' Site URL' - This is the landing page on which users are taken to in case of IdP initiated flow. NOTE:If there are multiple search heads you would want to change the Application Label to something like ' Splunk Cloud – Core' for the Splunk core search head and ' Splunk Cloud – ES' for the Enterprise Security search head. Make the label something that helps identify which search head functionality your will users will be logging in to (for multiple search heads). If you would like to change from the default name of Splunk Cloud, you can make the change here. ' Application label' – This is the application name of the Okta Splunk Cloud app. Please refer to the prior blog for steps to configure the integration if wanting to integrate by creating a new Okta app.ħ. Configuring the integration using a new Okta app should still work, but more steps are required. At the time, that was the most consistent method to reach a working integration with Okta and Splunk Cloud. The previous Okta blog for integrating with Splunk Cloud started from scratch with a new Okta app. Although some customers have been successful in using this app to integrate Okta with their Splunk Cloud instance, there’s been more confusion and mis-steps in the configuration when using this app. NOTE: As noted earlier, this post is for Okta integration using the Okta Splunk Cloud App there is also an Okta Splunk Enterprise App. The Okta Splunk Cloud App settings page will be displayed Click in the search box to ' Search for an application'Ħ. Click on the link to ‘ Add Applications'Ĥ. Enter into the Admin functionality within Oktaģ. Have your Okta admin log into your Okta instance as the Admin user.Ģ. We are now ready for the Okta side of the integration.ġ. Example: Save As SplunkCert.txt.Īnd a row below the certificate with the text Notepad) and place a row above the certificate with the text (5 dash characters on each side of text). Save the certificate into a non-formatted text file (e.g. After using one of the above methods to obtain the Splunk Metadata, something similar will be presented in your browser window or the downloaded metadata file (the screenshot below is formatted but the contents should be similar)įrom the metadata, capture the search head’s certificate (masked out above) between the XML tags ‘ ' and ‘ '. This will present the metadata in the browser or automatically download the metadata file depending upon the browser being used.ģ. This will download the Splunk Metadata file, which will be added to Okta when configuring the Okta Splunk Cloud App.Īs an alternative to obtaining the search head’s metadata via the Splunk UI download, you can also do the following:Ī) Login to your Splunk Cloud instance with a user that has the “admin” role.ī) Enter the URL your browser’s URL field. Click on the ‘ SAML' radio buttonĭ) Click on the ‘ Configure Splunk to use SAML' link below the SAML radio buttonĬlick Download File. In short, you’ll have multiple Okta apps, one for each search head (or search head cluster).Ī) Log into your Splunk Cloud instance as a user with the admin roleī) Go to the Settings -> Access Controls menu option.Ĭ) Click on the ‘ Authentication method' link. If you have multiple search heads in your Splunk Cloud environment (aka a general search head at possibly an Enterprise Security search head at you will need to perform a separate Okta integration for each search head independently. First have your Splunk Cloud administrator log into your instance as a user with the ‘ admin' role. Otherwise you’ll have to find time for all of you to discuss the SAML integration, put in change control, schedule a time to implement, etc.ġ. If they’re all the same person (you), you’re in luck. An administrator for your Splunk Cloud instance.An administrator for your local Identity Management system (Active Directory, LDAP, etc).An administrator for your Okta instance. So, let’s get to it-below is a quick how-to on setting up Okta to provide SAML SSO with your Splunk Cloud 6.6.x instance using the Okta Splunk Cloud App. There have also been updates to the Splunk Cloud configuration, which are part of this blog. Some of this post may repeat the prior blog's content, but by using the Okta Splunk Cloud pre-canned App, the number of steps to configure have been greatly reduced. This post steps you through the Okta integration with Splunk Cloud by using the Okta Splunk Cloud App, which was not available for 6.4.x. This blog post is an update to Philip Greer’s blog for the 6.4.x “ Configuring Okta Security Assertion Markup Language (SAML) Single Sign On (SSO) with Splunk Cloud."
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |