Set up native Splunk authentication

The native Splunk authentication scheme is the default scheme for authentication on the Splunk platform. It comes standard with every Splunk Enterprise installation and Splunk Cloud Platform uses it by default when you get Splunk Cloud Platform set up.

Native Splunk authentication lets you easily configure users to access Splunk platform resources. The native authentication scheme always takes precedence over any external authentication schemes.

The Splunk platform authenticates users in the following order:

1. Native Splunk authentication
2. Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if you turn it on). For more information, see the following topics:
   • Set up user authentication with LDAP
   • Set up user authentication with external systems. Scripted authentication is not available on Splunk Cloud Platform.

It isn't possible to use both LDAP and scripted authentication at the same time.

You can create new users and assign roles to those users with a role-based access control system in two ways:

• Use Splunk Web to create users and assign roles. For more information, see Create and manage users with Splunk Web and Create and manage roles with Splunk Web.
• On Splunk Enterprise only, use the CLI to create users and then assign them to roles with Splunk Web, configuration files, or the CLI. For more information, see Create and manage users with the CLI. The CLI is not available on Splunk Cloud Platform.

Naming guidelines for users and roles

When you create users and roles within the native authentication scheme, heed the following caveats:

1. Usernames for the native authentication scheme cannot contain spaces, colons, or forward slashes.
2. Usernames are not case-sensitive. For example: Jacque, jacque, and JacQue are all the same to the native Splunk authentication scheme.
3. Role names must use lowercase characters only. They cannot contain spaces, colons, or forward slashes.