Map LDAP groups to Splunk roles in Splunk Web
If you have configured Splunk Enterprise to authenticate via your LDAP server, you can map your LDAP groups to Splunk roles. If you do not use groups, you can also map LDAP users individually.
For information about setting up LDAP groups in Splunk Web, see "Configure LDAP with Splunk Web" in this manual.
Note: You can map either users or groups, but not both. If you are using groups, all users you want to access Splunk Enterprise must be members of an appropriate group. Groups inherit capabilities from the highest level role they're a member of.
All users are visible in the Users page in Splunk Manager. To assign roles to groups in Splunk Web:
1. Click Settings in Splunk Web.
2. In the Users and authentication section, click Access controls.
3. Click Authentication method.
4. Select the LDAP radio button.
5. Click Configure Splunk to use LDAP and map groups. This takes you to the LDAP strategies page.
6. Click Map groups in the Actions column for a specific strategy. This takes you to the LDAP Groups page. You can use the search field in the upper right corner of the page to qualify the list of groups; for example, to search for groups containing specific users.
7. Click on a group name. This takes you the mapping page, which includes a list of available roles and a list of LDAP users for that group.
8. To map a role to a group, click the arrow to the left of a role in the "Available Roles" list. This moves the group into the "Selected Roles" list. You can map multiple roles to the group.
9. Click Save. This takes you back to the LDAP Groups page.
10. Repeat the process for each group that you want to assign Splunk roles to.
Configure LDAP with Splunk Web
Configure LDAP using configuration files
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2104, 8.2.2105 (latest FedRAMP release), 8.2.2106, 8.2.2107