Step two: Create a new service account user on the remote deployment and assign the role to it
The next step in creating a federated provider service account is creating a service account user on the remote deployment. This user is the service account for the federated provider. Assign the role you identified or created in the first step to this service account user.
Note: This step is the same whether your federated provider will use standard mode or transparent mode.
See Create and manage users with Splunk Web, in the Securing the Splunk Platform manual.
- On the remote deployment, in Splunk Web, select Settings, then Users.
- Select New user.
Note: The service account user must be native to the remote Splunk deployment. Federated search does not support setup of service account users that are provisioned through identity providers like Active Directory and authentication schemes like Lightweight Directory Access Protocol (LDAP) or Security Assertion Markup Language (SAML).
- Give the service account user a name, password, and time zone.
- Give this user the remote deployment role you defined or identified in the previous task.
- Deselect the Require password change on first login option.
- Select Save.
- Save a record of the username and password for the service account. You need these credentials for the Service Account Username and Service Account Password fields when you create the federated provider definition for the remote deployment.