Authorization
When you add a Splunk Enterprise Security card to a flow for the first time, Okta Workflows prompts you to configure the connection. This connection links to your Splunk Enterprise Security account and saves your account information, so you can reuse the connection for future Splunk Enterprise Security flows.
You can create multiple connections and manage them from your Connections page.
Before you begin
You need to following elements to create a Splunk Enterprise Security connection:
-
A Splunk authentication token. Token generation may be restricted to users with admin capabilities. The token requires the following capabilities to support the connector's available functionality:
- edit_user
- list_all_roles
- edit_httpauths
- list_httpauths
-
The hostname of your Splunk Enterprise Security instance.
-
The port of your Splunk Enterprise Security instance. By default, this is typically 8089, but may differ depending on your settings. You may need to contact Splunk support to open port 8089 on your deployment.
-
If your Splunk Enterprise Security instance has a configured IP allowlist, you need to add the required Okta IP addresses to the Splunk Enterprise Security allowlist. See Allow access to Okta IP addresses.
Create a Splunk Enterprise Security connection
-
Click New Connection.
-
Enter a connection Name. This is useful if you plan to create multiple connections to share with your team.
-
Optional. Enter a connection Description. This is useful to have more information regarding your connection.
-
Enter the Host name of your Splunk Enterprise Security instance.
-
Enter the Port number of your Splunk Enterprise Security instance.
-
Enter the Authentication Token.
-
Click Create.