Splunk® Secure Gateway

Administer Splunk Secure Gateway

Acrobat logo Download manual as PDF


Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.
Acrobat logo Download topic as PDF

Get started with Splunk Secure Gateway

Manage your Connected Experiences mobile app deployment and allow users to register their devices to a Splunk platform instance. Splunk Secure Gateway is a default-enabled app in Splunk Cloud version 8.1.2103 and higher and Splunk Enterprise version 8.1.0 and higher.

To learn more about Splunk Secure Gateway, see About Splunk Secure Gateway.

Spacebridge has been certified to meet SOC2, Type 2 and ISO 27001 standards. Splunk Cloud customers who have specifically purchased a HIPAA or PCI-DSS regulated environment may transmit the applicable regulated data to Spacebridge as it is HIPAA and PCI-DSS compliant. Spacebridge may not be used in environments that require the FIPS 140-2 standard for cryptographic modules. See Splunk Secure Gateway and Spacebridge Compliance Standards to learn more.

Requirements

Complete the following before using Splunk Secure Gateway:

  • Opt in to using Python 3. See Python interpreter settings in the Splunk Enterprise Python 3 Migration manual.
  • Have the admin role.
  • Agree to the opt-in notice that appears when you first launch Splunk Secure Gateway.
  • Make sure that KV store is running. See KV store troubleshooting tools and Back up and restore KV store in the Splunk Enterprise Admin Manual to learn how to check the status of KV store and for KV store best practices.

See the following requirements for using Splunk Secure Gateway.

Component Requirements
Operating system Windows or Linux operating systems
Hardware Minimum processor size of 4 cores and 16GB of ram. The minimum AWS instance size is m5.xlarge.
Splunk platform version

Splunk Secure Gateway requires Splunk Enterprise version 8.1.0 or higher. Splunk Cloud does not support Splunk Secure Gateway.

Splunk Platform role Admin, sc_admin, power, and normal users can use Splunk Secure Gateway if they have the securegateway role.
Directory Service Splunk Secure Gateway supports SAML authentication and local Splunk accounts. See Set up SAML authentication for Splunk Secure Gateway for more information about setting up SAML authentication.

Proxy server requirements

See (Optional) Use a proxy server with Splunk Secure Gateway to set up a proxy server with Splunk Secure Gateway.

Agree to the opt-in notice

To use Splunk Secure Gateway, agree to the opt-in compliance notice when you first click the Splunk Secure Gateway app. You must be an admin to agree to this compliance notice. To learn more about compliance details, see Splunk Secure Gateway and Spacebridge compliance standards.

Non-admin users will see a general information notice about Splunk Secure Gateway when they click the app until an admin agrees to this opt-in notice.

Migrate from Splunk Cloud Gateway to Splunk Secure Gateway

If you're already using Splunk Cloud Gateway, copy your data from Splunk Cloud Gateway over to Splunk Secure Gateway. See Migrate from Splunk Secure Gateway to Splunk Secure Gateway.

After migrating from Splunk Cloud Gateway to Splunk Secure Gateway, restart your Splunk platform.

Configure Splunk Secure Gateway permissions

A user with the admin or sc_admin role must configure the appropriate permissions in Splunk Web to enable users to use Splunk Secure Gateway. Users must have the securegateway role to access Splunk Secure Gateway and register their devices.

the securegateway role

Users must have the securegateway role to access Splunk Secure Gateway and register their devices. Users with the securegateway role can view and manage their own devices on the Devices page.

The securegateway role has the following capabilities:

Capability Description
securegateway_read
  • Access Splunk Secure Gateway
  • Register devices using the authentication code method
  • View and manage their own devices on the Devices page
  • View KVstore entries
securegateway_write
  • Access Splunk Secure Gateway
  • Register devices using the authentication code method
  • View and manage their own devices on the Devices page
  • View and edit KVstore entries

A user with the admin or sc_admin roles can modify these capabilities per user using the Splunk role-based access control permissions system.

The admin and sc_admin role

The admin and sc_admin roles inherit the securegateway role by default. Only users with the admin or sc_admin role can do the following:

  • Opt into using Splunk Secure Gateway on first launch. Non-admin users with the securegateway role can use Splunk Secure Gateway afterward.
  • Have full access to the Devices and Configure page
  • Assign and edit roles
  • Select which apps to show dashboards from in the Connected Experiences apps. To learn how, see Choose which Splunk apps to show dashboards from in the mobile apps.

Assign a user the securegateway role

The Connected Experiences apps provide role-based access control. Admins can edit roles and capabilities to manage who can see what data. See About configuring role-based user access in the Splunk Enterprise Securing the Splunk Platform manual to learn more about role-based access control.

To add a user from the securegateway role, do the following steps:

  1. Log into your Splunk platform as a user with the Splunk admin role.
  2. In Splunk Web, click Settings > Access Controls.
  3. Click Users.
  4. Click Edit next to the user you want to update.
  5. In the Assign to roles section, click securegateway to add the role.
  6. Click Save.

See Add and edit users in the Splunk Enterprise Securing the Splunk Platform manual for more information about roles.

Last modified on 18 May, 2021
PREVIOUS
About Splunk Secure Gateway
  NEXT
Use a proxy server with Splunk Secure Gateway

This documentation applies to the following versions of Splunk® Secure Gateway: 2.5.4


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters