We use Okta to authenticate and grant access to our Splunk Cloud instance. The groups and roles are already mapped. When I have a team member leave the company, we deactivate their Okta account, so in theory, preventing them from accessing any of our apps. The SSO integration is great at creating SAML users on Splunk Cloud, but to get those accounts removed on Splunk Cloud usually requires a Splunk Support ticket and a 3-5 day turnaround. I can't use the Splunk REST API to do it because we're on cloud. Does anyone know anything about deprovisioning automagically or getting Splunk Cloud to start working on this? Fezzes, Swarm!
... View more