SafeNet Trusted Access for Splunk Enterprise
Configuring SafeNet Trusted Access for Splunk Enterprise is a three-step process:
1.Splunk Enterprise setup
2.SafeNet Trusted Access setup
•Download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.
•Ensure that the role name (for example, splunk-system-role) assigned to a user in Splunk Enterprise and the group name of the user in the SafeNet Trusted Access must be same.
Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Splunk Enterprise:
1.Log in to Splunk Enterprise as an administrator using the https://<Hostname or IP Address>:8000 URL, where, <Hostname or IP Address> is the host name or IP Address of the machine on which Splunk Enterprise is installed.
2.On the Splunk Enterprise administrator dashboard, click the Settings tab and then under USERS AND AUTHENTICATION, click Access controls.
3.On the Access controls window, click Authentication method.
4.On the Authentication method window, under External, select the SAML option and then click Configure Splunk to use SAML.
5.On the SAML Configuration window, perform the following steps:
a.Next to the Metadata XML File field, click Select File to import the Identity Provider metadata that you download earlier from the SafeNet Trusted Access console.
b.Scroll down to General Settings and in the Entity ID field, enter a name (for example, splunk) to create the entity Id for Splunk Enterprise.
c.Clear the Sign AuthnRequest check box.
d.Expand Attribute Query Requests, and delete the values displayed in the Username and Password fields.
6.On the SAML Groups window, click SAML Configuration.
8.Close the SAML Configuration window.
9.On the SAML Groups window, click New Group.
10.On the Create New SAML Group window, perform the following steps:
a.In the Group Name field, enter a name (for example, group1) for the group.
b.Under Splunk Roles, in the Available item(s) list, select the role name (for example, splunk-system-role) that is already assigned to the user for which you want to apply SAML authentication. The role name will be moved in the Selected item(s) list.
After completing the first step of configuring SafeNet Trusted Access in Splunk Enterprise, the second step is to activate the Splunk Enterprise application in SafeNet Trusted Access by performing the following steps:
1.In the Applications pane, you will notice that the Splunk Enterprise application that you added previously is currently in inactive state by default. To configure and activate this application, click the application (for example, Splunk Enterprise) and proceed to the next step.
2.Under STA Setup, click Upload Splunk Enterprise Metadata.
3.On the Metadata upload window, click Browse to search and select the Splunk Enterprise metadata that you downloaded earlier in step 7 of Splunk Enterprise Setup.
4.Under Account Details, in the fields, the service provider’s metadata information is displayed.
5.Click Save Configuration to save the details and activate the Splunk Enterprise application in SafeNet Trusted Access.
Navigate to the Splunk Enterprise login URL, https://<Hostname or IP address>:8000, where, <Hostname or IP address> is the host name or IP Address of the machine on which Splunk Enterprise is installed. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Splunk Enterprise user portal after authentication.
Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Splunk Enterprise application icon, you should be redirected to the Splunk Enterprise user portal after authentication.
© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.