About user authentication
Authentication lets you add users, assign roles to them, and give those roles access to resources as you need for your organization.
An authentication scheme, also known as an authentication method, is a way that the Splunk platform authorizes a user to access services and resources that the platform provides. The Splunk platform has several schemes that you can use for authentication. You must have an active Splunk license for authentication to work.
The Splunk platform uses the following authentication schemes:
| Scheme | Splunk platform types | Description |
|---|---|---|
| Native Splunk authentication | all | Native Splunk authentication takes precedence over any external authentication schemes. The native scheme provides the Admin, Power, and User roles by default. You can define your own roles using a list of Splunk capabilities. If you have an active license, native authentication is on by default. See Set up native Splunk authentication for more information. |
| Lightweight Directory Access Protocol (LDAP) | all | The Splunk platform supports authentication with its internal authentication services or your existing LDAP server. See Set up user authentication with LDAP for more information. |
| Security Assertion Markup Language (SAML) | all | The Splunk platform supports contacting an identity provider (IdP) that uses the SAML version 2.0 protocol and retrieving user information that can be mapped to Splunk roles. See Configure single sign-on with SAML for additional information. |
| Multi-factor authentication | Splunk Enterprise | Lets you use two or more services to provide authentication access to Splunk platform resources. Includes the ability to use Duo or RSA Manager. |
| Scripted authentication API | Splunk Enterprise | Use scripted authentication to integrate Splunk authentication with an external authentication system, such as Remote Authentication Dial-in User Service (RADIUS) or Pluggable Authentication Module (PAM). See Set up user authentication with external systems for more information. |
You can create and assign users to roles either in Splunk Web, on Splunk Cloud Platform and Splunk Enterprise, or by editing the authorize.conf configuration file on Splunk Enterprise only. For more information about roles and capabilities, read About role-based user access.
| Use access control to secure Splunk data | About configuring role-based user access |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Download manual
Feedback submitted, thanks!