Enabling Active Directory Authentication for Splunk


Jonathan Frappier Virtxpert

A quick how-to for enabling Active Directory authentication for Splunk:

  • Create user for BIND, basically a service account
  • Check the box next to LDAP
  • Click COnfigure Splunk to use LDAP and map groups
  • Click the New button
  • Enter a name for your LDAP
  • Enter your AD or LDAP host
  • Enter the port (389 or 689)
  • Enter the BIND DN, for example CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM (*If you are using default OUs such as Users change OU to CN)
  • Enter the password for the user
  • Fill in the User and Group settings, the help for each section should be adequate to guide you, but here is an example screenshot

splunkusersettingsexample

  • Click Save
  • You should now be taken to a page with the LDAP strategies listed.
  • Click on Map groups
  • Click on the group you wish to map, for example you may wish for all Domain Admins to have the admin role, or you may want to create a specific AD group to give access to splunk
  • Select the role(s) you wish to add for that group and click save.
  • Return to the Splunk login page and log in with your AD credentials

Summary

Enabling Active Directory authentication for Splunk is quite simple and allows you to leverage Active Directory for all user access.

Enabling Active Directory Authentication for Splunk