Security

How to change the default role when creating a new user?

Communicator

By default when a new user is created, the role of "user" is auto assigned to them. I would like to add another default role so new users will automatically have two roles assigned to them.

For example:
Let say we have a role based on office location, so I want to have when I create a new user to auto add the "user" role and the "office_location" role to that new user, so I don't have to select the "office_location" role from the list while I'm creating them.

Which config would these changes be made in?

Thanks!

0 Karma

Esteemed Legend

Edit $SPLUNK_HOME/etc/system/local/authorize.conf and add these lines:

[role_user]
importRoles = YourOtherRoleNameHere
0 Karma

Revered Legend

What is the authentication method that you're using? Native Splunk built-in authentication, LDAP or anything else?

0 Karma

Communicator

We use okta authentication.

0 Karma

Revered Legend

In authorize.conf, there will be mapping of SAML groups to roles. A users will be part of some default SAML group, just update it's mapping in authotize.conf to include all the roles that you want to assign by default.

0 Karma

Super Champion
0 Karma

Communicator

Yeah that's where the roles are but how you do you define what roles a new user starts with?

0 Karma

Ultra Champion

via importRoles = power;userin authorize.conf...

0 Karma

Communicator

I understand that. I want to create a new user -> and have it pick both the user role and another role I need to define somewhere.

Lets say for example we have a role based on office location, so I want to have when I create a new user to auto add the "user" role and the "office_location" role.

I don't want to add the "user" role to another role. We already have that capability.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!