Splunk® Enterprise

Securing the Splunk Platform

Acrobat logo Download manual as PDF


Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Map groups on a SAML identity provider to Splunk roles

After you configure a Splunk platform deployment to use a Security Assertion Markup Language (SAML) identity provider (IdP) for authentication, you can then authorize groups on that IdP to log into the Splunk platform instance by mapping those groups to Splunk roles. You can map multiple groups on the IdP to a single Splunk role.

This is the only way to give users on your IdP access to the Splunk platform deployment. You cannot give individual users on the IdP access to the Splunk platform deployment unless you create a group on the IdP for the user, or add them to an existing group.

Prerequisites for mapping SAML groups to Splunk roles

Confirm that you have completed the following steps before you attempt to map groups on your IdP to roles on your Splunk platform deployment:

  • The identity provider you have is SAML version 2.0 compliant
  • You have configured your IdP to supply the necessary attributes in an assertion that it sends
  • You have configured your Splunk platform deployment to use the IdP as an authentication scheme.

For more specifics on these prerequisites, see Configure single sign-on with SAML.

Map groups on a SAML identity provider to Splunk roles

  1. In the system bar, click Settings > Authentication Methods.
  2. Under External, confirm that the SAML checkbox is selected.
  3. Click Configure Splunk to use SAML.
  4. Click Cancel to close the SAML Configuration dialog box and show the SAML groups page.
  5. Click New Group, or click Edit if you want to modify an existing SAML group.
  6. If you are creating a new group, in the Group Name field, enter the name of the group. Typically, this is the name of a group on the IdP.
  7. In the Splunk Roles section, choose the Splunk roles to which you want this group to map by clicking one or more of the roles in the Available item(s) column.
  8. Click Save. Splunk Web saves the group and returns you to the SAML Groups page.

After you configure SAML SSO and map groups to Splunk roles, you can distribute the login URL to users on your identity provider.

Last modified on 25 September, 2020
PREVIOUS
Configure advanced settings for SSO 		  NEXT
Modify or remove role mappings

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0, 8.2.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters