Note:

An error in configuration could cause users and administrators to be unable to sign on to Splunk Cloud.

The following Direct Login link can be used for local authentication: https://<tenant>.splunkcloud.com/en-US/account/login?loginType=splunk.

The following table details the required and optional attributes to be configured in the assertion attribute contract.

Attribute Name Description Required / Optional

SAML_SUBJECT

Required

Role

User role as per SAML Groups. Attribute name is configurable in SAML configuration for application.

Required

Email

User email address. Attribute name is configurable in SAML configuration for application.

Optional

RealName

User display name. Attribute name is configurable in SAML configuration for application.

Optional

The following table details the references that are used within this guide that are environment specific. Replace these with the suitable value for your environment.

Reference Description

<tenant>

The instance name for the Splunk Cloud tenant.
  1. Create a PingOne Application for Splunk Cloud.
    1. Download the Splunk Cloud Metadata from https://<tenant>.splunkcloud.com/en-US/saml/spmetadata.
    2. Sign on to PingOne for Enterprise and click Applications.
    3. On the SAML tab, click Add Application.

      Screen capture of the PingOne My Applications page with the Add Application options expanded.
    4. Click Search Application Catalog and search for Splunk.

      The results should show Splunk Enterprise. This is suitable for both Splunk Cloud and Splunk Enterprise.

    5. Click the Splunk Enterprise row.

      Screen capture of the Applications Catalog in PingOne with the search results for Splunk showing the Splunk Enterprise application.
    6. Click Setup.
    7. Select the appropriate signing certificate.
    8. Review the steps, and note the PingOne SaaS ID, IdP ID, Initiate Single Sign-on (SSO) URL, and Issuer values.

      Screen capture of the SSO Instructions section of the PingOne Application Catalog with the PingOne SaaS ID, IdP ID, Initiate SSO URL, and Issuer values displaying.
    9. Click Continue to Next Step.
    10. In the Upload Metadata section, click Select File, and upload the Splunk Cloud metadata file that you downloaded.
    11. Ensure ACS URL is set to https://<tenant>.splunkcloud.com/saml/acs and Single Logout Endpoint is set to https://<tenant>.splunkcloud.com/saml/logout.

      Screen capture of the Connection Configuration section of the PingOne Application Catalog with the ACS URL and Single Logout Endpoint fields highlighted in red.
    12. Click Continue to Next Step.
    13. In the Attribute Mapping section, complete the attribute mapping for the Splunk role for the user.
      Note:

      For this integration example, all PingOne authenticated users will be mapped to a role with the literal value of samluser, and the Identity Bridge Attribute or Literal Value check box is selected. However, this could also be retrieved from the user directory.

    14. In the Attribute Mapping section, in the Identity Bridge Attribute or Literal Value column of the SAML_SUBJECT row, select the attribute SAML_SUBJECT.

      Screen capture of the Attribute Mapping section of the PingOne Application Catalog.
    15. Click Continue to Next Step.
    16. Update the Name, Description, and Category fields as required.

      Screen capture of the PingOne App Customization - Splunk Enterprise section of the PingOne Application Catalog.
    17. Click Continue to Next Step.
    18. Add suitable user groups for the application.

      Screen capture of the Group Access section of the PingOne Application Catalog.
    19. Click Continue to Next Step.
    20. Review the settings.

      Screen capture of the Review Setup section of the PingOne Application Catalog.

      Screen capture of the Review Setup section of the PingOne Application Catalog.
    21. Copy the Single Sign-On (SSO) URL value to a temporary location.
      This is the IdP-initiated SSO URL that you can use for testing.
    22. On the Signing Certificate row, click Download.
      You will use this for the Splunk Cloud configuration.
    23. On the SAML Metadata row, click Download.
      You will use this for the Splunk Cloud configuration.
    24. Click Finish.
  2. Configure the PingOne IdP connection for Splunk Cloud.
    1. Sign on to Splunk Cloud as an administrator.
    2. From the top navigation bar, click Settings.
    3. Click Authentication Methods.

      Screen capture illustrating the menu navigation bar in Splunk Cloud, with the Authentication Methods section highlighted in red.
    4. Click SAML, and then click Configure Splunk to use SAML.

      Screen capture illustrating the Authentication Methods section of Splunk Cloud, with the option to Configure Splunk to use SAML highlighted in red.
    5. Note the warning and save the Direct Login URL so that you can use it in the event of integration errors.
    6. On the Metadata XML File row, click Select File, and select the PingOne metadata that you exported.