Splunk® Secure Gateway

Administer Splunk Secure Gateway

Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.

About MDM and in-app registration

Use Mobile Device Management (MDM) and in-app registration together to securely deliver Connected Experiences apps to a large number of devices. MDM lets you scale app delivery, secure content access, and manage data on mobile devices. With MDM and in-app registration, users can register their devices themselves from within the mobile app. They don't need direct access to Splunk Secure Gateway or a Splunk platform instance.

MDM and in-app registration are currently available for the following Connected Experiences apps:

  • Splunk Mobile for iOS
  • Splunk Mobile for Android
  • Splunk AR for iOS

The Connected Experiences apps support MDM providers that are part of the AppConfig community. See https://www.appconfig.org/members.html to learn more about the different AppConfig member tiers. This includes, but isn't limited to, Microsoft InTune, MobileIron, VMware AirWatch, IBM, and Citrix.

See the AppConfig website for the iOS and Android standards and check with your MDM provider to see if they follow these standards:

Distributing a Connected Experiences app with MDM

As an admin, you can deploy a supported Connected Experiences app to a large number of devices using a compatible MDM provider. MDM providers that are a part of the AppConfig community are supported.

MDM offers secure app distribution within your organization so you can scale your mobile app deployment. MDM provides the following features:

  • Enforce data loss prevention.
  • Receive app-specific configuration information.
  • Apply MDM security policies to protect your data.
  • Tunnel network connections to servers behind an enterprise firewall so device users don't need to set up VPN access.

After deploying a supported Connected Experiences app with your MDM provider, configure the app for in-app registration.

In-app registration with MDM

With MDM and in-app registration, users can register their devices in the mobile app themselves. Users don't need access to Splunk Secure Gateway or a Splunk platform instance.

Generate an instance ID file to allow the mobile app to locate and connect to your Splunk platform instance. Multistep encryption ensures that your data is secure when deploying the mobile apps at scale with MDM and in-app registration.

Generate instance ID files

Generate an instance ID file from Splunk Secure Gateway on the Splunk platform instances that you want your users to register to. The instance ID file contains the Splunk Secure Gateway public key, Secure Gateway ID, deployment ID, and an MDM private signing key. The instance ID file allows the mobile device to locate and connect to the Splunk platform instances.

If you're providing users access to more than one Splunk instance, upload the instance ID files to Splunk Secure Gateway to combine them. Splunk Secure Gateway runs a concatenation script that places information from all instance ID files in a single JSON file.

Use your MDM provider to deploy a compatible Connected Experiences mobile app to user devices. The steps to do this depend on the MDM provider you're using, but generally the steps look like this:

  1. Load the mobile app from the Apple App Store or Google Play Store into the MDM provider portal.
  2. Load the instance ID file into an app configuration, conforming to the AppConfig protocol.
  3. Push the mobile app and the app configuration to your users' mobile devices. The Connected Experiences mobile app can then use the contents of the app configuration to allow users to register within the mobile app.

To learn more about the AppConfig protocol, see the Manage App Configuration for App Deverlops documentation at https://storage.googleapis.com/appconfig-media/appconfig-content/uploads/2017/01/ManagedAppConfig.pdf.

Sending a registration request

When a user launches the mobile app, the app presents the list of Splunk platform instances pushed in the app configuration. The user selects an instance and enters their Splunk platform credentials. The mobile app sends an encrypted and digitally signed registration request payload that contains the user's Splunk platform credentials, a version identifier, and the Splunk Secure Gateway Deployment ID to Splunk Secure Gateway.

Authenticating the device

Spacebridge routes the encrypted credentials to the Splunk instance to authenticate the registration request. Splunk Secure Gateway decrypts the payload, and if the user's credentials are authorized, Splunk Secure Gateway generates a Splunk access token and returns it to the mobile app in an encrypted bundle. Once the mobile app verifies the signature and decrypts the bundle using the device's private key, the user can access their Splunk platform data within the Connected Experiences mobile app.

Last modified on 30 October, 2023
Troubleshoot SAML Authentication with the Connected Experiences apps   Set up MDM and in-app registration for the Connected Experiences apps

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6 Cloud Only, 2.5.7, 2.6.3 Cloud only, 2.7.3 Cloud only, 2.7.4, 2.8.4 Cloud only, 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only, 3.4.251, 3.5.15 Cloud only

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters