A quick how-to for enabling Active Directory authentication for Splunk:
- Create user for BIND, basically a service account
- Check the box next to LDAP
- Click COnfigure Splunk to use LDAP and map groups
- Click the New button
- Enter a name for your LDAP
- Enter your AD or LDAP host
- Enter the port (389 or 689)
- Enter the BIND DN, for example CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM (*If you are using default OUs such as Users change OU to CN)
- Enter the password for the user
- Fill in the User and Group settings, the help for each section should be adequate to guide you, but here is an example screenshot
- Click Save
- You should now be taken to a page with the LDAP strategies listed.
- Click on Map groups
- Click on the group you wish to map, for example you may wish for all Domain Admins to have the admin role, or you may want to create a specific AD group to give access to splunk
- Select the role(s) you wish to add for that group and click save.
- Return to the Splunk login page and log in with your AD credentials
Enabling Active Directory authentication for Splunk is quite simple and allows you to leverage Active Directory for all user access.