Automatic Deprovisioning of users for Okta IdP

Platform Rishita Rai

Splunk has implemented SCIM (System for Cross-domain Identity Management), a standardized protocol designed for efficient and secure management of user identities across various systems. With the release of this feature, Splunk customers can automatically deprovision users within Splunk when a user(s) are removed from the customer’s Okta Identity Provider (IdP) with following benefits for the customers. This new feature eliminates the need for manual intervention in user deprovisioning, providing a seamless and efficient solution for our customers using Okta.

Until today, to deprovision a user, customers had to file a support ticket. With the release of the feature, Splunk customers can automatically deprovision users within Splunk when a user(s) are removed from the customer’s Okta Identity Provider (IdP)

Valuable Outcomes for Customers

Enhanced Security: Reduce the risk of unauthorized access by prompt removal of inactive or ghost users. Your Identity Provider (IdP) can now be the centralized place to manage the full users’ identity lifecycle across applications in the organization. Thus improving the security posture.

Operational Efficiency: Reduce operational burden by eliminating additional manual tasks to keep applications in sync with the IdP making this a self-severable process for you and your administrator teams.

Compliance: You can now maintain compliance with regulatory requirements by simplifying attestations and ensuring accurate and current user records.

How Can You Configure This Feature?

This feature is available for Splunk Cloud customers with Okta IdP and can be enabled by Splunk Admin only. If you are an Splunk Admin you will have to select “Enable SCIM provisioning” in the SSO app.

This feature is available for all 3 following Okta authentication models.

Note: If Okta UI does not have a provisioning option then please contact Okta support.

Once you have enabled, read more here on how to configure the Splunk platform to remove users on Okta.

What’s Next?

This feature was requested by Splunk customers and users. We are happy we have delivered part of three Splunk Ideas which will be saving time, and reduce management burden to remove unwanted users or ghost users.

We are working to support removal of users for Azure IdP and enabling user provisioning which is required to make deprovisioning fully compatible with the IdPs.

Your ideas and votes are highly valued so please do continue to submit Splunk ideas.

Happy Splunking!

Related Articles

Introducing The Splunk App for Amazon Connect
Platform
5 Minute Read

Introducing The Splunk App for Amazon Connect

The Splunk App for Amazon Connect uses a variety of data sources to help provide insight into the real-time performance of your contact center.
Deep Learning Toolkit 3.7 and 3.8 - What’s New?
Platform
3 Minute Read

Deep Learning Toolkit 3.7 and 3.8 - What’s New?

We are excited to share the latest advances around the Deep Learning Toolkit App for Splunk (DLTK). These include custom certificates, integration with Splunk Observability and a container operations dashboard, just to name a few.
Custom Anomaly Detection with Splunk IT Service Intelligence and Machine Learning Toolkit v3.2 - Part 1
Platform
7 Minute Read

Custom Anomaly Detection with Splunk IT Service Intelligence and Machine Learning Toolkit v3.2 - Part 1

Part 1 of a two-part series providing a detailed and technical walkthrough around customizing a custom Splunk ITSI Machine Learning workflow