Rest call to get list of all apps and join it with SAML groups

New Member


I'm using this search to join the apps with their respective SAML group roles


| rest /services/authentication/users splunk_server=local 
    | table defaultApp defaultAppSourceRole title roles 
    | rename defaultApp as splunk_app_name defaultAppSourceRole as defaultrole title as User
  | eval splunk_app_name= lower(splunk_app_name)
  | join defaultrole type=outer 
    [| rest /services/admin/SAML-groups 
    | table roles title id 
    | rename roles as defaultrole title as idm_role_name]
    |dedup splunk_app_name,id



The only issue is I'm not getting all of the apps with this rest call (probably 2/3rd of all apps)



| rest /services/authentication/users splunk_server=local 



I've tried using other calls like

  • | rest /services/authorization/roles
  • | rest /services/apps/local

but couldn't join them with SAML REST call

I need help finding a way to show all apps and then merge it with their SAML groups roles

Thank you

Labels (3)
Tags (5)
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...