Splunk® Secure Gateway

Use Splunk Secure Gateway

Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.

Log in to a Splunk platform instance in a Connected Experiences app

Register your mobile device or TV using Splunk Secure Gateway to log in to a Splunk platform instance.

Supported authentication methods

Splunk Secure Gateway supports the following authentication methods:

LDAP and local authentication do not require additional configuration.

Prerequisites

See the following options for how you can log in to a Splunk Platform instance in a Connected Experiences app:

If you run into issues during login, see Troubleshoot Splunk Secure Gateway performance issues in the Administer Splunk Secure Gateway manual.

Log in with a QR code or authentication code using Splunk Secure Gateway

You can log in by scanning the QR code in Splunk Secure Gateway or manually entering the authentication code. Here's how to log in using the authentication code in the Connected Experiences apps.

QR code login requires token authentication to be enabled. See Enable or disable token authentication to learn more.

Scan QR code

If you're using Splunk Mobile, you can log in by scanning a QR code. Only Splunk Mobile supports QR code login. QR code login requires token authentication and you must allow Splunk Mobile to access the camera on your device to scan the QR code.

  1. Open Splunk Mobile on your device.
  2. On the Splunk platform instance login screen in Splunk Mobile, tap Open Camera.
  3. In the Home tab in Splunk Secure Gateway, click + Add New Device.
  4. Select Splunk Mobile.
  5. Click Next.
  6. Click Log in with QR code.
  7. Scan the QR code.

Enter authentication code

You can log in using the authentication code for any Connected Experiences app.

  1. In the Home tab in Splunk Secure Gateway, click + Add New Device
  2. Select the Connected Experiences app that you're using.
  3. Click Next
  4. Enter the 10-digit code provided by the Connected Experiences app.
  5. Click Next.
  6. Check that the confirmation code matches the confirmation code on the device.
  7. Log in with your Splunk Enterprise credentials
  8. Click Confirm to complete registration.

Log in to multiple Splunk instances

You can log in to multiple Splunk platform instances and switch between Splunk platform instances.

  1. In the Connected Experiences mobile app, navigate to Settings.
  2. Click Manage instances.
  3. Click +.
  4. Enter the provided authentication code in Splunk Secure Gateway.

Log in if your organization uses an SSO provider

If your organization uses SAML authentication, you can log in using your Splunk credentials and the authentication code provided in the Connected Experiences mobile app, or by entering your organization's hostname.

Prerequisites

  • Your admin has set up SAML authentication. See Set up SAML authentication for admin set up steps in the Administer Splunk Secure Gateway manual.

Log in with the authentication code

You can use Splunk Secure Gateway to log in to Splunk Cloud Platform or Splunk Enterprise with an SSO provider.

  1. Log in using the authentication code provided in the Connected Experiences app.
  2. During registration, you are redirected to your SSO provider.
  3. Log in and complete the registration steps. See Log in a device with an authentication code using Splunk Secure Gateway.

Log in with a hostname

Before logging in with a hostname, an admin must provide you with a registration QR code or your organization's hostname in the form of https://<splunk-cloud-instance-name>.splunkcloud.com. For admin steps, see Provide a QR code for SAML authentication device registration with a hostname in the Administer Splunk Secure Gateway manual.

You can only log in to Splunk Cloud Platform instances with a hostname.

  1. In the Splunk Mobile app login screen, tap SSO.
  2. Scan the QR code or enter the hostname provided by your admin.
  3. Tap Sign in with SSO. You're redirected to your organization's IdP.
  4. Sign in with your SSO credentials.

Log in if your organization uses MDM

If your admin set up Mobile Device Management (MDM) and in-app device registration, you can enter your Splunk login credentials to log in.

MDM allows admins to scale and further secure their Splunk Mobile deployment. To learn more about compatible apps and providers, see About MDM and in-app registration.

If your organization uses both SAML authentication and an MDM provider, see Log in if your organization uses both SAML authentication and an MDM provider

Prerequisites

  • Use a MDM-supported app. See About MDM and in-app registration to learn which Connected Experiences apps support MDM.
  • Your admin has set up MDM and in-app registration.

For admin MDM setup, see Set up MDM and in-app registration for the Connected Experiences apps.

Log in with an iOS MDM-distributed device

If you're using an iOS device, follow these steps to log in with your MDM-distributed device:

  1. If you're using an iOS device, log in to your MDM provider website on your device. This installs an MDM profile on your device and redirects you to the App Store or Playstore.
  2. Download the MDM provider's catalog app.
  3. In the MDM providers' catalog app, download the Splunk Connected Experiences app.
  4. In the Splunk Connected Experiences app, tap the Splunk platform instance that you want to log in to.
  5. Select Local sign on or Single Sign On.
  6. Enter your Splunk platform instance or SSO credentials to register.

Alternatively, tap Log in with Code to log in using a provided authentication code in Splunk Secure Gateway.

Log in with an Android MDM-distributed device

If you're using an Android device, follow these steps to log in with your MDM-distributed device:

  1. Download your MDM provider app from the Play Store.
  2. Log into the MDM provider app with your MDM credentials. This installs an MDM profile on your device.
  3. Download the Splunk Connected Experiences app from the Play Store.
  4. Select Local sign on or Single Sign On.
  5. Enter your Splunk platform instance or SSO credentials to register.

Alternatively, tap Log in with Code to log in using a provided authentication code and Splunk Cloud Gateway, or tap Log in with SSO to log in using SAML authentication with a hostname.

Log in if your organization uses both SAML authentication and an MDM provider

If your organization uses both SAML authentication and an MDM provider, select SSO Sign On and log in with your organization credentials.

Log in to multiple Splunk instances

You can get data from multiple Splunk platform instances on your device when you log in to more than one Splunk platform instances.

  1. Navigate to Settings > Manage Instances. Or if you're using Splunk Mobile, tap the Secure Gateway ID dropdown arrow.
  2. Tap the + icon.
  3. Log in using any authentication method.

To navigate between Splunk platform instances in the Splunk Mobile app, tap the Secure Gateway ID dropdown and select the instance that you want to view data from.

The Secure Gateway ID is randomly generated when you first launch Splunk Secure Gateway. Admins can define this Secure Gateway ID in Administration > Deployment Settings in Splunk Secure Gateway or in the securegateway.conf file so you can quickly identify your Splunk platform instances.

Unregister a device

You can unregister a device in Splunk Secure Gateway or in the Connected Experiences mobile app on the device.

Here's how to unregister a device in Splunk Secure Gateway:

  1. Navigate the Home tab in Splunk Secure Gateway.
  2. Next to the device you want to remove, click the trash icon.

Here's how to unregister a device in the Connected Experiences mobile apps:

  1. Navigate to Settings.
  2. Tap Manage instances.
  3. Tap the trash iconnext to the instance you want to unregister from.
  4. Click Unregister to confirm.
Last modified on 20 June, 2023
  Troubleshoot Splunk Secure Gateway

This documentation applies to the following versions of Splunk® Secure Gateway: 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only, 3.4.251, 3.5.15 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters