Centrify Active Directory Integration for Splunk
Overview
Details
NOTE: You will need to download and install Centrify Express (http://www.centrify.com/express) for this splunk add-on to work. See README.txt for more information.
"I thought Splunk already provided Active Directory Integration? How is this different/better?"
Great question! As it turns out Active Directory can be a very complicated system to robustly integrate with in the real world. Centrify has built an entire company out of robustly integrating *NIX systems to Active Directory for centrally managing accounts, identity, access control, authorization and audit of non-Windows systems.
This Splunk add-on (along with any version of Centrify DirectControl) provides the following unique Active Directory integration features for Splunk:
- Native AD Join: Using MS licensed native protocols, we join the *NIX Splunk system to AD securely with Kerberos
- Support for AD trusts/multiple domains: Complex one-way, two-way and transitive cross-forest trusts are supported
- Support for AD Sites and Services: Automatically discover the nearest domain controller
- Offline Cache: For authenticating users when no domain controller is reachable
- Dynamic DNS and DC selection: We automatically measure the health and responsiveness of both DNS and the domain controllers to ensure successful authentication
And some great Splunk specific features include:
- Support for multiple login names: The following forms of logging in are all provided
account name: e.g. corey.williams
fully qualified name: e.g. corey.williams@centrify.com
domain name: CENTRIFY.COM\corey.williams
full name: Corey Williams
- Support for mapping AD groups to Splunk Roles: Maintain your Splunk role assignments through the use of Active Directory groups
Getting Started
- Download and install Centrify Express from http://www.centrify.com/express for your specific OS
NOTE: This add-on will not function unless Centrify Express is installed and successfully joined to Active Directory
- Download/Install the centrify.express.auth app
- Restart splunk
- Login with your Active Directory username and password. If the user is allowed to login to splunk and has a valid splunk role, then a splunk user account will be created and the user will login per the assigned role.
NOTE: The user must belong to the splunk-users group in Active Directory to be allowed to login to splunk. You may edit/change this required groupname in the $SPLUNKHOME/etc/apps/centrify.express.auth/bin/cdcScripted.py script.
NOTE: The user must belong to at least one Active Directory group that has the same name as a splunk role. For example: clone the default users role in splunk and name it splunk-users.
NOTE: You may also map an Active Directory group to a splunk role using group overrides in Centrify Express. For more information consult the Centrify Express admin guide.
Contacting Centrify
- For technical support or to get help with installing or using Centrify Express, please visit http://community.centrify.com
- For information about purchasing Centrify products, send email to info@centrify.com.
Release Notes
Version 1.0.2
Changes to the app name and description
Version 1.0.1
Minor metadata/description updates.