After checking out the Get Started with Connected Experiences blog, you’ll be an expert on 1) how your Splunk data gets to mobile, (2) how to unlock mobile for your Splunk instance, and (3) how user management works. So, with this blog, I’d say it’s time to talk about the many login methods users can leverage with their Splunk instance on mobile.
To start, there are four main methods of logging into Splunk for your Connected Experiences app! Although their advantages vary, they are all designed to accomplish the following:
Now that we’re familiar with the building blocks behind the login options available for Splunk Mobile/AR/TV/iPad, let’s jump into what’s available for you to take advantage of!
Let’s start with our original method of logging in, and method that still works for every product and every Splunk version: Authentication Code
Authentication Code Login starts with downloading and opening your Connected Experience app. Inside the app, you will find a 10-digit alphanumeric code. Simultaneously, open your Splunk instance up on your computer and navigate to the Splunk Secure Gateway (aka “SSG”) app. On the “Home” page of SSG, you’ll see a list of any devices you’ve already registered and you’ll see a “Add new device” button.
Clicking on the “Add new device” button allows you to select which app you’re registering for, and type in the ten-digit code presented on your mobile device. Once complete, SSG may prompt you to enter your username and password (or automatically apply your SSO credentials) to securely authenticate the device to the user and the Splunk Cloud or Enterprise Platform instance.
Just like that, you’re done logging in! You can see the device appear on the Home page of SSG, allowing you or the admin to manage the device and see its current status. Again, Authentication Code works for every Connected Experiences app, every version of Splunk Cloud or Enterprise Platform, and both local and SAML users. It’s a great place to get started with Connected Experiences.
If you’ve taken a flight, enjoyed a sports game, or attempted to view a menu at a restaurant recently - you’ve probably used a QR code to access data. Now, you can use QR codes to access Splunk too! This new method launched at .conf21 and is available for Splunk Cloud Platform version 8.2.2109 and coming soon for Splunk Enterprise Platform. Built on the same structure of Authentication Code registration, QR code allows users to skip the manual code exchange and instead simply scan a QR code presented in SSG from a new QR code experience inside of Splunk Mobile. This method upholds the same security and user management principles set by Authentication Code login, but makes logging in quicker and dare I say it — fun!
The third registration method I’d like to showcase today is dubbed SSO In-App Login. Unlike the two methods above, SSO In-App Login is named for its ability to log in users without them having to leave the mobile app to use SSG. Available for Splunk Cloud Platform instances (version 8.1.2103 and higher) and Splunk Mobile, users can begin logging in by downloading and opening the Splunk Mobile app. After navigating to the “Instance Manager” screen and clicking to add a new Private Splunk Instance, you’ll see an “SSO” tab. This is where the magic happens. You can complete the login simply by entering your Splunk Cloud Platform hostname and following that up with your SSO credentials. It’s important to note that if your Splunk Cloud Platform SSO endpoint sits behind a firewall, the mobile device should use a VPN connection to facilitate this log in.
Plus, if you need a hand in figuring out what your Splunk Cloud Platform hostname is, we’ve made good use of another QR code to auto-magically fill that information for you. If you are an sc_admin, you can find and distribute a QR code that auto-populates your Splunk Cloud Platform hostname data by heading to SG > Administration > Deployment Settings. Users can then scan the QR code (especially if shared out by the sc_admin), and enter their SSO credentials to securely authenticate to their Splunk Cloud Platform seamlessly within Splunk Mobile.
Last but not least is Mobile Device Management (or “MDM”) Login. This method follows the above “in-app” trend but brings that ability to both Splunk Cloud and Enterprise Platform instances. As an admin, you can securely point the device at your chosen Splunk Platform instances using MDM. Then, when users open the Splunk Mobile app for the first time they can select from a list of pre-populated instances and login directly on the phone.
It works like magic, and any admin can start with the one-time setup by visiting Splunk Secure Gateway > Administration > Mobile Device Management to follow our in-product guide to facilitating MDM Login.
Thanks for checking out this blog and familiarizing yourself with all of the ways logging into Connected Experiences is made easy. Want to see them in action? Check out the below video to see a demo of each of the registration methods . Now you can feel comfortable deploying and managing your Connected Experiences app using whichever method suits your organization best!
Keep an eye out for more Connected Experiences blogs every week and review the past ones here.
This article was co-authored by Dylan Conway, Product Manager for Mobile, and Jesse Chor, VP of Engineering.
----------------------------------------------------
Thanks!
Jesse Chor
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.