Which of the following is true regarding SAML (IdP) and Splunk Cloud? Select all that apply.

The statement that credentials are exchanged through a browser session is indeed accurate regarding SAML (Security Assertion Markup Language) and Splunk Cloud. In a SAML setup, the authentication process typically involves the user being redirected from the Splunk Cloud interface to the Identity Provider (IdP) via a browser session. After the user is authenticated by the IdP, the IdP sends a SAML assertion back to the Splunk Cloud instance, which confirms the user's identity. This process ensures secure credential exchange while leveraging web technologies.

When considering the other options, it’s important to note that while Splunk Cloud does support SAML, it primarily integrates with a single IdP rather than multiple identity providers, which makes the option about using multiple IdPs inaccurate in this context. Additionally, while SAML assertions may use digitally signed XML, the specific mechanics of how Splunk Cloud handles these signatures might differ, thereby complicating a simple endorsement of that choice. Finally, in a SAML configuration, user credentials are not stored locally in Splunk; rather, authentication occurs through the IdP, which means Splunk does not maintain those credentials directly.