capabilities. If you have an active license, native authentication is on by default. See Set up native Splunk authentication for more information.
Lightweight Directory Access Protocol (LDAP) all The Splunk platform supports authentication with its internal authentication services or your existing LDAP server. See Set up user authentication with LDAP for more information.
Security Assertion Markup Language (SAML) all The Splunk platform supports contacting an identity provider (IdP) that uses the SAML version 2.0 protocol and retrieving user information that can be mapped to Splunk roles. See Configure single sign-on with SAML for additional information.
Multi-factor authentication Splunk Enterprise Lets you use two or more services to provide authentication access to Splunk platform resources. Includes the ability to use Duo or RSA Manager.
Scripted authentication API Splunk Enterprise Use scripted authentication to integrate Splunk authentication with an external authentication system, such as Remote Authentication Dial-in User Service (RADIUS) or Pluggable Authentication Module (PAM). See Set up user authentication with external systems for more information.

You can create and assign users to roles either in Splunk Web, on Splunk Cloud Platform and Splunk Enterprise, or by editing the authorize.conf configuration file on Splunk Enterprise only. For more information about roles and capabilities, read About role-based user access.

Last modified on 01 May, 2024
Use access control to secure Splunk data   About configuring role-based user access

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1, 8.1.0, 8.1.10, 8.1.11, 8.1.12


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters