Only A&B are correct. According to Splunk official documentation:
Set up native Splunk authentication
Native Splunk authentication lets you easily configure users to access Splunk platform resources. The native authentication scheme always takes precedence over any external authentication schemes.
The Splunk platform authenticates users in the following order:
Native Splunk authentication:
Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if you turn it on). For more information, see the following topics:
Set up user authentication with LDAP
Set up user authentication with external systems. Scripted authentication is not available on Splunk Cloud Platform.
Therefore, Radius and DMA are eternal systems.
source: https://docs.splunk.com/Documentation/Splunk/8.1.1/Security/Setupbuilt-inauthentication
The correct answer is A, B and D. In the Authentication Methods console, the options for natively supported authentication are LDAP, SAML and Duo Security.
A, B & C
The authentication methods natively supported within Splunk Enterprise are:
A. LDAP (Lightweight Directory Access Protocol)
B. SAML (Security Assertion Markup Language)
C. RADIUS (Remote Authentication Dial-In User Service)
While Duo Multifactor Authentication can be integrated with Splunk, it is typically done through SAML or another authentication provider and not directly within Splunk Enterprise itself. Therefore, D. Duo Multifactor Authentication is not considered a natively supported authentication method within Splunk.
ABCD, in the document you referenced it includes "RADIUS":Use scripted authentication to integrate Splunk authentication with an external authentication system, such as Remote Authentication Dial-in User Service (RADIUS) or Pluggable Authentication Module (PAM).
A. LDAP
B. SAML
C. RADIUS
Splunk Enterprise natively supports LDAP, SAML, and RADIUS authentication methods. Duo Multifactor Authentication is not natively supported, but it can be integrated with Splunk using third-party plugins or custom scripts.
A & B are correct as we can see https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/Setupbuilt-inauthentication#:~:text=Available%20in%20both%20Splunk%20Cloud,over%20any%20external%20authentication%20schemes.&text=Lightweight%20Directory%20Access%20Protocol%20(LDAP,scripted%20authentication%20(if%20enabled).
I would go for ABCD. In page 239 of System Admin slide deck, it shows the screenshot for Authentication Methods. Internal - Splunk authentication, always on. External: None/LDAP/SAML. Multifactor Authentication: None/DUO Security / RSA Security
Then in the note, it states: Scripted access to PAM, RADIUS or other user account systems are also supported.
The unclear thing here is what exactly they mean with "natively"
ABC - https://docs.splunk.com/Documentation/Splunk/latest/Security/Setupbuilt-inauthentication
Set up native Splunk authentication:
Native Splunk authentication lets you easily set up users to access Splunk platform resources. Available in both Splunk Cloud Platform and Splunk Enterprise, the native authentication scheme always takes precedence over any external authentication schemes.
The Splunk platform authenticates users in the following order:
Native Splunk authentication
Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics:
Set up user authentication with LDAP
Set up user authentication with external systems. Scripted authentication is not available on Splunk Cloud Platform.
I am still not sure because i see this:
The Splunk platform authenticates users in the following order:
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Setupbuilt-inauthentication
1 - Native Splunk authentication
2 - Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled).
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentication
Native Splunk authentication takes precedence over any other type of authentication scheme. When you configure scripted authentication, the Splunk native authentication scheme still processes logins before passing the request onward to the scripted authentication scheme.
A & B
https://docs.splunk.com/Documentation/Splunk/latest/Security/Setupbuilt-inauthentication
Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics:
Splunk Authentication Options
–Native Splunk accounts
–LDAP or AD
–SAML
–Scripted access to PAM, RADIUS, or other user account systems
• Saves the settings in authentication.conf
***ALSO Configuration Duo MFA -----AKA---- DUO MULTIFACTOR AUTHOTICATION
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
newrose
Highly Voted 3 years, 8 months agohwangho
Highly Voted 3 years, 7 months agohwangho
3 years, 7 months ago3bd8ac0
Most Recent 1 week, 5 days agoFrozenYeti
4 weeks, 1 day agoFrank_Rai
4 months, 2 weeks agobobixaka
9 months, 3 weeks agoBozhidarM
1 year, 1 month agojswan382
10 months agokolaturka
1 year, 4 months agoerick165
1 year, 5 months agoshergar
1 year, 8 months agoMando22
1 year, 11 months agowts28
2 years, 1 month agodenominator
2 years, 2 months agoking1993
2 years, 4 months agoDori77777
2 years, 4 months agoBlueRoselia
2 years, 5 months agohuu_nguyen
2 years, 6 months ago