Moving from LDAP to SAML authentication

An often asked question when configuring SAML  is how do you ensure users can access their knowledge objects and saved searches that were created before migrating to SAML? Do you need to a script that migrates the users’ knowledge objects? As always is the case, the answer isn’t simple but it depends on the authentication mechanism prior to SAML.

When moving from LDAP  to SAML, if the same LDAP server  is configured as the backend authentication database on the Identity Provider(Adfs, Okta, Ping…), then the users would be the same and the groups they belong to would be the same.

Then moving from LDAP to SAML and retaining the previously created knowledge objects is straightforward and can be achieved …

» Continue reading

Delegated admin

The role hierarchy in splunk allows a user who has the ‘edit_user’  capability to create other splunk users and grant them any role including admin.  But what if you want to delegate user creation to a ‘mini-admin’ who should be able to create only users but not more admins.

Starting 6.2, we have the concept of a delegated admin, who can create users who can only belong to a pre-provided list of roles. This is a way of enforcing the principle that users can only create other users with privileges that are a subset of their own.

Let us see how this can be achieved.…

» Continue reading