Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to remove users from Splunk registered by SAML?

Clecimar
Explorer
‎08-30-2022 07:46 AM

Hi everyone, I need to remover users that leave the company. I´ve already remove them from company AD, but the remains on the Splunk Cloud.

Someone know how can I delete/remove them from Splunk Cloud ?

Thank you.

Clecimar

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-30-2022 09:58 AM

Go to Settings->Users.  For each user no longer in SAML, select Edit->Delete.  There is no automated process.  Go to https://ideas.splunk.com to suggest one or to vote for an existing idea.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Clecimar
Explorer
‎08-31-2022 10:40 AM

Hi everyone.

This didn´t work for me. Even I remove the user from AD, it remains on Splunk and I haven´t the option to remove it as you suggest.

Would be a integration issue ?

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-31-2022 12:24 PM

You account may have insufficient permissions to delete users.  I believe you need the edit_user capability.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

skseifert
Engager
‎05-30-2023 12:29 PM

I am in a role that has "edit_user" selected, and I too can not delete a SAML user.  

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
‎05-30-2023 12:37 PM

I was able to find solution for this.

You can delete the user with REST Call if you have Admin level access.

This worked fine for me.

curl -k -u test_user:<PWD> --request DELETE https://stackname.splunkcloud.com:8089/services/admin/SAML-user-role-map/<username>


Reply
Solved! Jump to solution

jmartens
Path Finder
‎10-29-2024 02:58 AM

Although removing through REST probably works I find it easier to do it this way:

  1. edit the configuration file in SPLUNK_INSTALL_DIR\etc\system\local\authentication.conf
  2. Naviate to Settings > Authentication methods > reload authentication configuration
0 Karma
Reply
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-14-2022 05:37 AM

Great!

This is the kind of answer I was looking for. Thank to understand my question.

Clecimar

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-04-2022 12:23 PM

No, I´m administrator.

I´m going to open a case on support.

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
‎04-14-2023 10:25 AM

Did you get any response from splunk support for this issue?

 

I am also Splunk admin & I don't see an option to remove deactivated SAML user from UI. 

It's not feasible to request support request every time a user is deactivated.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...