Select SAML as your authentication type.In the Settings menu, select Authentication methods.Verify that your system meets all of the requirements.In the link, replace with your account name: Use the following link to access the local login using native authentication if you are locked out. An error in configuring SAML can result in users being locked out of Splunk Cloud.To correct it, set the Splunk web session timeout to be equal to the IdP vendor session timeout. You might experience a problem where Splunk continuously re-authenticates into the IdP if the Splunk Web session timeout and the IdP vendor session timeout differ.When you use Azure AD FS as an IdP on Splunk Cloud Platform, you might need to set the Claim Type as "UPN" when configuring your IdP.For Azure AD you might need to change the groupMembershipClaims from "null" to " SecurityGroup".For Azure AD, you might need to append /SAML/acs to the end of the reply URL.Consult your IdP documentation and confirm that you have met the IdP configuration requirements.When you configure Microsoft Azure as an IdP, review the following suggestions when configuring groups for the IdP:
Prerequisites and considerations for configuring the Splunk platform to use Microsoft Azure AD as an identity provider Map groups on a SAML identity provider to Splunk user roles so that users in those groups can log in.įor information about configuring Microsoft Azure AD as an IdP, consult the Microsoft Azure documentation. If you use Microsoft AzureAD or AD FS as your Identity Provider (IdP), follow these instructions to configure the Splunk platform for single sign-on.Īfter you configure the Splunk platform for SSO, you can map groups from the IdP to those roles so that users can log in. Hit the “Sign in to this site” radio button and then click Sign in.Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider
You’ll also probably want to disable Windows Authentication (IWA aka Integrated Windows Authentication) on the Intranet in AD FS if this a test environment just so you don’t get auto-logged in. Now on my Windows 10 desktop, I am going to navigate to the IdP initiated AD FS login URL to test this. The AD FS with Azure MFA as Primary Authentication user experienceġ5. I’m just going to select both in this example since I will be testing logins from an internal Windows 10 desktop in the next few steps and I want to see the Azure MFA option show up: Most companies I work with choose to only enable it for their Extranet, meaning users that come in through the AD FS WAP (Web Application Proxy) servers in the DMZ. Go ahead and check the box next to them so you can choose when the Azure MFA option is shown to users.
0 kommentar(er)
