Splunk® Cloud Gateway

Use Splunk Cloud Gateway

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Register your device to a Splunk platform instance

Register your mobile device or TV in Splunk Cloud Gateway to connect to Splunk Enterprise or Splunk Cloud instances. Or, you can register your mobile device to a Phantom instance.

If you or a Splunk admin changes your Splunk user credentials, then your device will be unregistered. Register your device again. See Device was unregistered after changing user credentials in the Troubleshoot Splunk Cloud Gateway topic for more details.

Prerequisites

Register a device with an authentication code using Splunk Cloud Gateway

Any user with the cloudgateway role can register a device. You do not need the admin role to register a device. Devices with a Connected Experiences app installed have a registration code in the app.

  1. Log in to Splunk Cloud Gateway.
  2. On the Register tab in Splunk Cloud Gateway, enter the 10-digit code provided by the mobile device or TV.
  3. Name the device.
  4. Click Register.
  5. Ensure that the confirmation code matches the confirmation code on the device.
  6. Log in with your Splunk Enterprise credentials to complete registration.

Register a device if your organization uses SAML authentication

If your organization uses SAML authentication, you can register using your Splunk credentials and the authentication code provided in the Connected Experiences mobile app, or by entering your organization's host name. You must be using a Splunk Cloud platform instance to register using a hostname in the Splunk Mobile app.

If your organization uses both SAML authentication and an MDM provider, see Register your device if your organization uses both SAML authentication and an MDM provider

Prerequisites

  • Have the cloudgateway role to register your own device. Have an admin see Configure Splunk Cloud Gateway and dashboard permissions.
  • Install the Splunk app for the Connected Experiences app you're using on your Splunk platform instance.
  • Download a Connected Experiences app on your device.
  • Have an admin enable token authentication. See enable token authentication for a Splunk platform instance in the Securing the Splunk Platform manual.
  • Check that your admin has set up SAML authentication. See Set up SAML authentication for Splunk Cloud Gateway in the Install and Administer Splunk Cloud Gateway manual.

Register with the authentication code

You can register using SAML authentication in Splunk Cloud Gateway with Splunk Cloud or Splunk Enterprise.

  1. Register your device using the authentication code provided in the Connected Experiences app.
  2. During registration, you are redirected to your SSO provider.
  3. Log in and complete the registration steps. See Register a device with an authentication code using Splunk Secure Gateway.

Register with a hostname

If you're using a Splunk Cloud platform instance, you can register in the mobile app.

  1. In the Splunk Mobile app, tap Sign in with SSO.
  2. Enter your organization's hostname in the form of https://<splunk-cloud-instance-name>.splunkcloud.com. Contact your admin for your Splunk Cloud Instance name.
  3. Tap Sign in with SSO. You're redirected to your organization's IdP.
  4. Sign in with your SSO credentials.

Register a MDM-distributed device

If your admin set up Mobile Device Management (MDM) and in-app device registration, you can enter your Splunk login credentials to register your device. This feature is currently available for only Splunk Mobile for iOS and Android.

MDM allows admins to scale and further secure their Splunk Mobile deployment. To learn more about in-app registration, see About Mobile Device Management with Splunk Mobile.

If your organization uses both SAML authentication and an MDM provider, see Register your device if your organization uses both SAML authentication and an MDM provider

Prerequisites

For admin MDM set up, see Set up Mobile Device Management for iOS devices or Set up Mobile Device Management for Android devices.

Steps

If you're using an Android device and you've already registered to a Splunk instance using the authentication code, you must unregister from the one you're currently using before you can register to an instance in the Splunk Mobile app.

Follow these steps to register your MDM-distributed device:

  1. In the Splunk Mobile app, tap the Splunk instance that you want to register to.
  2. Select Local or LDAP sign on.
  3. Enter your Splunk instance credentials to register.

Alternatively, tap Register with Code to register using a provided authentication code and Splunk Cloud Gateway, or tap Sign in with SSO to register using SAML authentication with a hostname.

Register a device if your organization uses both SAML authentication and an MDM provider

If your organization uses both SAML authentication and an MDM provider, select SSO Sign On and log in with your organization credentials.

Register to multiple Splunk instances

You can get data from multiple Splunk Enterprise instances with multi-instance registration.

  1. Navigate to Settings > Manage Instances. Or if you're using Splunk Mobile, tap the Cloud Gateway ID dropdown arrow.
  2. Tap Edit > Register.
  3. Follow the same registration steps as when you would normally register your device.

To navigate between Splunk instances in the Splunk Mobile app, tap the Cloud Gateway ID dropdown and select the instance that you want to view data from.

The Cloud Gateway ID is randomly generated when you first launch Splunk Cloud Gateway. Admins can define this Cloud Gateway ID in the Configure tab of Splunk Cloud Gateway or in cloudgateway.conf so you can easily identify your Splunk instances.

Register to a Phantom instance

To connect your device to a Phantom instance, register your mobile device using the authentication code. In Splunk Phantom, go to Name > Account Settings > Mobile Device Registration.

Splunk Phantom for Splunk Mobile is only supported on iOS.

Unregister a device

You can unregister a device in Splunk Cloud Gateway or in the app on the device.

Here's how to unregister a device in Splunk Cloud Gateway.

  1. Select the Devices tab in Splunk Cloud Gateway.
  2. Next to the device you want to remove, click Remove.

Here's how to unregister a device in a Connected Experiences mobile app.

  1. Tap the Cloud Gateway ID dropdown arrow.
  2. Tap Edit.
  3. Tap the X button next to the instance you want to unregister from.
  4. Tap Unregister to confirm.
Last modified on 05 January, 2021
  NEXT
Troubleshoot Splunk Cloud Gateway Connection Issues

This documentation applies to the following versions of Splunk® Cloud Gateway: 1.11.0, 1.12.0, 1.12.1, 1.12.2, 1.12.4, 1.13.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters