Security

How to change the default role when creating a new user?

ejharts2015
Communicator

By default when a new user is created, the role of "user" is auto assigned to them. I would like to add another default role so new users will automatically have two roles assigned to them.

For example:
Let say we have a role based on office location, so I want to have when I create a new user to auto add the "user" role and the "office_location" role to that new user, so I don't have to select the "office_location" role from the list while I'm creating them.

Which config would these changes be made in?

Thanks!

0 Karma

woodcock
Esteemed Legend

Edit $SPLUNK_HOME/etc/system/local/authorize.conf and add these lines:

[role_user]
importRoles = YourOtherRoleNameHere
0 Karma

somesoni2
Revered Legend

What is the authentication method that you're using? Native Splunk built-in authentication, LDAP or anything else?

0 Karma

ejharts2015
Communicator

We use okta authentication.

0 Karma

somesoni2
Revered Legend

In authorize.conf, there will be mapping of SAML groups to roles. A users will be part of some default SAML group, just update it's mapping in authotize.conf to include all the roles that you want to assign by default.

0 Karma

ejharts2015
Communicator

Yeah that's where the roles are but how you do you define what roles a new user starts with?

0 Karma

ddrillic
Ultra Champion

via importRoles = power;userin authorize.conf...

0 Karma

ejharts2015
Communicator

I understand that. I want to create a new user -> and have it pick both the user role and another role I need to define somewhere.

Lets say for example we have a role based on office location, so I want to have when I create a new user to auto add the "user" role and the "office_location" role.

I don't want to add the "user" role to another role. We already have that capability.

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...