I would check the configuration file precedence of the authorize.conf files for the roles in question of a user.
Another option would also be to validate the local.meta for the app.
... View more
You can just modify the searches for the dashboards to not include the _internal index. This can be done in the dashboard panels themselves or in the xml.
I believe the following doc should have the info you would need fot this.
http://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/DashboardEditor
... View more
The following Okta document discusses Rate Limits for the API calls
https://support.okta.com/help/Documentation/Knowledge_Article/API-54325410
... View more