Configure the Splunk platform as an Open Authorization version 2.1 server

Safely unlock the full value of your machine data across your ecosystem, fostering innovation while maintaining enterprise-grade security and granular control over data access.

Note: Configuring an Open Authorization version 2.1 server on the Splunk platform is currently a Controlled Availability feature. In the Controlled Availability release stage, Splunk products might have limitations on customer access, features, maturity, and regional availability. For additional information on Controlled Availability please contact your Splunk representative.

You can configure the Splunk platform as an Open Authorization version 2.1 (OAuth 2.1) server that operates using the model context protocol (MCP) to let external OAuth 2.1 client applications connect to and access data that is stored on the Splunk platform.

For example, you can connect an external OAuth client application to the Splunk OAuth server such that the client can run reusable tasks, known as skills, on the Splunk server on behalf of existing Splunk users. When you connect the OAuth application to the Splunk platform, users of the application can then consent to connecting their Splunk account and accessible data to the application. The application can then collect information from the Splunk platform on behalf of the user, using the user role-based access control for the requests.

Define an OAuth 2.1 client on the Splunk platform

Set up an Open Authorization version 2.1 server on your Splunk platform instance to let OAuth clients access it using Model Context Protocol (MCP)

To let external Open Authorization version 2.1 client applications access your Splunk platform instance for the purposes of accessing Splunk data, you must have the following items in place:

  • An OAuth 2.0 client application that you want to connect to your Splunk platform instance for the purposes of retrieving Splunk data

  • The redirect URI for the client application, which you provide to the Splunk platform instance as a callback during the client authorization flow

  • A Splunk user that the OAuth client application will act as when it connects to retrieve Splunk data.

  • Administrator access to your Splunk platform instance

This procedure is the first stage of setting up the authorization grant flow from external OAuth client applications to the Splunk platform instance.
  1. Log into your Splunk platform instance as the user under which you want to create the Splunk OAuth client.
  2. Select Settings > Authentication Methods.
  3. Under OAuth Configurations, select Splunk OAuth Clients. The Splunk platform Open Authorization clients page loads.
  4. Select + Create Client. The New Splunk OAuth Client page loads.
  5. In the Client Name field, enter a name for the configuration that you will remember and that will be understandable to those who use the client application.
  6. Note: The Client Name is a public name. Users that connect to this client see this name and use it to confirm and give consent to the client.
    In the Redirect URIs field, enter one or more redirect URIs for the OAuth client application. These are the URIs that the Splunk platform sends the browser to as part of the authorization flow for the client application. You get the URIs from the client application configuration.
  7. Select Save. The Splunk platform saves the OAuth client and loads the Review New Splunk OAuth Client page.
  8. Review the information on the page. The Splunk platform shows the Client Name and Redirect URI as you previously entered. It also shows the following bits of information that you use to configure the OAuth client applicationt to connect to the Splunk OAuth 2.1 server:
    1. Client ID. The Client ID is an ID that the Splunk platform generates that is unique to this OAuth client configuration. The OAuth client application needs this client ID to know to connect to your Splunk platform OAuth server. You can select the clipboard icon to copy this client ID. After you copy the client ID, you can then provide it to the OAuth client that connects to this Splunk platform OAuth server in its configuration pages.
    2. Client Secret. The Client secret is the credential that the OAuth client application uses to connect to the Splunk OAuth server. The OAuth client application needs this client secret to correctly authenticate into your Splunk platform OAuth server. You can select the eye icon to see the client secret in plain text, or select the clipboard icon to copy this client secret. After you copy the client secret, you can then provide it to the OAuth client that connects to this Splunk platform OAuth server in its configuration pages. Note: You only have one opportunity to copy the client secret, as you can neither see nor copy the secret again after you leave the page.
    3. Tokens URL. The Tokens url is the URL that the OAuth client application uses to pass tokens from the Splunk platform back to the client application. You can select the clipboard icon to copy this URL. After you copy the URL, you can provide it to the OAuth client application that connects to this Splunk platform OAuth server.
    4. Authorization URL. The Authorization URL is the URL that the OAuth client application uses to authenticate into the Splunk platform OAuth server. You can select the clipboard icon to copy this URL. After you copy the URL, you can provide it to the OAuth client application that connects to this Splunk platform OAuth server.
    5. Grant type. The Grant type is the type of OAuth grant that the Splunk platform gave the OAuth client application with this Splunk OAuth client. You can't change this information.
  9. Select Close. The Review New Splunk OAuth client page closes.
  10. Log out of the Splunk platform instance.
Completing this procedure configures a Splunk OAuth client to which OAuth client applications can connect to establish an authorization grant flow between the client application and the Splunk platform instance. You can repeat the procedure to establish additional Splunk OAuth clients to which other OAuth client applications can connect.

Connect and use an OAuth 2.1 client on the Splunk platform OAuth server

After setting up an Open Authorization (OAuth) version 2.1 client on the Splunk platform, you can connect an OAuth application to the Splunk server and authorize it to collect and use your Splunk data.

You must already have defined a Splunk OAuth client on the Splunk platform instance before you can use these steps to complete the authorization grant flow.
After the Splunk administrator sets up an Open Authorization version 2.1 (OAuth 2.1) client on the Splunk platform instance, you can then log into your OAuth client application and connect it to the instance using the information that the Splunk administrator provided.
  1. Log into your OAuth client application.
  2. From the client application, initiate a connection to the Splunk platform OAuth Server.
  3. If you have configured everything correctly, the application loads the Splunk platform instance login page. Enter the username under which you created the Splunk OAuth client.
  4. The Splunk platform presents an Authorize Application? page. It provides information on which client is attempting to connect to your Splunk platform OAuth server. It attempts to connect as the user you used to create the Splunk OAuth client.
  5. If you want to let the OAuth client application connect to the Splunk OAuth client, select Allow access. If you are not sure or do not want to do this, select Deny Access.
  6. If you selected Allow access, your OAuth client application alerts you to the fact that the transaction was successful. It will present the tokens that the Splunk platform sent to the application as part of the authorization flow. You can now make calls to your Splunk platform instance as the user under which you configured the Splunk OAuth client, with whatever permissions that user has on the Splunk platform instance.
Completing this procedure connects your OAuth client application to the Splunk OAuth client on the Splunk platform instance and lets the application retrieve Splunk data based on the user that you used to create the Splunk OAuth client.