Security

How to bypass SSO when a user as never logged in Splunk?

madsurfer
Explorer

Hi,

I enabled SSO for Splunk which works almost fine. I found a very annoying behavior with SSO.

If a new user has never logged in Splunk and that user has right to login, SSO keeps shouting that the user is unknow. What I found, is that a new user never logged in Splunk using the login page, splunk didn't add it to the user list and therfore the user.

Any clue how to resolve this annoying behavior ?

David

Tags (2)
0 Karma

adhoke_splunk
Splunk Employee
Splunk Employee

you can use new variant of SSO i.e. Proxy SSO. It does not require user to be present in splunk account. More details here:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/AboutProxySSO

0 Karma

linu1988
Champion

i doubt suck things happen. When you add the AD group the users can be seen in the users list. Where do you see unknown? if there are frequent change in the AD group refresh it periodically.

0 Karma

madsurfer
Explorer

Hi,

The user is shown in the "Map Group" settings in the authentication. Even if I remap the user, the user doesn't appear in the user list.

Splunk check in the "User List" to map with SSO, so until the first manual login, the user is redirect to the Splunk SSO Error Page saying that there is no matching user.

David

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...