6 hours 3 minutes
Hello and welcome back to the Splunk Enterprise Certified Administrator course on Cyber. We're gonna be starting module six of 10 here where we'll be discussing user management.
So as you can see, we're over halfway through the course, this module will discuss how we can get some users configured now that we already have the systems up running, ready to receive data. We just need to set up our users so that one status is in here. We have the ability
too long in and actually leverage that data.
So this will be a relatively quick module, just too pretty short lessons, and then we'll move into a lab to wrap it up. So let's start with lesson 6.1. We're we'll discuss the available authentication options in Splunk
so the learning objectives will be just to cover what available authentication options there are for Splunk. And then also what multi factor authentication czar available If you're interested in that
reason we're learning. This is because you need to know basically all the options so that you can compare the available Splunk authentication options with what your organization is currently leveraging to see if there's another option. That's available that would allow for
more streamlined to user creation in Splunk.
So you're Splunk Log on. Options consist of these four possibilities you can do a native Splunk log in. So you just make an account through Splunk manually each time you onboard a user, assign it to a Splunk roll, and then they sign in through that, it's
I only managed to Splunk in 1/3 party,
or you can set up L DAP Active Directory. This is a very common one. Ah, lot of organizations that already leverage Microsoft architecture. They will a lot of times up to use active directory because then all they have to do is map an active directory group,
two groups in Splunk and then those users can automatically log in. So it takes out
a lot of a lot of that management overhead of, you know, user creation.
Then, if you use a solution like Pam or Radius or another authentication protocol that isn't natively supported by Splunk, you can leverage custom scripts to basically build in that integration that's available to you and then also single Sign on or SSO
is the final option for
Splunk Loggins, which you can choose between a proxy sso or Samel for that. But
again, probably the most
most popular. This is to use active directory.
Then if you're interested in multi factor authentication for Splunk. Currently there's only one vendor that this has supported for. So if you want to, you can set this up through Duo. If you already have do a subscription, this might work out for you
or if you're just really interested in MF A, you can always
contact a duo sales person. Work this out with them. You don't really need to know how to set this up, But there are Splunk docks that will detail this process pretty thoroughly for the exam. You really just need to know that this is the available option to you if you want multi factor authentication first blanc.
So to wrap up, we went over the possible Splunk authentication options with there being native Splunk authentications, l dapper active directory integrations, scripted solutions or an SS O option that we also discussed how
you can use duo if you're interested in setting up multi factor authentication
to just enhance your security a little bit more with Splunk, so that covers everything you need to know from, Ah, high level. Regarding what Splunk authentication options you have that wraps up this lesson and we will see you in the next room.
Certified Information Security Manager (CISM)
A CISM certification shows you have an all-around technical competence and an understanding of the ...
13 CEU/CPE Hours Available
Certificate of Completion Offered
Microsoft 365 Identity and Services (MS-100)
Prepare for the Microsoft 365 Identity and Services (MS-100) exam, which measures your ability to ...