Repeat Steps 10-12 to add the tenantId key and the Azure tenant ID value.Repeat Steps 10-12 to add the clientSecret key and the Azure client secret value that Splunk Cloud Platform is to use for authentication.In the Value field, type in the Azure client ID.Under Script Secure Arguments, click Add Input.(Optional) If there is at least one user on the IdP that is a member of more than 150 groups, repeat Steps 7-8 to add the login script function.In the pop-up window that appears, click getUserInfo.In the Get User Info time-to-live field, type in 3600s.In the Script timeout field, type in 300s.In the Script path field within the Authentication Extensions section of the "SAML configuration" dialog box, type in SAML_script_azure.py.The "SAML configuration" dialog box appears. If you have a user on the IdP that is a member of more than 150 groups, then Splunk Cloud Platform also requires the login authentication extension. Splunk Cloud Platform requires the getUserInfo authentication extension to connect to Microsoft Azure as an identity provider. You can set this timeout higher to reduce the chance of potentially overloading your IdP with authentication requests, but doing so also increases the chance that Splunk Cloud Platform might not have the most up-to-date user information, which can pose a security risk.Ĭonfigure extensions for the Microsoft Azure identity provider The lowest amount of time that Splunk Cloud Platform caches user information is 3600 seconds or 1 hour. During this period, Splunk Cloud Platform does not query the IdP for the information it has cached. 300 seconds is the default.Īfter Splunk Cloud Platform successfully retrieves the information, it caches it, and the Get user info time-to-live determines how long Splunk Cloud Platform retrieves user information from the cache. You can configure it to wait anywhere from 300 to 3600 seconds, or 5 minutes to 1 hour. When Splunk Cloud Platform queries the IdP and runs the appropriate script to get user information, the script timeout determines how long Splunk Cloud Platform waits to get user information from the IdP. When you configure authentication extensions, you specify a script for either Microsoft Azure or Okta, a timeout for the script to run, and a timeout for Splunk Cloud Platform to cache user information that it retrieves from the IdP. In the Alias section, supply the three aliases as provided by your IdP:.You must supply at least the following in the "General Settings" section: In the General Settings section of the "SAML configuration" dialog box, supply the appropriate information to access the Microsoft Azure or Okta IdP.The SAML configuration dialog box appears. A link Configure Splunk to use SAML appears. From the system bar, click Settings > Authentication Methods.Log into Splunk Cloud Platform as an administrator level user.If you have already configured your Splunk Cloud Platform instance to use SAML, you do not have to perform this procedure again. You must configure SAML authentication extensions for the IdPs to retrieve user informationĬonfigure Splunk Cloud Platform to use SAML as an authentication schemeīefore Splunk Cloud Platform can use Microsoft Azure or Okta to authenticate tokens, you must configure your Splunk Cloud Platform instance to use SAML for authentication.You must configure Splunk Cloud Platform to use SAML as an authentication scheme, if you have not already.You must hold credentials that let you configure authentication schemes in Splunk Cloud Platform.There is no support for other IdPs at this time: You must use one of the following SAML IdPs.Prerequisites for using Splunk Cloud Platform with authentication tokens To learn more about authentication tokens, how they work, and how you enable or disable them individually or globally, see Set up authentication with tokens. Splunk Cloud Platform also supports authentication tokens when it uses either the native or Lightweight Directory Access Protocol (LDAP) authentication schemes. When you configure Splunk Cloud Platform to use SAML as an authentication scheme, you let Splunk Cloud Platform query these IdPs to confirm that tokens you create in Splunk Cloud Platform for authentication are valid. Configure Splunk Cloud Platform to use SAML for authentication tokensĬurrently, the Splunk platform supports using authentication tokens in Splunk Cloud Platform with the Microsoft Azure and Okta Security Assertion Markup Language (SAML) identity providers (IdPs), as well as other providers that support attribute query requests (AQR), which lets Splunk Cloud Platform retrieve information about users on the IdP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |