Docs » Create and manage users in Splunk Observability Cloud

Create and manage users in Splunk Observability Cloud ๐Ÿ”—

Note

To create or manage users and teams, you must have administrator access. To get this access, an existing administrative adds it to your user profile. See Request administrative access for more information.

Users with administrative access for an organization can run the following actions:

Any user can run the following actions:

Add users to the organization ๐Ÿ”—

Add users to your organization by sending them an email invitation.

To send invitations to users, follow these steps:

  1. From the Splunk Observability home page, expand the left navigation menu and select Settings.

  2. Select Invite Users.

  3. Enter the email addresses of your desired members in the dialog box. Separate each email address with a comma.

  4. Select Invite.

Users receive an email from Splunk Observability Cloud containing instructions for signing into the organization. After they sign up, their names appear in the menu in the Settings > Users list.

Remove users from the organization ๐Ÿ”—

To remove users from the organization, follow these steps:

  1. From the Splunk Observability menu, select Settings > Users. A table of current members appears in the main panel.

  2. Find the name of the user you want to remove.

  3. Select the Actions () menu icon next the username, then select Remove User.

  4. Observability Cloud displays a dialog box that asks you to confirm the deletion. Select:abbr:Delete.

  5. The user no longer appears in the list of members.

Grant and revoke administrative access ๐Ÿ”—

As a user with administrative access, you can grant or revoke administrative access for other users.

To grant administrator privileges to a user, follow these steps:

  1. From the left navigation menu, select Settings > Users. A table of current users appears in the main panel.

  2. Find the name of the user.

  3. Select the Actions () menu icon next the username, then select Grant Admin.

To revoke administrator privileges from a user, follow these steps:

  1. From the left navigation menu, select Settings > Users. A table of current members appears in the main panel.

  2. Find the name of the user.

  3. Select the Actions () menu icon next the userโ€™s name, then select Revoke Admin.

Request administrative access ๐Ÿ”—

To receive administrator access, request the admin role from an existing administrator.

Follow these steps to view a list of current admins:

  1. From the Splunk Observability home page, select Settings.

  2. Select Users.

  3. Filter for Admins.

From the list, you can email or Slack message any administrators to request admin status.

Look up when a user logged in ๐Ÿ”—

You can look up when a user logged in to Observability Cloud by looking at user session creation events. To do this:

  1. In the left navigation menu, select Dashboards.

  2. Open any dashboard.

  3. Select Event Overlay.

  4. In the Event Overlay field, enter SessionLog.

    This screenshot shows a dashboard with the SessionLog value entered in the Event Overlay field.
  5. Select SessionLog.

  6. The Event Feed menu displays user and token session events. A User Session Created event indicates when a user logged in to Observability Cloud.

Address a locked user account ๐Ÿ”—

After a user makes too many unsuccessful login attempts, Observability Cloud locks that userโ€™s account.

The userโ€™s account is locked for several minutes before the user can try to log in again.

If you need to unlock an account before the lock period ends, contact Splunk Observability Cloud support.

Change color accessibility settings ๐Ÿ”—

Many features of Splunk Observability Cloud use colors to display patterns in data. If your users need more visually accessible color palettes, select Account Settings > Color Accessibility to modify it.

Note

Each user must change their own color accessibility settings, and an administrator cannot change these settings for other users.