topic Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles in Security

Splunk Cloud SAML Auth Admins Unable to Edit User Roles

jbeach — Fri, 07 Mar 2025 16:42:13 GMT

Splunk Cloud had an update this past Sunday, 3 Mar 2025. Since then, admins are unable to change a user's role. Is this a bug?

We use the Chargeback App, and have it configured to use user roles to delineate charges per team.

Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles

kiran_panchavat — Fri, 07 Mar 2025 17:02:19 GMT

@jbeach

Did you review this? I don't see any known issues related to your concern.

https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/ReleaseNotes/Issues

I kindly ask you to submit a Splunk Support ticket.

Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles

livehybrid — Fri, 07 Mar 2025 17:03:51 GMT

Hi @jbeach

In the title you mention SAML Auth - Are your users using SAML to login to Splunk Cloud, if so the role mappings for them should be managed by the authentication provider. Its possible that a change was made to prevent admins from trying to manually change these role mappings, as they are overwritten when a user logs in to Splunk Cloud.

One thing you could check is if you're able to modify the role of any non-SAML based users to rule out other issues.

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles

jbeach — Fri, 07 Mar 2025 17:14:07 GMT

@livehybrid

I checked the non-SAML users and I can edit them.

I am waiting on our Splunk Engineer to answer internally, but I think your answer is most plausible. Unfortunate, but plausible.

Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles

jbeach — Fri, 07 Mar 2025 17:16:03 GMT

@kiran_panchavat

Thank you. I have a request in to our Splunk Engineer. I am afraid they are going to tell me what @livehybrid said--that the roles must be mapped by the auth provider.

I did look at your link, and do not see anything related to my concern--as you stated.

Re: Splunk Cloud SAML Auth Admins Unable to Edit User Roles

livehybrid — Fri, 07 Mar 2025 17:31:30 GMT

Ive had a look through a bunch of the release notes for recent versions and there is no mention of a change in behaviour for this, or it listed as a bug fix, but again, that doesnt mean it has not been changed!

For the customers I have setup SAML for I've always had make a point of telling them to manage the access via the IdP. Also, dont forget that users wont automatically be deleted if they're removed from the IdP unless authentication extensions is configured. Anyway..back to the issue! Please let us know how you get on.

Glad to hear people using the chargeback app, I used it a couple of years ago and whilst it took a bit of setting up, it was great once in place!

Good luck 🙂

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will