1/16/2024 0 Comments Splunk phantom integrationSome LDAP provider specific things to watch for: Or you can click Save Changes to save the settings without testing them. Your LDAP settings will automatically be saved if the result is success. Click Test Authentication to test that Splunk Phantom can communicate with and query the LDAP server.See Manage your organization's credentials with a password vault. If this is checked, you must also provide the Folder, Key, and Thycotic FieldName values. Manage user credentials using Thycotic Secret Server. Manage password using Thycotic Secret Server Leave this field blank if you are not using group mapping. Use this to confirm that the group mapping will work. The name of a group of which the Test User is a member. Use this to verify that user search is working correctly. The username of an active user who would typically log in to Splunk Phantom. The password for the username to authenticate to the LDAP server. The account will need to be able to query LDAP users and their properties. If the account is set to expire or requires a password change, do these tasks manually and also update the Splunk Phantom system settings to reflect the same. It will ideally be a service account specifically set up for this purpose, not one belonging to a human user.) This will allow you to grant the account the minimal permissions necessary, set account expiration off, and other protective measures to track how the account is used. The username for authenticating to the LDAP server. This field is used as part of the LDAP query. The domain name of your organization such as, used to generate DNS. The DNS name or IP address for your AD/LDAP Server, without or If you plan to use SSL, you must supply a DNS name that matches the certificate. Specify a unique name to easily identify this provider. See Manage Splunk Phantom's certificate store. Enable TLS/SSL encryption to check the server certificate against the Splunk Phantom certificate store. ![]() If this match happens to be for a different user and not the user who is attempting to login, then authentication fails.ĭetermines whether secure LDAP connections are required. If the same username exists on multiple servers, the first one matched is used. If there are multiple LDAP servers, Splunk Phantom searches each server in a random order to find a match for the username. The toggle button in the LDAP field enables LDAP authentication for all servers which are marked Active. You can have multiple LDAP servers and the Active checkbox determines which ones are used by Splunk Phantom for authentication. Use this checkbox in conjunction with Add Another at the bottom of the page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |