Define an OAuth 2.0 external application server

Defining an external application server on your Splunk Enterprise instance lets you allow incoming connections from client applications on your identity provider (IdP) to access Splunk data.

To let external Open Authorization version 2.0 client applications access your Splunk platform instance for the purposes of accessing Splunk data, you must have the following items in place:

  • An OAuth 2.0 client application that is registered on your identity provider (IdP) with necessary client credentials including the client ID and client secret

  • The issuer URL, client ID claim, and Java Web Key Sets (JWKS) URL from the IdP client application

  • Administrator access to your Splunk platform instance (specifically, the Splunk user you log in with must hold the 'list_oauth_configs" and "edit_oauth_configs" Splunk capabilities)

  1. Log into your Splunk platform instance.
  2. Select Settings > Authentication Methods.
  3. Under External Frameworks, select Open Authorization (OAuth) 2.0. The OAuth 2.0 page loads.
  4. Select + New Configuration. The New Configuration page loads.
  5. In the Configuration Name field, enter a name for the configuration that you will remember.
  6. In the Issuer URL field, enter the URL that identifies the OAuth 2.0 server in the tokens that the OAuth 2.0 server creates.
  7. In the JSON Web Key Set URL field, enter the URL from the IdP client application that represents the set of JavaScript Object Notation (JSON) Web Key Set (JWKs) that are used to verify JSON Web Tokens that the authorization server issues.
  8. In the Audience field, specify the expected audience for this configuration. Typically, the audience will be "splunk" for the purposes of an external OAuth client application connecting to your Splunk platform instance, but can be any string that is pertinent to your organization's needs.
  9. In the Client ID claim field, enter the name of the JSON Web Token (JWT) claim that contains the client ID. This claim comes from the client application that you set up on the IdP. The Splunk platform uses this ID to identify the client application that makes the incoming authorization request.
  10. In the Group claim field, enter the name of the JWT claim that contains the groups that the client application sends as part of the authorization request. The Splunk platform uses the group claim to identify the groups that will have access to Splunk data when you map those groups to Splunk roles, as described in "Map groups from the client application on the identity provider to Splunk roles".
  11. (Optional) In the Full Name Claim field, enter the name of the JWT claim that contains the full name of the client that the client application sends as part of the authorization request. The Splunk platform uses the full name claim to provide a human-readable name for the client that makes the incoming request.
  12. Select Save.
The Splunk platform saves the new configuration and reloads the OAuth 2.0 configurations page with the new configuration in the list.