Splunk® Secure Gateway

Administer Splunk Secure Gateway

Acrobat logo Download manual as PDF


Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.
This documentation does not apply to the most recent version of SecureGateway. Click here for the latest version.
Acrobat logo Download topic as PDF

Set up MDM and in-app registration for iOS devices

You can scale app delivery to a large number of mobile devices, secure content access, and manage data on mobile devices with Mobile Device Management (MDM). With admin setup in Splunk Secure Gateway and a compatible MDM provider, users can log into a Splunk platform instance directly in the mobile app with their Splunk platform credentials. Users don't need access to Splunk Secure Gateway.

MDM and in-app log in are currently available for the following Connected Experiences apps:

  • Splunk Mobile for iOS
  • Splunk Mobile for Android
  • Splunk TV for Apple TV
  • Splunk AR for iOS

The Connected Experiences apps support MDM providers that are part of the AppConfig community. See https://www.appconfig.org/members/ to learn more about the different AppConfig member tiers. This includes, but isn't limited to, Microsoft InTune, MobileIron, VMware AirWatch, IBM, and Citrix.

See the AppConfig website for the iOS and Android standards and check with your MDM provider to see if they follow these standards:

To set up MDM and in-app registration for Splunk Mobile for Android users, see Set up MDM and In-app registration for Android devices in the Install and Administer Splunk Secure Gateway manual.

To set up in-app registration and distribute a Connected Experiences mobile app using MDM, take the following steps:

  1. Add a supported Connected Experiences app to your compatible MDM provider.
  2. Generate or retrieve instance ID files from all of the Splunk platform instances that you want your mobile device users to have access to.
    If you're providing your users access to multiple instances, combine the instance ID files into a single instance ID file using the concatenation feature in Splunk Secure Gateway.
  3. Add the contents of the instance ID file as a custom app configuration for the Connected Experiences mobile app in your MDM provider.

For more details about MDM features and how the in-app device registration process works, see About Mobile Device Management and in-app registration.

Prerequisites

Complete the following prerequisites before you deploy a Connected Experiences mobile app with MDM and in-app registration:

  • Have admin role access to your Splunk platform instances.
  • Have access to add and configure apps in your MDM service.
  • Get Splunk Secure Gateway on your Splunk platform instances.
  • Have Connected Experiences app users.
  • Confirm that your Secure Gateway ID is unique and easily identifiable. The Secure Gateway IDs represent Splunk platform instances that users can log in to.
  • Use local or SAML authentication. See Use MDM with SAML authentication.
  • Use a supported MDM provider. MDM providers that are a part of the AppConfig community are supported.

Steps

Complete the following steps to deploy a Connected Experiences app at scale with MDM and in-app registration.

Add an iOS Connected Experiences app to your MDM provider

Add the mobile app as a native public app from the Apple App Store. See your MDM provider documentation for instructions on how to add an app.

Generate or retrieve instance ID files

Get instance ID files from Splunk Secure Gateway on all of the Splunk platform instances that you want users to log in to. If you've already generated an instance ID file, retrieve the existing instance ID file. If this is the first time you're getting an instance ID file, generate a new instance ID file. If you want to reset your MDM encryption and signing keys, renew the instance ID file.

Generating a new instance ID file overwrites the previous MDM signing key. Users who haven't logged in using the previously deployed mobile app can't log in until they receive the new MDM signing key. You must recombine the instance ID files and upload the new combined file as a configuration to your MDM provider for users to log in.

If this is your first time getting an instance ID file, or if you want to renew your instance ID file, complete the following steps:

  1. Log into the Splunk platform instance that you want users to log in to.
  2. Navigate to the Administration tab of Splunk Secure Gateway.
  3. Click Configure in the Mobile Device Management panel.
  4. If you're getting an instance ID file for the first time, select Generate. If you're renewing an instance ID file, select Renew.


If you've already generated an instance ID file for your instance, complete the following steps to retrieve it: If this is your first time getting an instance ID file, or if you want to renew your instance ID file, complete the following steps:

  1. Log into the Splunk platform instance that you want to users to log in to.
  2. Navigate to the Configure tab of Splunk Secure Gateway.
  3. Click Get Existing Instance ID File.

The instance ID file contains the instance's Splunk Secure Gateway public encryption and signing key, Secure Gateway ID, and MDM signing private key. The files allow the mobile client to identify your Splunk platform instance.

Combine instance ID files

If you're providing your users access to more than one Splunk platform instance, combine the instance ID files in Splunk Secure Gateway. If you're providing users access to just one instance, you can skip this step.

  1. On any of the Splunk platform instances that you generated an instance ID file with, navigate to the Configure tab of Splunk Secure Gateway.
  2. Upload all of the instance ID files.
  3. Click Combine Instance ID Files.

Splunk Secure Gateway runs a script that combines the instance ID files into a single instance ID file.

Add the instance ID to your MDM provider

Use a custom app configuration to add the mobile app to your AppConfig-compatible MDM service.

If you're using MobileIron, use the custom app configuration iOS Managed App Configuration.

If you're using another AppConfig MDM service, follow your provider's documentation to set a configuration for the mobile app.

After selecting a configuration for your situation, add the instance ID file information as a key-value pair. Use the following information to complete the key-value fields:

Field Value
Key server_config
Value The contents of the single or combined instance ID file from Splunk Secure Gateway
Value Type String

Distribute the mobile app to your iOS device users

Follow your MDM provider's instructions to distribute the mobile app to your users.

User registration

When a user launches the Connected Experiences app, they select from a list of Secure Gateway IDs that represent the Splunk platform instances that instance ID files are generated from. Mobile users can select a Secure Gateway ID and log in to that instance using their Splunk credentials. See Log in if your organization uses both SAML authentication and an MDM provider in the Use Splunk Secure Gateway manual for registration documentation.

(Optional) Use MDM with SAML authentication

You can use MDM with SAML authentication to secure your Connected Experiences app deployment. See Use SAML authentication with Mobile Device Management (MDM) for more information about using MDM with SAML authentication.

Last modified on 01 September, 2021
PREVIOUS
About MDM and in-app registration
  NEXT
Set up MDM and in-app registration for Android devices

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6, 2.6.3, 2.7.3, 2.7.4


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters