Splunk® Secure Gateway

Administer Splunk Secure Gateway

Acrobat logo Download manual as PDF


Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.
Acrobat logo Download topic as PDF

How devices authenticate to your Splunk platform with SAML authentication

Security Assertion Markup Language (SAML) authentication uses JSON Web Token (JWT) to securely authenticate mobile devices to your Splunk platform. To learn more about how JWT works and how to set up JWT, see Set up authentication with tokens in the Splunk Cloud Securing the Splunk Platform manual.

The following diagrams illustrate how mobile client devices authenticate to the Splunk platform through a supported identity provider (IdP). Splunk Secure Gateway performs validation and encryption. Spacebridge, a secure intermediary component, routes the credentials bundle back to the client device.

To learn about supported IdPs and how to set up SAML authentication for your Connected Experiences mobile app, see Set up SAML authentication for Splunk Secure Gateway.

SAML authentication with provided authentication code

This following diagram shows how a mobile client device authenticates to the Splunk platform with an IdP and the authentication code provided in a Connected Experiences mobile app.

This diagram shows how a mobile device authenticates to the Splunk Platform using an IdP and the authentication code provided in a Connected Experiences mobile app.

  1. When a user launches the Splunk platform web view, they're redirected to their IdP to log in with their user credentials.
  2. The IdP issues a short-lived session token and the user has access to the Splunk platform.
  3. The user enters the authentication code provided in the Connected Experiences mobile app into Splunk Secure Gateway.
  4. Splunk Secure Gateway routes the authentication code to Spacebridge.
  5. Spacebridge receives and validates the authentication code.
  6. The user confirms that the confirmation code on their device matches the one in Splunk Secure Gateway.
  7. Splunk Secure Gateway validates the user credentials and short-lived session token.
  8. Splunk Secure Gateway requests a long-lived JWT from the Splunk platform.
  9. The Splunk platform issues a JWT to Splunk Secure Gateway.
  10. Splunk Secure Gateway encrypts the JWT, JWT expiry date, username, encryption keys, and Secure Gateway ID.
  11. Spacebridge routes the JWT, JWT expiry date, username, encryption keys, and Secure Gateway ID back to the client device.

SAML authentication with MDM

The following diagram shows how a mobile client device authenticates to the Splunk platform with an IdP and Mobile Device Management (MDM) provider. When an admin sets up MDM, they generate an instance ID file that supports SAML authentication. To learn more about MDM, see About Mobile Device Management (MDM) and in-app registration.

Your Splunk platform instance must be accessible from the mobile browser of the device logging in to use SAML authentication with MDM. If your Splunk platform instance isn't accessible from the mobile browser of mobile devices that are logging in, you can use a different login method. See Log in to a Splunk platform instance in a Connected Experiences app.

This diagram shows how a mobile device authenticates to the Slunk Platform using an IdP, MDM provider, and the authentication code provided in a Connected Experiences mobile app.

  1. When a user launches a Connected Experiences app that supports SAML authentication, they select the SAML authentication login option.
  2. The client device generates and signs a public key with the MDM private key from the instance ID file.
  3. The client device requests access to Splunk Secure Gateway and opens a web view.
  4. The user is redirected to their IdP to log in with their user credentials.
  5. The IdP issues a short-lived session token to Splunk Secure Gateway.
  6. Splunk Secure Gateway validates the signature from the MDM private key.
  7. Splunk Secure Gateway validates the user credentials and short-lived session token.
  8. Splunk Secure Gateway requests a long-lived JWT from the Splunk platform.
  9. The Splunk platform issues a JWT to Splunk Secure Gateway.
  10. Splunk Secure Gateway encrypts the JWT with its own encryption key and the client device public key.
  11. Splunk Secure Gateway makes a request for the registration page with the JWT as its query parameter.
  12. The client device recognizes the request for the registration page, retrieves the JWT, and closes the web view.
  13. Spacebridge establishes a WebSocket connection between the client device and Splunk Secure Gateway.
  14. The client device returns the JWT through a WebSocket connection to Splunk Secure Gateway.
Last modified on 01 October, 2021
PREVIOUS
Set up SAML authentication for Splunk Secure Gateway
  NEXT
Troubleshoot SAML Authentication with the Connected Experiences apps

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6, 2.6.3, 2.7.3, 2.7.4, 2.8.4


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters