Set up user authentication with LDAP
The Splunk platform supports several types of authentication schemes, including Lightweight Directory Access Protocol (LDAP).
About configuring LDAP authentication for Splunk Cloud
The Splunk platform lets you configure user and role configuration for LDAP users and groups. You can configure one or many LDAP servers and map users and user groups from your servers to Splunk roles. You can also configure authentication tokens for LDAP users.
Before you configure LDAP, read LDAP prerequisites and considerations.
After you configure LDAP as an authentication scheme, see Set up authentication with tokens for more information on creating authentication tokens for LDAP users.
How to configure LDAP as an authentication scheme
Following are the main steps to configure the Splunk platform to work with LDAP for authentication:
- Configure one or more LDAP strategies, typically one strategy per LDAP server.
- Map LDAP groups to one or more Splunk roles.
- If you have multiple LDAP servers, specify the connection order of the servers.
In Splunk Cloud, you can perform these steps in Splunk Web. See Configure LDAP with Splunk Web.
In Splunk Enterprise, you can use either Splunk Web or configuration files to configure LDAP. To use configuration files to configure LDAP, see Configure LDAP with configuration files.
If you need to configure multiple LDAP servers to work with your Splunk platform instance, see How Splunk works with multiple LDAP servers.
Precedence of Splunk authentication schemes
The native Splunk authentication scheme takes precedence over any external schemes. Precedence is the order in which the Splunk platform authenticates a user:
- The Splunk platform attempts native authentication first. If authentication fails outside of a local account that doesn't exist, there is no follow up attempt to use LDAP to login.
- If a local account does not exist, the Splunk platform attempts an LDAP login.
- On Splunk Enterprise only, if you have configured scripted authentication, the instance then attempts to log in using a script. For more information about scripted authentication, see Set up user authentication with external systems.
Troubleshoot token authentication
Manage Splunk user roles with LDAP
This documentation applies to the following versions of Splunk® Enterprise: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.2.0