Configure your Private Spacebridge deployment
After setting up Private Spacebridge, you can configure your deployment with the onboarding UI or editing the instance ID file, depending on the Splunk platform version you're using.
Prerequisite
Complete the following steps before configuring Private Spacebridge:
- Set up Private Spacebridge. See Get started with Private Spacebridge to learn how.
- Enable JSON Web Tokens (JWT). See Enable token authentication in the Securing Splunk Cloud Platform manual.
Configure Splunk Secure Gateway for Splunk platform version 9.0 or higher
Splunk Secure Gateway for Splunk platform version 9.0 doesn't require you to edit your MDM instance ID file to manually configure Private Spacebridge. Splunk Secure Gateway automatically completes this step for you. You can still modify this file before uploading to your MDM provider.
If you're using a Mobile Device Management (MDM) provider, follow the steps at Set up MDM and in-app registration for the Connected Experiences apps. Client devices using the uploaded configuration automatically connect to your Private Spacebridge.
If your users are logging in using the QR code method, Private Spacebridge requires no additional setup. The QR code generated by Splunk Secure Gateway automatically directs your mobile clients to connect to your Private Spacebridge.
When you launch Splunk Secure Gateway, complete the onboarding steps to configure your Private Spacebridge location and HTTP endpoint.
Configure Splunk platform instance fields for Splunk platform versions lower than 9.0
If you're using a Splunk platform version lower than 9.0, you can configure various fields in an instance ID file to customize your MDM, SAML, or Private Spacebridge configuration.
Here's an example instance ID file:
{ "server_directory" : [{ "sign_public_key": "<public_key>", "encrypt_public_key": "<public_key>", "deployment_name": "<name>", "mdm_sign_private_key": "<private_key>", "login_type": <login_type>, "instance_url": <saml_url>, "custom_endpoint_id" : <id_string>} ], "endpoint_config" : { "custom_endpoint_id" : <id_string>, "custom_endpoint_hostname" : <url_string>, "custom_endpoint_grpc_hostname" : <url_string>, "client_cert_required" : <true/false>} }
The following table lists objects that are a part of the server_directory
clause. Each server_directory
clause represents a Splunk platform instance using Private Spacebridge.
Field | Type | Value | Configuration area |
---|---|---|---|
server_directory
|
Array | Represents a Splunk platform instance deployment that appears in the instance list in the mobile client. | General |
sign_public_key
|
String | Base64 encoding of the Splunk instance deployment public key for signing. | MDM registration |
encrypt_public_key
|
String | Base64 encoding of the Splunk instance deployment public key for encryption. | MDM registration |
deployment_name
|
String | User-friendly name of the Splunk instance. Displayed on the instance list in the mobile client. | MDM registration |
mdm_sign_private_key
|
String | Base64 encoding of the secret key used to sign login requests. | MDM registration |
login_type
|
Enum "saml" | (Optional) If not present, the app defaults to username and password login. | SAML registration |
instance_url
|
URL | SAML URL. Required if login_type = "saml". | SAML registration |
Private Spacebridge fields
The following table lists objects that are apart of the endpoint_config
clause. Each endpoint_config
clause represents a Private Spacebridge instance.
Field | Type | Value | Configuration area |
---|---|---|---|
endpoint_config
|
Array | Represents a Private Spacebridge instance. | Private Spacebridge |
custom_endpoint_id
|
String | (Required) A user-friendly name for the Private Spacebridge instance that appears on the mobile client. Use this value in the server_directory clause to configure a Splunk platform instance to use this Private Spacebridge.
|
Private Spacebridge |
custom_endpoint_hostname
|
String | (Required) HTTP domain that you created when configuring your Kubernetes cluster. | Private Spacebridge |
custom_endpoint_grpc_hostname
|
String | (Required) Hostname for registered devices to get dashboard data from. | Private Spacebridge |
client_cert_required
|
Bool | (Optional) Determines whether the user must have a valid client certificate installed. Defaults to true . Mark false if you aren't distributing a certificate to client devices.
|
Private Spacebridge |
Get started with Private Spacebridge |
This documentation applies to the following versions of Splunk® Private Spacebridge: 1.1.0
Feedback submitted, thanks!