Splunk Cloud Platform

Securing Splunk Cloud Platform

Modify or remove role mappings

When you configure your Splunk platform deployment to use SAML as an authentication scheme, you can authorize groups on your SAML identity provider to log in by mapping them to Splunk user roles. You can map multiple groups to a single user role.

You can also remove roles from existing groups or delete groups entirely. To remove an individual user from a SAML group, consult your IdP documentation.

  1. In the Settings menu, select Authentication methods.
  2. Select SAML as your authentication type.
  3. Click Configure Splunk to use SAML.
  4. To delete an entire group click Delete for the group you want to remove.
  5. On the SAML Groups page, click Edit for a group you want to modify.
  6. Specify the roles that you want to remove from this group by moving the desired roles from the right column to the left column.
  7. Click Save.
Last modified on 22 October, 2021
Map groups on a SAML identity provider to Splunk roles   Refresh expiring SAML identity provider certificates

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 8.2.2203, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312, 9.2.2403

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters