Skip to main content

Setup SAML in Azure Active Directory

Setup SAML in Azure Active Directory

Before starting, decide the following:

  • Should all users or only specific users/groups access UXM?
  • Should Splunk roles be automatically assigned based on Azure AD groups?

⚠️ Important
When using SAML login, all users receive the assigned Splunk role.
Multiple role assignments only work if the Role Alias maps to Azure AD groups.


Setup Enterprise Application in Azure AD

  1. Go to: https://portal.azure.com

  2. Navigate to:
    Azure Active Directory → Enterprise Applications

  3. Click New application


Add Splunk Application

  1. Search for:
    Azure AD SSO for Splunk Enterprise and Splunk

  2. Enter name:
    UXM Cloud - SSO

  3. Click Add


Configure Properties

  1. Go to: Manage → Properties

  2. Set User assignment required? to:

    • No (allow all users)
    • OR Yes (manually assign users/groups)
  3. (Optional) Upload UXM logo:
    https://repo.uxmapp.com/appIconAlt_2x.png


Configure SAML SSO

  1. Go to: Manage → Single Sign-on

  2. Select SAML


Basic SAML Configuration

Enter:

  • Identifier (Entity ID):
    https://customername.uxmapp.com

  • Reply URL (ACS):
    https://customername.uxmapp.com/saml/acs

  • Sign-on URL:
    https://customername.uxmapp.com/en-GB/
    or
    https://customername.uxmapp.com/en-US/

  1. Click Save


Configure User Claims

  1. Go to User Attributes & Claims
  2. Add the following claims:
Claim NameNamespaceSource Attribute
displaynamehttp://schemas.microsoft.com/identity/claimsuser.displayname
companynamehttp://schemas.xmlsoap.org/ws/2005/05/identity/claimsuser.companyname
mailhttp://schemas.xmlsoap.org/ws/2005/05/identity/claimsuser.mail
  1. Click Add new claim and configure each


Configure SAML Certificate

  1. Go to SAML Signing Certificate

  2. Set signing option:

    • ✅ Sign SAML response and assertion
  3. Add notification email:
    support@uxmapp.com


Export Metadata

  1. Download Federation Metadata XML

  2. Send to:
    support@uxmapp.com


Setup SAML in Splunk

Requirements

  • Ensure DNS is configured
  • Or use local hosts file for testing

Configure SAML in Splunk

  1. Go to:
    Splunk → Settings → Access Controls → Authentication Methods
  2. Select SAML
  3. Click Configure Splunk to use SAML

Import Metadata

  1. Upload the Federation Metadata XML from Azure AD


Update Required Fields

  • Entity ID:
    FQDN used for login

  • Role Alias:
    Must match Azure AD claim

Options:

  • Company:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname

  • Groups:
    http://schemas.microsoft.com/ws/2008/06/identity/claims/groups


Additional Settings

  • RealName Alias:
    http://schemas.microsoft.com/identity/claims/displayName

  • Mail Alias:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  • Name ID Format: Email Address

  • FQDN: same as Azure setup

  • Redirect Port: 443

  • SSO Binding: HTTP POST

  • SLO Binding: HTTP POST


Test Login

  • Save configuration
  • Test login in Incognito mode

Update Expired Certificate

  • Certificate path:
    $SPLUNK_HOME/etc/auth/idpCerts/idpCert.pem
  • Valid for 3 years

Generate New Certificate (Azure)

  1. Go to Single Sign-on → SAML Signing Certificate

  2. Click New Certificate

  3. Download as Base64

  4. Set as Active

  5. Delete old certificate


Upload Certificate

  • Send new certificate to:
    support@uxmapp.com

  • It will be updated in Splunk

  • No restart required


Troubleshooting

Multiple Certificates Error

There are multiple certs, idpCertPath:idpCert.pem must be a directory
  • Ensure only one active certificate in Azure AD

  • Or manually update idpCert.pem


Extract Certificates Tool

https://www.rcfed.com/SAMLWSFed/MetadataCertificateExtract


Login Debugging

  • Use SAML Chrome Plugin

  • Check attributes returned by Azure AD


Deleting Old SAML Users

To remove inactive users:

  • Contact: support@uxmapp.com
  • API endpoint:
https://customername.uxmapp.com:8089/services/admin/SAML-user-role-map/userId