After turning on Okta SAML authentication, saved s...

ronerf · ‎09-10-2018

Since i moved authentication from LDAP to SAML, $SPLUNK_HOME/etc/users has a bunch of new username@our.domain directories (the old username directories are still there). What's the best way (migrating the contents of username to username@our.domain? or changing a setting so username settings go back to how they were? something else?) to fix this?

mibrown_splunk · ‎10-12-2020

Your identity provider should be able to map the LDAP usernames to SAML usernames. When you do this, you won't need to reassign knowledge objects including saved searches. In our case we mapped samAccountName to realName (this is a config on the identity provider side) in order to keep user directories the same.

DennisWoerner · ‎09-12-2018

Hi @ronerf
I've had the same issue as you when I changed the authentication from LDAP to SAML.
My solution was to reassign the Knowledge Objects to the new naming schema because it was only for a couple of users.
I don't know how Okta works but it's generally possible for IDPs to change the way, a username is send to Splunk.

Maybe the Okta Support can help you changing the transfered username or you reassign the Knowledge Objects manually.

Kind regards,
Dennis

After turning on Okta SAML authentication, saved searches and reports are no longer available

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk