Docs » Manage users and teams » Create and manage users in Splunk Observability Cloud

Create and manage users in Splunk Observability Cloud 🔗

To create or manage users and teams, you must have administrator access. To get this access, an existing administrator adds it to your user profile.

Add users to the organization

You must be an administrator to add users to the org. Add users to your organization by sending them an email invitation.

To send invitations to users, follow these steps:

  1. From the Splunk Observability home page, expand the left navigation menu and select Settings.

  2. Select Users.

  3. Select Invite User.

  4. Enter the email addresses of your desired members in the dialog box. Separate each email address with a comma or single blank space.

  5. In the Roles field to select any of the available roles.

  6. Select Send Invitation.

Users receive an email from Splunk Observability Cloud containing instructions for signing intothe organization. After they sign up, their names appear in the menu in the Settings then Users list.

Remove users from the organization

You must be an administrator to remove users from the org. To remove users from the organization, follow these steps:

  1. From the Splunk Observability menu, select Settings then Users. A table of current members appears in the main panel.

  2. Use the Search field to find the name of the user you want to remove, either by name or email address.

  3. Select the Actions (⋯) menu icon next the username, then select Remove User.

  4. Observability Cloud displays a dialog box that asks you to confirm the deletion. Select Delete.

The user no longer appears in the list of members.

Grant and revoke administrative access

You must be an administrator to grant the admin role to other users.

To grant administrator privileges to a user, follow these steps:

  1. From the left navigation menu, select Settings then Users. A table of current users appears in the main panel.

  2. Find the name of the user.

  3. Select the Actions (⋯) menu icon next the username, then select Manage Roles.

  4. In the Manage Roles dialog box, select one or more of the available roles, then select the right-pointing arrow to move the roles to the Selected Roles panel.

  5. Select Assign Roles to confirm.

To revoke administrator privileges from a user, follow these steps:

  1. From the left navigation menu, select Settings then Users. A table of current members appears in the main panel.

  2. Find the name of the user.

  3. Select the Actions (⋯) menu icon next the user’s name, then select Manage Roles.

  4. Select a non-admin role for the user.

Request administrative access

To receive administrator access, request the admin role from an existing administrator.

Follow these steps to view a list of current admins:

  1. From the Splunk Observability home page, select Settings.

  2. Select Invite Users.

  3. Filter for Admins.

From the list, you can email or message any administrators to request admin status.

Look up when a user logged in

You can look up when a user logged in to Observability Cloud by looking at user session creation events. To do this:

  1. In the left navigation menu, select Dashboards.

  2. Open any dashboard.

  3. Select Event Overlay.

  4. In the Event Overlay field, enter SessionLog.

  5. Select SessionLog.

  6. The Event Feed menu displays user and token session events. A User Session Created event indicates when a user logged in to Observability Cloud.

Address a locked user account

After a user makes too many unsuccessful login attempts, Splunk Observability Cloud locks that user’s account. The user’s account is locked for several minutes before the user can try to log in again.

If you need to unlock an account before the lock period ends, contact Splunk Observability Cloud support.