
Set up native Splunk authentication
Native Splunk authentication lets you easily set up users to access Splunk platform resources. Available in both Splunk Cloud Platform and Splunk Enterprise, the native authentication scheme always takes precedence over any external authentication schemes.
The Splunk platform authenticates users in the following order:
- Native Splunk authentication
- Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics:
- Set up user authentication with LDAP
- Set up user authentication with external systems. Scripted authentication is not available on Splunk Cloud Platform.
You cannot use both LDAP and scripted authentication together.
You can create new users and assign roles to those users with a role-based access control system in two ways:
- Use Splunk Web to create users and assign roles. For more information, see Create and manage users with Splunk Web and Create and manage roles with Splunk Web.
- On Splunk Enterprise only, use the CLI to create users and then assign them to roles with Splunk Web, configuration files, or the CLI. For more information, see Create and manage users with the CLI. The CLI is not available on Splunk Cloud Platform.
Important naming guidelines when creating users and roles
When you create users and roles within the native authentication scheme, note the following caveats:
- Usernames stored in the native authentication scheme cannot contain spaces, colons, or forward slashes.
- Usernames are not case-sensitive. For example:
Jacque
,jacque
, andJacQue
are all the same to the native Splunk authentication scheme. - Role names must use lowercase characters only. They cannot contain spaces, colons, or forward slashes.
PREVIOUS Secure data with Enterprise Managed Encryption Keys |
NEXT Set up user authentication with LDAP |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2202, 8.2.2203, 8.2.2201, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305 (latest FedRAMP release), 9.1.2308
Feedback submitted, thanks!