Splunk® Enterprise

Securing the Splunk Platform

Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

About Single Sign-on using SAML

Splunk Enterprise lets you use SAML authentication for single sign-on (SSO). To enable SSO you use information provided by your IdP to configure Splunk Enterprise to work with SAML.

To enable single sign-on for a configuration you use information provided by your IdP (Splunk Enterprise supports Ping Identity's PingFederate product), to configure Splunk Enterprise to work with SAML through Splunk Web or by editing authentication.conf directly.

To configure SSO with SAML you must have the following:

  • An identity provider (IdP). Currently, PingFederate is the only identity provider tested to work with SAML SSO. If you need help configuring your identity provider, refer to your identity provider's documentation or support resource.
  • A configuration that uses an on-premises search head.
  • An admin role with the change_authentication Splunk capability. This permissions level lets you enable SAML and edit authentication settings on a Splunk search head. (You must configure SSO for each search head in your configuration,)

To set it up:

1. Set up your IdP, or make sure you have access to your IdP configuration. You will need the information from the IDP to tell Splunk how to authenticate to it. The IdP must be configured to provide the attributes:

  • role
  • realName
  • mail

2. Map the groups returned by the IdP to Splunk roles. Multiple groups can map to a single Splunk role.

3. Distribute the login URL to your users, IdP users assigned to roles will be able to login with SSO.

For more information:

Last modified on 29 August, 2016
Best practice for removing an LDAP user
Configure SAML SSO in Splunk Web

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters