We are continuing to investigate this issue. Please refer to the Workaround posted in our update from 15:50 UTC.
Posted Jan 21, 2026 - 23:41 UTC
Update
We are continuing to investigate this issue.
Posted Jan 21, 2026 - 22:38 UTC
Update
We are continuing to investigate this issue.
Posted Jan 21, 2026 - 19:16 UTC
Update
Our engineering teams continue investigating this service disruption in search of a permanent solution for the SSO Authentication issues. The workaround mentioned in our previous update remains as the best course of action to mitigate immediate impact.
Posted Jan 21, 2026 - 18:18 UTC
Identified
We have identified a workaround that can help restore access while we continue investigating the root cause.
Workaround Organizations with SSO enabled have a local administrator account that can sign in without SSO. Administrators can use this account to:
1. Sign in to Splunk Observability using email and password (local login) 2. Invite affected users to the organization 3. Enable invited users to sign in using email and password (local login) as a temporary alternative
We have validated this process internally and confirmed it is working as expected.
Next step * If you need assistance applying this workaround, please contact Splunk Customer Support.
We will continue to monitor the situation and provide updates as additional information becomes available.
Posted Jan 21, 2026 - 15:50 UTC
Update
We are continuing to investigate this issue.
Posted Jan 21, 2026 - 14:26 UTC
Update
We are continuing to investigate this issue.
Posted Jan 21, 2026 - 13:50 UTC
Investigating
Starting at 03:12 AM Pacific Time, customers using Azure Entra ID for Single Sign-On (SSO) may be unable to log in to Splunk Observability. We are actively investigating now.