Splunk Cloud

Splunk Cloud User Manual

Download manual as PDF

Download topic as PDF

Configure SAML single sign-on (SSO) to Splunk Cloud

Splunk Cloud lets you use SAML authentication for single sign-on (SSO).

Prerequisites

  • A managed deployment of Splunk Cloud. Self-service deployments log in through the Splunk customer portal and cannot independently configure SAML SSO.
  • An identity provider configured to provide the role, realName, and mail attributes.
  • An admin role with the change_authentication capability. This permission level lets you enable SAML and edit authentication settings on the Splunk Cloud search head.
  • If you require multifactor authentication, then you must use a SAML v2 identity provider that supports multifactor authentication. While Splunk Enterprise has built-in support for multifactor authentication such as Duo and RSA, Splunk Cloud does not support these methods of integration.
  • Only SHA-256 signatures in the SAML message between your IdP and Splunk Cloud are supported. You are responsible for the SAML configuration of your IdP including the use of SHA-256 signatures.
  • For ADFS, you may need to set the Claim Type as "UPN" when configuring your IdP. The Splunk blog post at https://www.splunk.com/blog/2016/09/14/configuring-microsofts-adfs-splunk-cloud.html provides more information about configuring ADFS for Cloud.


When you configure Splunk Cloud to use your SAML authentication system, you must authorize groups on your SAML server to log in by mapping them to Splunk Cloud roles. To enable SSO, use information provided by your identity provider to configure Splunk Cloud to work with SAML. For details, see Configure single sign-on with SAML in the Securing Splunk Enterprise manual.

Last modified on 24 March, 2020
PREVIOUS
Set limits for concurrent scheduled searches
  NEXT
Configure hybrid search

This documentation applies to the following versions of Splunk Cloud: 7.2.4, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 8.0.2001, 8.0.2003, 8.0.2004


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters