HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 date: Thu, 17 Jul 2025 19:25:05 GMT content-type: text/html; charset=UTF-8 server: Apache set-cookie: Apache=ca846d81.63a24f767f0b2; path=/; expires=Fri, 13-Jul-40 19:25:04 GMT; domain=.splunk.com x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff set-cookie: PHPSESSID=146bc347313fcd83f05b3003811fefdf; path=/ expires: Thu, 01 Jan 1970 00:00:00 GMT cache-control: private, must-revalidate, max-age=0 pragma: no-cache set-cookie: ponydocs_session=146bc347313fcd83f05b3003811fefdf; path=/; secure; HttpOnly content-language: en x-ua-compatible: IE=Edge vary: Accept-Encoding,Cookie x-xss-protection: 1; mode=block referrer-policy: strict-origin-when-cross-origin Secure access for Splunk knowledge objects - Splunk Documentation

logo

Support
Support Portal

Submit a case ticket

Splunk Answers

Ask Splunk experts questions

Support Programs

Find support service offerings

System Status

Contact Us

Contact our customer support

Product Security Updates

Keep your data secure

System Status
Click User Account
- Login
- Sign Up

logo

Products
Product Overview
A data platform built for expansive data access, powerful analytics and automation
Learn more

MORE FROM SPLUNK

Pricing

Free Trials & Downloads
Platform

Splunk Cloud Platform

Cloud-powered insights for petabyte-scale data analytics across the hybrid cloud

Splunk Enterprise

Search, analysis and visualization for actionable insights from all of your data

Security

Splunk Enterprise Security

Analytics-driven SIEM to quickly detect and respond to threats

Splunk SOAR

Security orchestration, automation and response to supercharge your SOC

Observability

Splunk Infrastructure Monitoring

Instant visibility and accurate alerts for improved hybrid cloud performance

Splunk Application Performance Monitoring

Full-fidelity tracing and always-on profiling to enhance app performance

Splunk IT Service Intelligence

AIOps, incident intelligence and full visibility to ensure service performance

View all products
Solutions
KEY INItiatives

Cloud Transformation

Transform your business in the cloud with Splunk

Business Resilience

Build resilience to meet today’s unpredictable business challenges

Digital Customer Experience

Deliver the innovative and seamless experiences your customers expect
by Use Case

Advanced Threat Detection

Application Modernization

Cloud Migration

Incident Investigation & Forensics

IT Modernization

SOC Automation & Orchestration

BY TECHNOLOGY

AWS

Azure

GCP

Kubernetes

OpenTelemetry

SAP

BY INDUSTRY

Aerospace & Defense

Energy & Utilities

Financial Services

Healthcare

Higher Education

Public Sector

View All Solutions
Why Splunk?
Why Splunk?
Bring data to every question, decision and action across your organization.
Learn More
Customer Stories

See why organizations around the world trust Splunk.

Partners

Accelerate value with our powerful partner ecosystem.

Diversity, Equity & Inclusion

Learn how we support change for customers and communities.
Resources
MORE FROM SPLUNK

Resources
Explore e-books, white papers and more.

Events
Join us at an event near you.

Blogs
See what Splunk is doing.
GET STARTED

Splunk Lantern

Splunk experts provide clear and actionable guidance.

Customer Success

Customer success starts with data success.

Get Started With Splunk

Learn how to use Splunk.

Data Insider

Read focused primers on disruptive technology topics.

become an expert

Splunk Training & Certification

Become a certified Splunk Expert.

Documentation

Find answers about how to use Splunk.

User Groups

Meet Splunk enthusiasts in your area.

Community

Share knowledge and inspiration.

SURGe

Access timely security research and guidance.

Expand & optimize

Services & Support

It’s easy to get the help you need.

Splunkbase

See Splunk’s 1,000+ Apps and Add-ons.

Splunk Dev

Create your own Splunk Apps.
Splexicon

Support
Support Portal

Submit a case ticket

Splunk Answers

Ask Splunk experts questions

Support Programs

Find support service offerings

System Status

View detailed status

Contact Us

Contact our customer support

Product Security Updates

Keep your data secure
Click Search Help
Click User Account
- Login
- Sign Up

Click Search Help

logo

Pricing
Free Trials & Downloads

Help

Splunk^® Enterprise

Securing Splunk Enterprise

Introduction to securing the Splunk platform

About securing the Splunk platform
How to secure and harden your Splunk platform instance

Install Splunk Enterprise securely

Install Splunk Enterprise securely
Create secure administrator credentials
About TLS encryption and cipher suites
Secure Splunk Enterprise with FIPS
About default certificate authentication
Harden the Splunk Enterprise installation directory on Windows
Secure Splunk Enterprise on your network
Disable unnecessary Splunk Enterprise components
Secure Splunk Enterprise service accounts
Deploy secure passwords across multiple servers
Harden the network port that App Key Value Store uses
Best practices for hardening Splunk Enterprise servers and the operating systems they use
Use network access control lists to protect your deployment

Manage users and roles

Use access control to secure Splunk data
About user authentication
About configuring role-based user access
Define roles on the Splunk platform with capabilities
Create and manage users with Splunk Web
Create and manage roles with Splunk Web
Find existing users and roles
Secure access for Splunk knowledge objects

Perform advanced user and role management in Splunk Enterprise

Create and manage roles in Splunk Enterprise using the authorize.conf configuration file
Configure users with the CLI
Configure access to manager consoles and apps in Splunk Enterprise
Delete all user accounts on Splunk Enterprise

Manage credentials

Password best practices for administrators
Configure Splunk password policies
Configure a Splunk Enterprise password policy using the Authentication.conf configuration file
Password best practices for users
Unlock a user account
Change a user password
Manage out-of-sync passwords in a search head cluster

Use the native Splunk platform authentication scheme

Set up native Splunk authentication

Use LDAP as an authentication scheme

Set up user authentication with LDAP
Manage Splunk user roles with LDAP
LDAP prerequisites and considerations
Secure LDAP authentication with transport layer security (TLS) certificates
How the Splunk platform works with multiple LDAP servers for authentication
Configure LDAP with Splunk Web
Map LDAP groups to Splunk roles in Splunk Web

Perform advanced configuration of LDAP authentication in Splunk Enterprise

Configure LDAP using configuration files
Map LDAP groups and users to Splunk roles using configuration files
Change authentication schemes from native to LDAP on Splunk Enterprise
Remove an LDAP user safely on Splunk Enterprise
Test your LDAP configuration on Splunk Enterprise

Use SAML as an authentication scheme for single sign-on

Configure single sign-on with SAML
Configure SSO with PingIdentity as your SAML identity provider
Configure SSO with Okta as your identity provider
Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider
Configure SSO with OneLogin as your identity provider
Configure SSO with Optimal as your identity provider
Configure SSO in Computer Associates (CA) SiteMinder
Secure SSO with TLS certificates on Splunk Enterprise
Configure Ping Identity with leaf or intermediate SSL certificate chains
Configure SAML SSO for other IdPs
Configure authentication extensions to interface with your SAML identity provider
Configure advanced settings for SSO
Map groups on a SAML identity provider to Splunk roles
Modify or remove role mappings
Troubleshoot SAML SSO

Perform advanced configuration of SAML authentication in Splunk Enterprise

Configuring SAML in a search head cluster
Best practices for using SAML as an authentication scheme for single-sign on
Configure SAML SSO using configuration files on Splunk Enterprise

Use multi-factor authentication in Splunk Enterprise as an authentication scheme

About multifactor authentication with Duo Security
Configure Splunk Enterprise to use Duo Security multifactor authentication
Configure Duo multifactor authentication for Splunk Enterprise in the configuration file
About multifactor authentication with RSA Authentication Manager
Configure RSA authentication from Splunk Web
Configure Splunk Enterprise to use RSA Authentication Manager multifactor authentication via the REST endpoint
Configure Splunk Enterprise to use RSA Authentication Manager multifactor authentication in the configuration file
User experience when logging into a Splunk instance configured with RSA multifactor authentication

Authenticate into the Splunk platform with tokens

Set up authentication with tokens
Configure Splunk Cloud Platform to use SAML for authentication tokens
Enable or disable token authentication
Create authentication tokens
Manage or delete authentication tokens
Use authentication tokens
Troubleshoot token authentication

Authenticate into the Splunk platform using proxy single sign-on

About proxy single sign-on
Configure ProxySSO
Troubleshoot Proxy SSO

Authenticate into Splunk Enterprise using single sign-on with reverse proxy

About single sign-on using reverse proxy
Configure Single Sign-On with reverse proxy
Troubleshoot reverse-proxy SSO

Authenticate into Splunk Enterprise using scripts

Set up user authentication with external systems
Create the authentication script
Connect your authentication system with Splunk Enterprise using the authentication.conf configuration file
Use PAM authentication
Use the getSearchFilter function to filter at search time

Secure Splunk platform communications with Transport Layer Security and Secure Sockets Layer

About securing Splunk Enterprise with SSL
About using SSL tools on Windows and Linux
Configure SSL and TLS protocol version support for secure connections between Splunk platform instances

Secure Splunk platform communications with certificates

About creating certificates for Splunk
Things to know about your certificates
About cipher suites and TLS encryption
How to prepare signed certificates for inter-Splunk communication
Determine your cipher suite
Working with multiple intermediate certificates

Secure communications between Splunk Web and your browser

About securing Splunk Web
Turn on HTTPS encryption for Splunk Web with Splunk Web
Turn on HTTPS encryption for Splunk Web using the web.conf configuration file
Secure Splunk Web with your own certificate
Troubleshoot your Splunk Web authentication

Secure communications between Splunk forwarders and indexers

About securing data from forwarders
Configure Splunk forwarding to use the default certificate
Configure Splunk forwarding to use your own SSL certificates
Validate your configuration
Troubleshoot your forwarder to indexer authentication

Secure distributed Splunk environments

About securing inter-Splunk communication
Configure secure communications between Splunk instances with updated cipher suite and message authentication code
Securing distributed search heads and peers
Secure deployment servers and clients using certificate authentication
Secure Splunk Enterprise services with pass4SymmKey

Audit activity in Splunk Enterprise

Use Splunk Enterprise to audit your system activity
Audit Splunk activity
Use audit events to secure Splunk Enterprise
Manage data integrity

Best practices for Splunk platform security

Safeguards for risky commands
Troubleshoot Splunk forwarder TCP tokens
Avoid unintentional execution of fields within CSV files in third party applications

Appendix A: How to obtain SSL certificates

How to self-sign certificates
How to obtain certificates signed by a third-party for inter-Splunk communication
Self-sign certificates for Splunk Web
Obtain certificates signed by a third-party for Splunk Web
Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect

Hide Contents

Documentation
Splunk^® Enterprise
Securing Splunk Enterprise
Secure access for Splunk knowledge objects

Introduction to securing the Splunk platform

About securing the Splunk platform
How to secure and harden your Splunk platform instance

Install Splunk Enterprise securely

Install Splunk Enterprise securely
Create secure administrator credentials
About TLS encryption and cipher suites
Secure Splunk Enterprise with FIPS
About default certificate authentication
Harden the Splunk Enterprise installation directory on Windows
Secure Splunk Enterprise on your network
Disable unnecessary Splunk Enterprise components
Secure Splunk Enterprise service accounts
Deploy secure passwords across multiple servers
Harden the network port that App Key Value Store uses
Best practices for hardening Splunk Enterprise servers and the operating systems they use
Use network access control lists to protect your deployment

Manage users and roles

Use access control to secure Splunk data
About user authentication
About configuring role-based user access
Define roles on the Splunk platform with capabilities
Create and manage users with Splunk Web
Create and manage roles with Splunk Web
Find existing users and roles
Secure access for Splunk knowledge objects

Perform advanced user and role management in Splunk Enterprise

Create and manage roles in Splunk Enterprise using the authorize.conf configuration file
Configure users with the CLI
Configure access to manager consoles and apps in Splunk Enterprise
Delete all user accounts on Splunk Enterprise

Manage credentials

Password best practices for administrators
Configure Splunk password policies
Configure a Splunk Enterprise password policy using the Authentication.conf configuration file
Password best practices for users
Unlock a user account
Change a user password
Manage out-of-sync passwords in a search head cluster

Use the native Splunk platform authentication scheme

Set up native Splunk authentication

Use LDAP as an authentication scheme

Set up user authentication with LDAP
Manage Splunk user roles with LDAP
LDAP prerequisites and considerations
Secure LDAP authentication with transport layer security (TLS) certificates
How the Splunk platform works with multiple LDAP servers for authentication
Configure LDAP with Splunk Web
Map LDAP groups to Splunk roles in Splunk Web

Perform advanced configuration of LDAP authentication in Splunk Enterprise

Configure LDAP using configuration files
Map LDAP groups and users to Splunk roles using configuration files
Change authentication schemes from native to LDAP on Splunk Enterprise
Remove an LDAP user safely on Splunk Enterprise
Test your LDAP configuration on Splunk Enterprise

Use SAML as an authentication scheme for single sign-on

Configure single sign-on with SAML
Configure SSO with PingIdentity as your SAML identity provider
Configure SSO with Okta as your identity provider
Configure SSO with Microsoft Azure AD or AD FS as your Identity Provider
Configure SSO with OneLogin as your identity provider
Configure SSO with Optimal as your identity provider
Configure SSO in Computer Associates (CA) SiteMinder
Secure SSO with TLS certificates on Splunk Enterprise
Configure Ping Identity with leaf or intermediate SSL certificate chains
Configure SAML SSO for other IdPs
Configure authentication extensions to interface with your SAML identity provider
Configure advanced settings for SSO
Map groups on a SAML identity provider to Splunk roles
Modify or remove role mappings
Troubleshoot SAML SSO

Perform advanced configuration of SAML authentication in Splunk Enterprise

Configuring SAML in a search head cluster
Best practices for using SAML as an authentication scheme for single-sign on
Configure SAML SSO using configuration files on Splunk Enterprise

