Splunk® Enterprise

Securing the Splunk Platform

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set up native Splunk authentication

Splunk authentication lets you easily set up users to access Splunk platform resources. Available in both Splunk Cloud Platform and Splunk Enterprise, the native authentication scheme always takes precedence over any external authentication schemes.

The Splunk platform authenticates users in the following order:

  1. Native Splunk authentication
  2. Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics:

You cannot use both LDAP and scripted authentication together.

You can create new users and assign roles to those users with a role-based access control system in two ways:

  • Use Splunk Web to create users and assign roles. For more information, see Configure users with Splunk Web.
  • On Splunk Enterprise only, use the CLI to create users and then assign them to roles with Splunk Web. For more information see Configure users with the CLI. The CLI is not available on Splunk Cloud Platform.

Important naming guidelines when creating users and roles

When you create users and roles within the native authentication scheme, note the following caveats:

  1. Usernames stored in the native authentication scheme cannot contain spaces, colons, or forward slashes.
  2. Usernames are not case-sensitive. For example: Jacque, jacque, and JacQue are all the same to the native Splunk authentication scheme.
  3. Role names must use lowercase characters only. They cannot contain spaces, colons, or forward slashes.
Last modified on 19 September, 2021
PREVIOUS
Manage out-of-sync passwords in a search head cluster
  NEXT
Configure users with Splunk Web

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.10, 7.0.11, 7.0.13, 6.3.1, 7.0.5, 7.0.8, 7.0.9, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.2.0, 8.2.1, 8.2.2, 7.0.6, 7.0.7


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters