Splunk Cloud Platform

Search Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of SplunkCloud. Click here for the latest version.
Acrobat logo Download topic as PDF

Set up a federated provider service account

Before you define a remote Splunk platform deployment as a federated provider, create a service user account on that remote deployment. This service account enables secure communication between the federated search head on your local deployment and the federated provider.

To set up a service account, follow these steps on the remote Splunk platform deployment that you intend to configure as a federated provider. Follow the documentation links for the type of federated provider you are working with: Splunk Cloud Platform or Splunk Enterprise.

Step More information Splunk Cloud Platform documentation Splunk Enterprise documentation
Create a new role This role will be dedicated to the service account for the federated provider. Do not give it to other users or entities.

As you design this role, implement role-based restrictions that ensure that this service account role can access only the indexes and datasets that should be available for federated searches. It should inherit its baseline capabilities from the User role.

See Manage Splunk Cloud roles in the Splunk Cloud Admin Manual. See Create and manage roles with Splunk Web in Securing the Splunk Platform.
Create a new user and assign the role to it This user is the service account for the federated provider. Assign the role you created in the first step to this service account. See Manage Splunk Cloud users in the Splunk Cloud Admin Manual. See Create and manage users with Splunk Web in the Securing the Splunk Platform manual.
Save a record of the user ID and password for the service account You need these credentials for the Service Account Username and Service Account Password fields when you configure the remote Splunk platform deployment as a federated provider.

For more information about defining federated providers through the Add Federated Provider page in Splunk Web, see Define a federated provider.

Last modified on 11 August, 2021
Migrate from hybrid search to federated search
Determine which knowledge objects are applied to federated searches

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2105 (latest FedRAMP release), 8.2.2106

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters