Since 4.0, Splunk has found its way into all kinds of curious places – executive dashboards, high security datacenters, my mom’s laptop. While all that end user attention has been exciting and all, it has only inflamed our conflict with the ancient enemy of user productivity: The Login Screen.
Executives hate logging in. CNBC knows who they are, why doesn’t this Splunk thing? (and what kind of name is ‘Splunk’ anyway?)
Security teams, on the other hand, want ‘login’ to be an invasive and private affair that feels like dentistry. (something you forgot, something you’ve lost, and some body part on a dirty sensor)
Since no one wants to see a login screen in their dashboard, but everyone also has their own security rules, we’re just going to let you do it yourself. That’s right, we give up, we’ll just trust you.
Enter Splunk SSO, with delegated authentication. With 4.1, Splunk now offers you the ability to trust the proxy server of your choice, and you can choose pretty much anything that’s standards compliant. (we test apache, ISA and IIS+plugins for the record) What that means is the proxy server does half of the login work for us, handling all credential validation. So if you have some fancy multi-factor auth system or just plain Windows integrated auth, as long as you have a proxy that can speak that trust language you can use it with Splunk.
That means you can put Splunk directly into your datacenter ops screens (with real-time to boot), onto executive dashboards, or pretty much any other secured location. You can also lock up Splunk behind 15 different biometric criteria if you like. Whatever gets you the Splunk in a safe and sane way.
On the backend, we’ll still authorize users the way we always have (though there are improvements to that as well). So you can map your Splunk users to roles to permissions any way you like, in the privacy of your own instance and without bothering the LDAP guys any more than you already do.
So give it a try : here’s what you need to know.