Splunk® Enterprise

Securing the Splunk Platform

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.2 will no longer be supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

About user authentication

Authentication lets you add users, assign them to roles, and give those roles access to resources as you need for your organization. The Splunk platform has several schemes that you can use for authentication. You must have an active license for authentication to work.

The Splunk platform uses the following authentication schemes:

Scheme Splunk platform types Description
Native Splunk authentication all Native Splunk authentication takes precedence over any external authentication schemes. The native scheme provides the Admin, Power, and User roles by default. You can define your own roles using a list of Splunk capabilities. If you have an active license, native authentication is on by default. See Set up native Splunk authentication for more information.
Lightweight Directory Access Protocol (LDAP) all The Splunk platform supports authentication with its internal authentication services or your existing LDAP server. See Set up user authentication with LDAP for more information.
Security Assertion Markup Language (SAML) all The Splunk platform supports contacting an identity provider (IdP) that uses the SAML version 2.0 protocol and retrieving user information that can be mapped to Splunk roles. See Configure single sign-on with SAML for additional information.
Scripted authentication API Splunk Enterprise Use scripted authentication to integrate Splunk authentication with an external authentication system, such as Remote Authentication Dial-in User Service (RADIUS) or Pluggable Authentication Module (PAM). See Set up user authentication with external systems for more information.

You can create and assign users to roles either in Splunk Web, on Splunk Cloud Platform and Splunk Enterprise, or by editing the authorize.conf configuration file on Splunk Enterprise only. For more information about roles and capabilities, read About role-based user access.

Last modified on 16 September, 2021
PREVIOUS
Use access control to secure Splunk data
  NEXT
About configuring role-based user access

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.0.13, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.2.0, 8.2.1, 8.2.2, 7.0.6, 7.0.7


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters