Splunk® SOAR (On-premises)

Use Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Access Account Settings

Click your account name and select Account Settings to access your account settings.

The default admin account on a instance is a local account. Local accounts only exist in the database for the web interface and can't be used to log into the operating system or any external authentication server.

Each account must have at least one email address associated with it. uses this email address as part of the approval process workflow.

also supports single sign-on authentication from various identity providers. For more information, see Configuring single sign-on authentication for in the Administer manual.

Account Settings

You can configure various settings through the tabs on the account settings page. Use this page to configure user settings, notifications, and change your password.

User Settings

For a local account, the primary email is the username you log in with. You can change it at any time, but you must use the new email address the next time you log in. Your current login session continues until you log out, your session expires, or you switch browsers or machines.

The User Settings tab also includes settings for time zone, choosing between light and dark display themes, and whether you want to display the Onboarding wizard.

Mobile device registration

Contact a Splunk SOAR admin to enable mobile device registration so that you can register your mobile device and get started with Splunk mobile apps. You can register multiple devices, but one device cannot be registered to multiple users.

Mobile device registration is only available for Splunk SOAR (On-premises).

Prerequisite

An admin must enable the mobile feature on your instance. See Enable mobile device registration with Splunk SOAR (On-premises) in the Administer manual.

Steps

  1. Download Splunk Mobile onto your mobile device and install it.
    See Download Splunk Mobile for iOS or Download Splunk Mobile for Android to download the Splunk Mobile app.
  2. On your mobile device, tap the gear icon to get to the Settings page.
  3. Tap manage instances in the Settings page.
    A pop-up opens.
  4. Tap the word edit in the pop-up.
  5. Tap the Register button in the pop-up. The 10-digit code appears on the mobile device.
  6. From your account settings menu in the instance click on Name > Account Settings > Mobile Device Registration:
    1. Enter the 10-digit code from the mobile device into the activation code fields.
    2. Enter a name for the device in the device name field.
    3. Click Register.
    4. A confirmation code pop-up window appears. If this matches the confirmation code on the mobile device, then login with your instance credentials, and click Continue.
  7. To add additional devices, click + New Device and follow the previous steps again.

Your registered devices display in a table. These are the devices that will receive push notifications from for approvals, prompts, manual tasks, and workbook tasks.

When you no longer want access to the mobile app from a particular mobile device, you can unregister from the app itself or you can do the following to unregister the device on  :

  1. Locate the device by name or by type in the table.
  2. In the Action column, click remove.
  3. Confirm at the prompt by clicking remove.

It is also possible for a admin to unregister your mobile device. If an admin unregisters your device, it will disappear from your account settings. If an admin deletes your user account, you will no longer be able to access through the mobile app.

Last modified on 19 December, 2023
About   Start with Investigation in

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters