The issue has been identified and a fix is being implemented. The expected ETA is Oct 3 (Friday) by 5 PM Pacific
Posted Oct 02, 2025 - 11:28 PDT
Update
We are continuing to investigate this issue.
Posted Oct 01, 2025 - 13:28 PDT
Investigating
Splunk has identified a bug affecting all Unified Identity customers using Splunk Cloud version 9.3.2411.117 as their identity provider. Customers might be experiencing an inability to log in to Observability Cloud using the "Sign in via Splunk Cloud" workflow. The Splunk Cloud team is actively working on a solution, and the issue will be fully resolved once a patched version is released.
The following workaround can be used by Customers using Unified Identity (without Centralized RBAC) until a patched version is released by the Splunk team
1. Customers using Unified Identity (without Centralized RBAC) can create a support case to have a set of users allow-listed for local login. 2. Once the users are allow-listed, the users will be able to login 3. After the patched version is released, the allowlist will be cleaned up
There is no workaround for customers using Unified Identity (with Centralized RBAC) yet.
Posted Sep 29, 2025 - 12:00 PDT
This incident affects: Splunk Cloud Integrations (SSO OIDC Endpoint).