Splunk Cloud Platform

Okta Deprovision/Remove users from Splunk Cloud

ColinJacksonPS
Path Finder

We use Okta to authenticate and grant access to our Splunk Cloud instance. The groups and roles are already mapped. 

When I have a team member leave the company, we deactivate their Okta account, so in theory, preventing them from accessing any of our apps. The SSO integration is great at creating SAML users on Splunk Cloud, but to get those accounts removed on Splunk Cloud usually requires a Splunk Support ticket and a 3-5 day turnaround. I can't use the Splunk REST API to do it because we're on cloud. 

Does anyone know anything about deprovisioning automagically or getting Splunk Cloud to start working on this? 

Fezzes, Swarm!

Labels (1)
0 Karma

ColinJacksonPS
Path Finder

Unfortunately, you can't disable users on Splunk Cloud even as super admin. Local account, you can delete, but not SAML users. Screen Shot 2022-01-25 at 1.56.47 PM.png

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

One workaround is just disable user on SC until splunk support has removed those.

0 Karma
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...