Splunk customers using Splunk Unified Identity on v9.3.2411.117 might face issues logging into Splunk Observability Cloud

Incident Report for Splunk Observability Cloud EU0

Resolved

This incident has been resolved.
Posted Oct 09, 2025 - 16:25 UTC

Update

We are continuing to work on a fix for this issue.
Posted Oct 02, 2025 - 18:26 UTC

Identified

The issue has been identified and a fix is being implemented. The expected ETA is Oct 3 (Friday) by 5 PM Pacific
Posted Oct 02, 2025 - 18:26 UTC

Investigating

Splunk has identified a bug affecting all Unified Identity customers using Splunk Cloud version 9.3.2411.117 as their identity provider. Customers might be experiencing an inability to log in to Observability Cloud using the "Sign in via Splunk Cloud" workflow. The Splunk Cloud team is actively working on a solution, and the issue will be fully resolved once a patched version is released.

The following workaround can be used by Customers using Unified Identity (without Centralized RBAC) until a patched version is released by the Splunk team

1. Customers using Unified Identity (without Centralized RBAC) can create a support case to have a set of users allow-listed for local login.
2. Once the users are allow-listed, the users will be able to login
3. After the patched version is released, the allowlist will be cleaned up

There is no workaround for customers using Unified Identity (with Centralized RBAC) yet.
Posted Sep 29, 2025 - 12:00 UTC
This incident affected: Splunk Cloud Integrations (SSO OIDC Endpoint).