Docs » Create and manage users in Splunk Observability Cloud

Create and manage users in Splunk Observability Cloud 🔗

Note

To create or manage users and teams, you must have administrator access. To get this access, an existing administrative adds it to your user profile.

Users with administrative access for an organization can perform the following actions:

Any user can look up when a user logged in to Splunk Observability Cloud.

Add users to the organization 🔗

Add users to your organization by sending them an email invitation.

To send invitations to users, follow these steps:

  1. From the main menu, select Organization Settings > Invite Members. The Invite New Members dialog box appears.

  2. Enter the full email address of each user you want to invite. Separate addresses with commas (,).

  3. Click Invite.

  4. The message Sent! appears in the dialog box, and then the dialog box closes.

Users receive an email from Splunk Observability Cloud containing instructions for signing into the organization. After they complete this signup, their names appear in the menu in the Organization Settings > Members list.

Remove users from the organization 🔗

To remove users from the organization, follow these steps:

  1. From the main menu, select Organization Settings > Members. A table of current members appears in the main panel.

  2. Find the name of the user you want to remove.

  3. Click the Actions () menu icon next the user name, then select Remove Member.

  4. Observability Cloud displays a dialog box that asks you to confirm the deletion. Click Delete.

  5. The user no longer appears in the list of members.

Grant and revoke administrative access 🔗

As a user with administrative access, you can grant or revoke administrative access for other users.

To grant administrator privileges to a user, follow these steps:

  1. From the main menu, select Organization Settings > Members. A table of current members appears in the main panel.

  2. Find the name of the user.

  3. Click the Actions () menu icon next the user name, then select Grant Admin.

To revoke administrator privileges from a user, follow these steps:

  1. From the main menu, select Organization Settings > Members. A table of current members appears in the main panel.

  2. Find the name of the user.

  3. Click the Actions () menu icon next the user’s name, then select Revoke Admin.

Look up when a user logged in 🔗

You can look up when a user logged in to Observability Cloud by looking at user session creation events. To do this:

  1. In the left navigation panel, select Dashboards.

  2. Open any dashboard.

  3. Click Event Overlay.

  4. In the Event Overlay field, enter SessionLog.

    This screenshot shows a dashboard with the SessionLog value entered in the Event Overlay field.
  5. Select SessionLog.

  6. The Event Feed menu displays user and token session events. A User Session Created event indicates when a user logged in to Observability Cloud.

Address a locked user account 🔗

After a user makes too many unsuccessful login attempts, Observability Cloud locks that user’s account.

We lock the user’s account for several minutes before we unlock it and allow the user to try to log in again.

If you need to unlock an account before the lock period ends, contact Splunk Observability Cloud support.