Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to remove users from Splunk registered by SAML?

Clecimar
Explorer
‎08-30-2022 07:46 AM

Hi everyone, I need to remover users that leave the company. I´ve already remove them from company AD, but the remains on the Splunk Cloud.

Someone know how can I delete/remove them from Splunk Cloud ?

Thank you.

Clecimar

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-30-2022 09:58 AM

Go to Settings->Users.  For each user no longer in SAML, select Edit->Delete.  There is no automated process.  Go to https://ideas.splunk.com to suggest one or to vote for an existing idea.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Clecimar
Explorer
‎08-31-2022 10:40 AM

Hi everyone.

This didn´t work for me. Even I remove the user from AD, it remains on Splunk and I haven´t the option to remove it as you suggest.

Would be a integration issue ?

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-31-2022 12:24 PM

You account may have insufficient permissions to delete users.  I believe you need the edit_user capability.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

skseifert
Engager
Tuesday

I am in a role that has "edit_user" selected, and I too can not delete a SAML user.  

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
Tuesday

I was able to find solution for this.

You can delete the user with REST Call if you have Admin level access.

This worked fine for me.

curl -k -u test_user:<PWD> --request DELETE https://stackname.splunkcloud.com:8089/services/admin/SAML-user-role-map/<username>


0 Karma
Reply
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-14-2022 05:37 AM

Great!

This is the kind of answer I was looking for. Thank to understand my question.

Clecimar

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-04-2022 12:23 PM

No, I´m administrator.

I´m going to open a case on support.

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
‎04-14-2023 10:25 AM

Did you get any response from splunk support for this issue?

 

I am also Splunk admin & I don't see an option to remove deactivated SAML user from UI. 

It's not feasible to request support request every time a user is deactivated.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! &#x1f308; In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...