Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how users are deprovisioned from Splunk Cloud

sc_admin11
Explorer
‎10-17-2023 12:17 PM

Considering our current setup i.e authentication and Authorization integrated with SAML, how do we
1. mark an user inactive

2. what do we do with his/her knowledge objects.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2023 12:34 PM

I just checked a Splunk Cloud stack and the only users with the delete option are local.  The SAML users do not have the Edit action, therefore no delete.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2023 12:23 PM

1. You can't.  Splunk doesn't know if a user is active or not - only that they pass authentication (or not).  A user never signing in is just a user who never signs in rather than an inactive/expired user.  You can, however, file a support request to have the user removed.

2. Assign the user's KOs to another user.  Go to Settings->All configurations and click the "Reassign Knowledge Objects" button.

---
If this reply helps you, Karma would be appreciated.
Reply

sc_admin11
Explorer
‎10-20-2023 03:39 PM

If we delete user without reassign KO to other user. Than what would happen with that KOs.

@richgalloway 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-20-2023 05:13 PM

The KOs will remain, but will become "orphans" (owned by nobody).  They can be re-assigned to another user, however.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sc_admin11
Explorer
‎10-23-2023 05:53 AM

Is there any search query from which we can get the inactive users? @richgalloway @_JP 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2023 05:59 AM

This query will tell you when each user last logged in.  It's up to you to decide which of them is "inactive".

| rest /services/authentication/users splunk_server=local | table title last_successful_login
---
If this reply helps you, Karma would be appreciated.
Reply

sc_admin11
Explorer
‎10-26-2023 01:29 AM

@richgalloway in table i got empty column for 

last_successful_login

 Screenshot 2023-10-26 at 12.11.48 PM.png

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top