Map LDAP groups to Splunk roles in Splunk Web
After you have configured the Splunk platform to authenticate using your LDAP server, map LDAP groups in your environment to Splunk roles. If you do not use groups, you can map users individually.
You can map either users or groups, but not both. If you are using groups, all users must be members of an appropriate group. Groups inherit capabilities from the highest level role of which they are a member.
All users are visible in the Users page in Splunk Manager. To assign roles to groups in Splunk Web:
- From the system bar, select System > Users and Authentication > Access Controls.
- In the Access Controls page, click Authentication method.
- Select the LDAP radio button then click Configure Splunk to use LDAP and map groups. This takes you to the LDAP strategies page.
- Click Map groups in the Actions column for a specific strategy. This takes you to the LDAP Groups page. You can use the search field in the upper right corner of the page to qualify the list of groups; for example, to search for groups containing specific users.
- Click on a group name. This takes you the mapping page, which includes a list of available roles and a list of LDAP users for that group.
- To map a role to a group, click the arrow to the left of a role in the "Available Roles" list. This moves the group into the "Selected Roles" list. You can map multiple roles to the group.
- Click Save. This takes you back to the LDAP Groups page.
- Repeat the process for each group to which you want to assign Splunk roles.
Configure LDAP with Splunk Web
Configure LDAP using configuration files
This documentation applies to the following versions of Splunk Cloud Platform™: 8.1.2103, 8.2.2105 (latest FedRAMP release), 8.2.2104, 8.2.2106, 8.2.2107, 8.2.2109