Automatic Deprovisioning of users for Okta IdP

Splunk has implemented SCIM (System for Cross-domain Identity Management), a standardized protocol designed for efficient and secure management of user identities across various systems. With the release of this feature, Splunk customers can automatically deprovision users within Splunk when a user(s) are removed from the customer’s Okta Identity Provider (IdP) with following benefits for the customers. This new feature eliminates the need for manual intervention in user deprovisioning, providing a seamless and efficient solution for our customers using Okta.

Until today, to deprovision a user, customers had to file a support ticket. With the release of the feature, Splunk customers can automatically deprovision users within Splunk when a user(s) are removed from the customer’s Okta Identity Provider (IdP)

Valuable Outcomes for Customers

Enhanced Security: Reduce the risk of unauthorized access by prompt removal of inactive or ghost users. Your Identity Provider (IdP) can now be the centralized place to manage the full users’ identity lifecycle across applications in the organization. Thus improving the security posture.

Operational Efficiency: Reduce operational burden by eliminating additional manual tasks to keep applications in sync with the IdP making this a self-severable process for you and your administrator teams.

Compliance: You can now maintain compliance with regulatory requirements by simplifying attestations and ensuring accurate and current user records.

How Can You Configure This Feature?

This feature is available for Splunk Cloud customers with Okta IdP and can be enabled by Splunk Admin only. If you are an Splunk Admin you will have to select “Enable SCIM provisioning” in the SSO app.

This feature is available for all 3 following Okta authentication models.

Note: If Okta UI does not have a provisioning option then please contact Okta support.

Once you have enabled, read more here on how to configure the Splunk platform to remove users on Okta.

What’s Next?

This feature was requested by Splunk customers and users. We are happy we have delivered part of three Splunk Ideas which will be saving time, and reduce management burden to remove unwanted users or ghost users.

We are working to support removal of users for Azure IdP and enabling user provisioning which is required to make deprovisioning fully compatible with the IdPs.

Your ideas and votes are highly valued so please do continue to submit Splunk ideas.

Happy Splunking!

/en_us/blog/fragments/digital-resilience-pays-off
Style
two-column

Related Articles

Deep Learning Toolkit 3.5 - Part 1: Git, MLflow and Image Updates
Platform
2 Minute Read

Deep Learning Toolkit 3.5 - Part 1: Git, MLflow and Image Updates

Part 1 of this blog series, talks about the latest improvements for model management, code version control and recent image updates of Deep Learning Toolkit for Splunk (DLTK).
Experience Your Data in 3D with Splunk VR
Platform
2 Minute Read

Experience Your Data in 3D with Splunk VR

Splunk VR unlocks a new world of possibilities for analyzing and understanding your data. Learn more about how you can leverage Splunk VR to give your workflow an infinite canvas, free your data exploration from limited monitor screens and display as much information as you want around you.
Cloud Monitoring Console’s Health Dashboard: Maximize Your Monitoring Efficiency
Platform
3 Minute Read

Cloud Monitoring Console’s Health Dashboard: Maximize Your Monitoring Efficiency

Splunk Cloud admins can simplify their monitoring process and proactively maintain their deployment performance by using the Cloud Monitoring Console's Health Dashboard, which provides a centralized view of important health indicators and actionable insights to prevent potential issues.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer