Solved: Re: How to remove users from Splunk registered by ...

Clecimar · ‎08-30-2022

Hi everyone, I need to remover users that leave the company. I´ve already remove them from company AD, but the remains on the Splunk Cloud.

Someone know how can I delete/remove them from Splunk Cloud ?

Thank you.

Clecimar

vzabawski · ‎09-14-2022

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

View solution in original post

richgalloway · ‎08-30-2022

Go to Settings->Users. For each user no longer in SAML, select Edit->Delete. There is no automated process. Go to https://ideas.splunk.com to suggest one or to vote for an existing idea.

---
If this reply helps you, Karma would be appreciated.

Clecimar · ‎08-31-2022

Hi everyone.

This didn´t work for me. Even I remove the user from AD, it remains on Splunk and I haven´t the option to remove it as you suggest.

Would be a integration issue ?

Thank you.

Clecimar

richgalloway · ‎08-31-2022

You account may have insufficient permissions to delete users. I believe you need the edit_user capability.

---
If this reply helps you, Karma would be appreciated.

skseifert · ‎05-30-2023

I am in a role that has "edit_user" selected, and I too can not delete a SAML user.

dbhojani · ‎05-30-2023

I was able to find solution for this.

You can delete the user with REST Call if you have Admin level access.

This worked fine for me.

curl -k -u test_user:<PWD> --request DELETE https://stackname.splunkcloud.com:8089/services/admin/SAML-user-role-map/<username>

jmartens · ‎10-29-2024

Although removing through REST probably works I find it easier to do it this way:

edit the configuration file in SPLUNK_INSTALL_DIR\etc\system\local\authentication.conf
Naviate to Settings > Authentication methods > reload authentication configuration

vzabawski · ‎09-14-2022

GUI doesn't support deleting users created with SAML. I can edit internal users. I guess it's an expected, yet inconvenient behavior from Splunk's side.

Clecimar · ‎09-14-2022

Great!

This is the kind of answer I was looking for. Thank to understand my question.

Clecimar

Clecimar · ‎09-04-2022

No, I´m administrator.

I´m going to open a case on support.

Thank you.

Clecimar

dbhojani · ‎04-14-2023

Did you get any response from splunk support for this issue?

I am also Splunk admin & I don't see an option to remove deactivated SAML user from UI.

It's not feasible to request support request every time a user is deactivated.

How to remove users from Splunk registered by SAML?

SAML

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

How to remove users from Splunk registered by SAML?

SAML

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases