Splunk® Enterprise

Securing the Splunk Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About multifactor authentication with Duo Security

Multifactor authentication lets you configure a primary and secondary login for your Splunk Enterprise users. Duo Security multifactor authentication secures Splunk Web logins. Splunk Cloud Platform does not support multifactor authentication with Duo Security.

With Splunk Enterprise with Duo Security multifactor authentication, you must set up a second authentication method and then use that method for future logins. The login workflow is as follows:

  1. You log into Splunk Web page using your login credentials. This is the primary login.
  2. You then see a second login page, "Duo Authentication". This is the secondary login.
  3. The first time you log in, you follow the instructions on the Duo login page to set up your preferred method for accessing your secondary credentials:
    • Login with credentials sent through a push notification on your your smart phone (Duo Security Mobile app required).
    • Login with credentials sent through an SMS message to your cell phone.
    • Login with credentials sent through a phone call made to your cell phone.
    • Login by entering a one time code that the Duo Mobile app generates.
  4. After the initial login and configuration, every time you reach the secondary login, you receive those login credentials using your preferred method.

Set up Duo Security for multifactor authentication

  1. Create an account for your Splunk Enterprise configuration on the Duo website. Visit the Duo website for more information on how to create accounts in Duo.
  2. Provide Splunk Enterprise with the information from your Duo Security Account. See Configure Splunk to use Duo Security multifactor authentication for more information.
Last modified on 22 October, 2021
PREVIOUS
Remove an LDAP user safely on Splunk Enterprise
  NEXT
Configure Splunk Enterprise to use Duo Security multifactor authentication

This documentation applies to the following versions of Splunk® Enterprise: 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0, 8.2.1, 8.2.2, 8.2.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters