Hey anyone who is searching for this answer. I opened a case with Splunk support and the answer i got back was...
Thanks for the reply.
I have asked a few our SAML admins and they mentioned the same, groups will have to be added individually and not as nested groups; nested are not parsed. I've looked to see if there is more information to support this claim, but it does not seem if that is the case.
My apologies if this is not much help and does not provide clarity on your original request.
Please let me know if you have any additional questions regarding SAML and nested groups."
So the answer is to add users individually and not to add nested groups. 🙂
... View more
We handled this by creating access roles based on the business unit. All users in a business unit get access to all the data owned by that business unit.
If you are going to permit a data access model that gets granular down to differing access for users in the same business unit you are going to end up with index specific access roles. I guess that becomes a way to allow specific users without to much sprawl, if you made one access exception group per index and added users to that AD group to allow access to data outside their business unit it would allow the access.
Beware that allowing access outside of some largeish organizational unit can lead to unruly sprawl in your access model that can become unmanageable.
... View more