Use multi-factor authentication in Splunk Enterprise as an authentication scheme

About multifactor authentication with Duo Security
Configure Splunk Enterprise to use Duo Security multifactor authentication
Configure Duo multifactor authentication for Splunk Enterprise in the configuration file
About multifactor authentication with RSA Authentication Manager
Configure RSA authentication from Splunk Web
Configure Splunk Enterprise to use RSA Authentication Manager multifactor authentication via the REST endpoint
Configure Splunk Enterprise to use RSA Authentication Manager multifactor authentication in the configuration file
User experience when logging into a Splunk instance configured with RSA multifactor authentication

Authenticate into the Splunk platform with tokens

Set up authentication with tokens
Configure Splunk Cloud Platform to use SAML for authentication tokens
Enable or disable token authentication
Create authentication tokens
Manage or delete authentication tokens
Use authentication tokens
Troubleshoot token authentication

Authenticate into the Splunk platform using proxy single sign-on

About proxy single sign-on
Configure ProxySSO
Troubleshoot Proxy SSO

Authenticate into Splunk Enterprise using single sign-on with reverse proxy

About single sign-on using reverse proxy
Configure Single Sign-On with reverse proxy
Troubleshoot reverse-proxy SSO

Authenticate into Splunk Enterprise using scripts

Set up user authentication with external systems
Create the authentication script
Connect your authentication system with Splunk Enterprise using the authentication.conf configuration file
Use PAM authentication
Use the getSearchFilter function to filter at search time

Secure Splunk platform communications with Transport Layer Security and Secure Sockets Layer

About securing Splunk Enterprise with SSL
About using SSL tools on Windows and Linux
Configure SSL and TLS protocol version support for secure connections between Splunk platform instances

Secure Splunk platform communications with certificates

About creating certificates for Splunk
Things to know about your certificates
About cipher suites and TLS encryption
How to prepare signed certificates for inter-Splunk communication
Determine your cipher suite
Working with multiple intermediate certificates

Secure communications between Splunk Web and your browser

About securing Splunk Web
Turn on HTTPS encryption for Splunk Web with Splunk Web
Turn on HTTPS encryption for Splunk Web using the web.conf configuration file
Secure Splunk Web with your own certificate
Troubleshoot your Splunk Web authentication

Secure communications between Splunk forwarders and indexers

About securing data from forwarders
Configure Splunk forwarding to use the default certificate
Configure Splunk forwarding to use your own SSL certificates
Validate your configuration
Troubleshoot your forwarder to indexer authentication

Secure distributed Splunk environments

About securing inter-Splunk communication
Configure secure communications between Splunk instances with updated cipher suite and message authentication code
Securing distributed search heads and peers
Secure deployment servers and clients using certificate authentication
Secure Splunk Enterprise services with pass4SymmKey

Audit activity in Splunk Enterprise

Use Splunk Enterprise to audit your system activity
Audit Splunk activity
Use audit events to secure Splunk Enterprise
Manage data integrity

Best practices for Splunk platform security

Safeguards for risky commands
Troubleshoot Splunk forwarder TCP tokens
Avoid unintentional execution of fields within CSV files in third party applications

Appendix A: How to obtain SSL certificates

How to self-sign certificates
How to obtain certificates signed by a third-party for inter-Splunk communication
Self-sign certificates for Splunk Web
Obtain certificates signed by a third-party for Splunk Web
Configure and install certificates in Splunk Enterprise for Splunk Log Observer Connect

Secure access for Splunk knowledge objects

As you use , you create a variety of knowledge objects such as event types, tags, lookups, field extractions, workflow actions, and saved searches. Splunk Web lets you restrict and expand access to knowledge objects within your implementation. You can use it to:

Make an object available to users of all apps.
Make an object available to users of a particular app.
Restrict object access by user role.
Disable or delete objects.
Allow users to share or delete objects they do not own.

For more information about securing your knowledge objects, see Manage knowledge object permissions and Disable or delete knowledge objects in the Knowledge Manager Manual.

Last modified on 19 November, 2024

Find existing users and roles

Create and manage roles in Splunk Enterprise using the authorize.conf configuration file

This documentation applies to the following versions of Splunk^® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.4.2

Comments

Download manual

Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?

Yes No

Please specify the reason

Please provide your comments here. Ask a question or make a suggestion.

Enter your email address if you would like someone from the documentation team to reply to your question or suggestion.

Feedback submitted, thanks!

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters

Your Comment Has Been Posted Above

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here »

Closing this box indicates that you accept our Cookie Policy.

Legal
Privacy
Website Term of Use

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source

Related answers from Splunk Community

Secure access for Splunk knowledge objects

Comments

Was this topic useful?