Rest call to get list of all apps and join it with SAML groups

New Member


I'm using this search to join the apps with their respective SAML group roles


| rest /services/authentication/users splunk_server=local 
    | table defaultApp defaultAppSourceRole title roles 
    | rename defaultApp as splunk_app_name defaultAppSourceRole as defaultrole title as User
  | eval splunk_app_name= lower(splunk_app_name)
  | join defaultrole type=outer 
    [| rest /services/admin/SAML-groups 
    | table roles title id 
    | rename roles as defaultrole title as idm_role_name]
    |dedup splunk_app_name,id



The only issue is I'm not getting all of the apps with this rest call (probably 2/3rd of all apps)



| rest /services/authentication/users splunk_server=local 



I've tried using other calls like

  • | rest /services/authorization/roles
  • | rest /services/apps/local

but couldn't join them with SAML REST call

I need help finding a way to show all apps and then merge it with their SAML groups roles

Thank you

Labels (3)
Tags (5)
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3!Admins and Analyst can ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...