Configure SAML single sign-on (SSO) to Splunk Cloud
Splunk Cloud lets you use SAML authentication for single sign-on (SSO).
- A managed deployment of Splunk Cloud. Self-service deployments log in through the Splunk customer portal and cannot independently configure SAML SSO.
- An identity provider configured to provide the
- An admin role with the
change_authenticationcapability. This permission level lets you enable SAML and edit authentication settings on the Splunk Cloud search head.
- If you require multifactor authentication, then you must use a SAML v2 identity provider that supports multifactor authentication. While Splunk Enterprise has built-in support for multifactor authentication such as Duo and RSA, Splunk Cloud does not support these methods of integration.
- Only SHA-256 signatures in the SAML message between your IdP and Splunk Cloud are supported. You are responsible for the SAML configuration of your IdP including the use of SHA-256 signatures.
- For ADFS, you may need to set the Claim Type as "UPN" when configuring your IdP. The Splunk blog post at https://www.splunk.com/blog/2016/09/14/configuring-microsofts-adfs-splunk-cloud.html provides more information about configuring ADFS for Cloud.
When you configure Splunk Cloud to use your SAML authentication system, you must authorize groups on your SAML server to log in by mapping them to Splunk Cloud roles. To enable SSO, use information provided by your identity provider to configure Splunk Cloud to work with SAML. For details, see Configure single sign-on with SAML in the Securing Splunk Enterprise manual.
Set limits for concurrent scheduled searches
Configure hybrid search
This documentation applies to the following versions of Splunk Cloud™: 7.2.4, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 8.0.2001, 8.0.2003, 8.0.2004