Splunk® Cloud Gateway (Legacy)

Install and Administer Splunk Cloud Gateway

Splunk Cloud Gateway is a legacy app as of version 1.13.2. To register mobile devices and configure your Splunk Connected Experiences deployment, use Splunk Secure Gateway. See the Splunk Secure Gateway documentation to learn more.

About MDM and In-app Registration

Use Mobile Device Management (MDM) and in-app registration together to securely and quickly deliver Splunk Mobile to a large number of devices. MDM lets you scale app delivery, secure content access, and manage data on mobile devices. In-app registration allows users to register their devices in the Splunk Mobile app without needing access to Splunk Secure Gateway.

MDM and in-app registration are currently available for the following Connected Experiences apps:

  • Splunk Mobile for iOS
  • Splunk Mobile for Android
  • Splunk AR for iOS

The Connected Experiences apps support MDM providers that are part of the AppConfig community. This includes, but isn't limited to, InTune, MobileIron, VMware AirWatch, IBM, and Citrix.

See the AppConfig website for the iOS and Android standards and check with your MDM provider to see if they follow these standards.

Distributing Splunk Mobile with MDM

As an admin, you can deploy Splunk Mobile for iOS, Splunk Mobile for Android to a large number of devices using a compatible MDM provider. MDM providers that are a part of the AppConfig community are supported.

MDM offers secure app distribution within your organization so you can easily scale your Splunk Mobile deployment. MDM allows you to do the following:

  • Enforce data loss prevention.
  • Receive app-specific configuration information.
  • Apply MDM security policies to protect your data.
  • Tunnel network connections to servers behind an enterprise firewall so device users don't need to set up VPN access.

After deploying Splunk Mobile with your MDM provider, configure the app for in-app registration.

In-app registration with MDM

With MDM and in-app registration, users can register their devices in the Splunk Mobile app themselves. Users don't need access to Splunk Cloud Gateway or an on-premises Splunk Enterprise instance.

Generate an instance ID file to allow the mobile app to locate and connect to your Splunk instance. Multi-step encryption ensures that your data is secure when deploying the mobile apps at scale with MDM and in-app registration.

Generate instance ID files

Generate an ID file from Splunk Cloud Gateway on the Splunk instances that you want your users to register to. The instance ID file contains the instance's Splunk Cloud Gateway public key, Cloud Gateway ID, deployment ID, and an MDM private signing key. It allows the mobile device to locate and connect to the Splunk instance.

If you're providing users access to more than one Splunk instance, upload the instance ID files to Splunk Cloud Gateway to combine them. Splunk Cloud Gateway runs a concatenation script that places information from all identifier files in a single JSON file.

Use your compatible MDM provider to deploy Splunk Mobile to user devices. Deploy the single or combined instance ID file to MDM-managed devices as a configuration. The contents of the instance ID files allow your MDM provider to configure the mobile app for in-app registration.

Sending a registration request

When a user launches the Splunk Mobile app, the app presents a list of Splunk instances in the combined instance ID file. The user selects an instance and enters their Splunk credentials. The mobile app sends an MDM registration request payload to Splunk Cloud Gateway that contains the user's Splunk credentials. The payload is serialized to bytes and encrypted with the Splunk Cloud Gateway app public encryption key. The encrypted payload is bundled with a version identifier and the Splunk Cloud Gateway deployment ID. The payload is then signed with the MDM signing private key and the device private signing key.

Authenticating the device

The Cloud Gateway service routes the encrypted credentials to the Splunk instance to authenticate the registration request. Splunk Cloud Gateway decrypts the payload, and if the user's credentials are authorized, Splunk Cloud Gateway generates a token to access Splunk. Splunk Cloud Gateway bundles a session token, the username, server version, and Splunk Cloud Gateway deployment ID. The bundle is encrypted using the device's public key, signed by the Splunk Cloud Gateway app signing private key, and then returned to the mobile device. Once the mobile app verifies the signature and decrypts the bundle using the device's private key, the user can access Splunk data within the Splunk Mobile app.

Last modified on 12 November, 2020
Set up SAML authentication for Splunk Cloud Gateway   Set up MDM and in-app registration for iOS devices

This documentation applies to the following versions of Splunk® Cloud Gateway (Legacy): 1.12.4, 1.13.0, 1.13.2, 1.13.3

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters