Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk UI Login Issue via SAML SSO – Assistance Required for Role Mapping Validation

sakshi1
New Member
3 weeks ago

Hello Team,

We are facing an issue with Splunk UI access via SAML SSO and would like your assistance in validating the role/group requirements on the Splunk side.

Issue Description

Users are unable to access the Splunk UI via SAML authentication.
Splunk services and infrastructure are running normally.

Error Observed

SAML response does not contain group information
sakshi1_0-1776095203195.png

 



Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @sakshi1 

As @richgalloway suggested, this sounds like the local role isnt mapped correctly to the SAML role, or it could be that if you've used a Role Alias in the SAML configuration (https://yoursplunkinstance/en-US/manager/launcher/saml/configuration) then it could be using the incorrect role alias.

You might find that using Google Chrome's Developer tool 'SAML' tab is helpful for diagnosing this as you can see the full SAML response which should list the roles. You can then compare the role field name against the SAML Configuration/Alias and the value against the local mapping. Note that sometimes (e.g. Azure/EntraID) it is a role GUID that is presented instead of the friendly name, its this GUID which you will need to map.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

richgalloway
SplunkTrust
SplunkTrust
3 weeks ago

After configuring SAML, did you map group names to Splunk roles?  Does your Identity Provider contain group names for each user that will have access to Splunk?  Without both of those, Splunk has no way to know what permissions to grant the user.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...