Splunk® Cloud Gateway (Legacy)

Install and Administer Splunk Cloud Gateway

Splunk Cloud Gateway version 1.12.3 has been removed from Splunkbase due to issues found with Mobile Device Management (MDM). If you're using MDM, downgrade to Splunk Cloud Gateway version 1.12.2. If you're participating in a beta release program and need the backend support features in Splunk Cloud Gateway version 1.12.3, contact mobile-support@splunk.com.
This documentation does not apply to the most recent version of Splunk® Cloud Gateway (Legacy). For documentation on the most recent version, go to the latest release.

About MDM and In-app Registration

Use Mobile Device Management (MDM) and in-app registration together to securely deliver Connected Experiences apps to a large number of devices. MDM lets you scale app delivery, secure content access, and manage data on mobile devices. In-app registration allows users to register their devices in the Connected Experiences apps themselves without needing access to Splunk Cloud Gateway.

MDM and in-app registration are currently available for the following Connected Experiences apps:

  • Splunk Mobile for iOS
  • Splunk Mobile for Android
  • Splunk AR for iOS

The Connected Experiences apps support MDM providers that are a part of the AppConfig community.

Distributing a Connected Experiences app with MDM

As an admin, you can deploy a supported Connected Experiences app to a large number of devices using a compatible MDM provider. MDM providers that are a part of the AppConfig community are supported.

MDM offers secure app distribution within your organization so you can easily scale your mobile app deployment. MDM allows you to do the following:

  • Enforce data loss prevention.
  • Receive app-specific configuration information.
  • Apply MDM security policies to protect your data.
  • Tunnel network connections to servers behind an enterprise firewall so device users don't need to set up VPN access.

After deploying a supported Connected Experiences app with your MDM provider, configure the app for in-app registration.

In-app registration with MDM

With MDM and in-app registration, users can register their devices in mobile app themselves. Users don't need access to Splunk Cloud Gateway or an on-premises Splunk Enterprise instance.

Generate an instance ID file to allow the mobile app to locate and connect to your Splunk instance. Multi-step encryption ensures that your data is secure when deploying the mobile apps at scale with MDM and in-app registration.

Generate instance ID files

Generate an ID file from Splunk Cloud Gateway on the Splunk instances that you want your users to register to. The instance ID file contains the instance's Splunk Cloud Gateway public key, Cloud Gateway ID, deployment ID, and an MDM private signing key. It allows the mobile device to locate and connect to the Splunk instance.

If you're providing users access to more than one Splunk instance, upload the instance ID files to Splunk Cloud Gateway to combine them. Splunk Cloud Gateway runs a concatenation script that places information from all identifier files in a single JSON file.

Use your compatible MDM provider to deploy a compatible Connected Experiences mobile app to user devices. Deploy the single or combined instance ID file to MDM-managed devices as a configuration. The contents of the instance ID files allow your MDM provider to configure the mobile app for in-app registration.

Sending a registration request

When a user launches the mobile app, the app presents a list of Splunk instances in the combined instance ID file. The user selects an instance and enters their Splunk credentials. The mobile app sends an MDM registration request payload to Splunk Cloud Gateway that contains the user's Splunk credentials. The payload is serialized to bytes and encrypted with the Splunk Cloud Gateway app public encryption key. The encrypted payload is bundled with a version identifier and the Splunk Cloud Gateway deployment ID. The payload is then signed with the MDM signing private key and the device private signing key.

Authenticating the device

Spacebridge routes the encrypted credentials to the Splunk instance to authenticate the registration request. Splunk Cloud Gateway decrypts the payload, and if the user's credentials are authorized, Splunk Cloud Gateway generates a token to access Splunk. Splunk Cloud Gateway bundles a session token, the username, server version, and Splunk Cloud Gateway deployment ID. The bundle is encrypted using the device's public key, signed by the Splunk Cloud Gateway app signing private key, and then returned to the mobile device. Once the mobile app verifies the signature and decrypts the bundle using the device's private key, the user can access Splunk data within the Connected Experiences mobile app.

Last modified on 07 October, 2020
Set up SAML authentication for Splunk Cloud Gateway   Set up MDM and in-app registration for iOS devices

This documentation applies to the following versions of Splunk® Cloud Gateway (Legacy): 1.6.0, 1.7.0, 1.7.2, 1.8.0, 1.9.0, 1.9.1, 1.11.0, 1.12.0, 1.12.1, 1.12.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters