Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to remove users from Splunk registered by SAML?

Clecimar
Explorer
‎08-30-2022 07:46 AM

Hi everyone, I need to remover users that leave the company. I´ve already remove them from company AD, but the remains on the Splunk Cloud.

Someone know how can I delete/remove them from Splunk Cloud ?

Thank you.

Clecimar

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-30-2022 09:58 AM

Go to Settings->Users.  For each user no longer in SAML, select Edit->Delete.  There is no automated process.  Go to https://ideas.splunk.com to suggest one or to vote for an existing idea.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Clecimar
Explorer
‎08-31-2022 10:40 AM

Hi everyone.

This didn´t work for me. Even I remove the user from AD, it remains on Splunk and I haven´t the option to remove it as you suggest.

Would be a integration issue ?

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-31-2022 12:24 PM

You account may have insufficient permissions to delete users.  I believe you need the edit_user capability.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

skseifert
Engager
‎05-30-2023 12:29 PM

I am in a role that has "edit_user" selected, and I too can not delete a SAML user.  

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
‎05-30-2023 12:37 PM

I was able to find solution for this.

You can delete the user with REST Call if you have Admin level access.

This worked fine for me.

curl -k -u test_user:<PWD> --request DELETE https://stackname.splunkcloud.com:8089/services/admin/SAML-user-role-map/<username>


Reply
Solved! Jump to solution

jmartens
Path Finder
‎10-29-2024 02:58 AM

Although removing through REST probably works I find it easier to do it this way:

  1. edit the configuration file in SPLUNK_INSTALL_DIR\etc\system\local\authentication.conf
  2. Naviate to Settings > Authentication methods > reload authentication configuration
Reply
Solved! Jump to solution
Solution

vzabawski
Path Finder
‎09-14-2022 02:23 AM

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

vzabawski_0-1663147345997.png

 

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-14-2022 05:37 AM

Great!

This is the kind of answer I was looking for. Thank to understand my question.

Clecimar

Reply
Solved! Jump to solution

Clecimar
Explorer
‎09-04-2022 12:23 PM

No, I´m administrator.

I´m going to open a case on support.

Thank you.

Clecimar

0 Karma
Reply
Solved! Jump to solution

dbhojani
Explorer
‎04-14-2023 10:25 AM

Did you get any response from splunk support for this issue?

 

I am also Splunk admin & I don't see an option to remove deactivated SAML user from UI. 

It's not feasible to request support request every time a user is deactivated.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...