Configure RSA authentication from Splunk Web
1. In the Menu, select Settings > Users and Authentication > Access roles.
2. Click Authentication Method.
3. Under Multifactor Authentication, select RSA Security.
4. Click the Configure RSA Security link.
5. Provide the RSA Auth Manager REST service URL.
6. Provide the Access key.
7. Tell Splunk Enterprise how to authenticate users when RSA Authentication Manager is unavailable:
- Let users login Users who have successfully logged into Splunk Web (i.e., primary authentication) can access Splunk Enterprise even if RSA authentication (i.e., secondary authentication) fails.
- Do not let users login Users who have successfully logged into Splunk Web (i.e., primary authentication) cannot access Splunk Enterprise if RSA authentication (i.e., secondary authentication) fails.
10. Provide an error/diagnostic message. This is the message you display if an error occurs when authenticating with RSA Authentication Manager.
11. Provide a time limit, in seconds, for how long to attempt authentication before the connection times out.
12. Save your changes. You do not need to reload authentication for two-factor authentication to take effect.
Before logging out of the configuration session, perform configuration verification using the
/services/admin/Rsa-MFA-config-verify endpoint. This prevents you from blocking your ability to log in if you misconfigure authentication settings. If you connect to this endpoint without entering the passcode, this test can serve as ping to ensure the services are running. Or, you can test the login for a user by including the username and passcode. For example,
curl -k -u admin:changed123 -X POST https://localhost:8089/services/admin/Rsa-MFA-config-verify/rsa-mfa -d username=user1 -d passcode=11112222.
About multifactor authentication with RSA Authentication Manager
Configure Splunk Enterprise to use RSA Authentication Manager multifactor authentication via the REST endpoint
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 8.0.0, 8.0.1