Splunk® Enterprise

Securing Splunk Enterprise

Preview features described in this document are provided by Splunk to you "as is" without any warranties, maintenance and support, or service-level commitments. Splunk makes this preview feature available in its sole discretion and may discontinue it at any time. These documents are not yet publicly available and we ask that you keep such information confidential.

Set up native Splunk authentication

The native Splunk authentication scheme is the default scheme for authentication on the Splunk platform. It comes standard with every Splunk Enterprise installation and Splunk Cloud Platform uses it by default when you get Splunk Cloud Platform set up.

Native Splunk authentication lets you easily configure users to access Splunk platform resources. The native authentication scheme always takes precedence over any external authentication schemes.

The Splunk platform authenticates users in the following order:

  1. Native Splunk authentication
  2. Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if you turn it on). For more information, see the following topics:

It isn't possible to use both LDAP and scripted authentication at the same time.

You can create new users and assign roles to those users with a role-based access control system in two ways:

Naming guidelines for users and roles

When you create users and roles within the native authentication scheme, heed the following caveats:

  1. Usernames for the native authentication scheme cannot contain spaces, colons, or forward slashes.
  2. Usernames are not case-sensitive. For example: Jacque, jacque, and JacQue are all the same to the native Splunk authentication scheme.
  3. Role names must use lowercase characters only. They cannot contain spaces, colons, or forward slashes.
Last modified on 20 May, 2024
Use network access control lists to protect your deployment   Configure users with Splunk Web

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.2, 9.3.1, 9.4.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters