We have an interesting problem with our use of Splunk Cloud.
We use SAML to log into it, but if a user is added to a new group, their role in Splunk doesn’t change.
They need to log out and log back in, but there is no sign out or log out action I can find. I’m instructing users to delete cookies, but it’s very disruptive.
How does a user who signed in via SAML log out?
Do you have a Single Log Out URL set in your SAML Configuration? https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/ConfigureSSOinSplunkWeb
There is a comment on idpSLOUrl at https://docs.splunk.com/Documentation/Splunk/7.1.1/Security/ConfigureSAMLSSO that notes that the logout button is disabled if this URL is not specified. This is because Splunk needs to know where to send the logout request back to your IdP at.
Do you have a Single Log Out URL set in your SAML Configuration? https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/ConfigureSSOinSplunkWeb
There is a comment on idpSLOUrl at https://docs.splunk.com/Documentation/Splunk/7.1.1/Security/ConfigureSAMLSSO that notes that the logout button is disabled if this URL is not specified. This is because Splunk needs to know where to send the logout request back to your IdP at.
i have similar issues with splunk on prem with SAML, ideally i'd like a way that i can remotely logout the session or resync the account