We are continuing to work on a fix for this issue.
Posted Oct 02, 2025 - 18:26 UTC
Identified
The issue has been identified and a fix is being implemented. The expected ETA is Oct 3 (Friday) by 5 PM Pacific
Posted Oct 02, 2025 - 18:26 UTC
Investigating
Splunk has identified a bug affecting all Unified Identity customers using Splunk Cloud version 9.3.2411.117 as their identity provider. Customers might be experiencing an inability to log in to Observability Cloud using the "Sign in via Splunk Cloud" workflow. The Splunk Cloud team is actively working on a solution, and the issue will be fully resolved once a patched version is released.
The following workaround can be used by Customers using Unified Identity (without Centralized RBAC) until a patched version is released by the Splunk team
1. Customers using Unified Identity (without Centralized RBAC) can create a support case to have a set of users allow-listed for local login. 2. Once the users are allow-listed, the users will be able to login 3. After the patched version is released, the allowlist will be cleaned up
There is no workaround for customers using Unified Identity (with Centralized RBAC) yet.
Posted Sep 29, 2025 - 12:00 UTC
This incident affected: Splunk Cloud Integrations (SSO OIDC Endpoint).