I enabled SSO for Splunk which works almost fine. I found a very annoying behavior with SSO.
If a new user has never logged in Splunk and that user has right to login, SSO keeps shouting that the user is unknow. What I found, is that a new user never logged in Splunk using the login page, splunk didn't add it to the user list and therfore the user.
Any clue how to resolve this annoying behavior ?
i doubt suck things happen. When you add the AD group the users can be seen in the users list. Where do you see unknown? if there are frequent change in the AD group refresh it periodically.
The user is shown in the "Map Group" settings in the authentication. Even if I remap the user, the user doesn't appear in the user list.
Splunk check in the "User List" to map with SSO, so until the first manual login, the user is redirect to the Splunk SSO Error Page saying that there is no matching user.