SignalFx US1 incident

Splunk customers using Splunk Unified Identity on v9.3.2411.117 might face issues logging into Splunk Observability Cloud

Major Resolved View vendor source →

SignalFx US1 experienced a major incident on September 29, 2025 affecting SSO OIDC Endpoint, lasting 8d 21h. The incident has been resolved; the full update timeline is below.

Started
Sep 29, 2025, 07:00 PM UTC
Resolved
Oct 08, 2025, 04:39 PM UTC
Duration
8d 21h
Detected by Pingoru
Sep 29, 2025, 07:00 PM UTC

Affected components

SSO OIDC Endpoint

Update timeline

  1. investigating Oct 01, 2025, 05:03 PM UTC

    Splunk has identified a bug affecting all Unified Identity customers using Splunk Cloud version 9.3.2411.117 as their identity provider. Customers might be experiencing an inability to log in to Observability Cloud using the "Sign in via Splunk Cloud" workflow. The Splunk Cloud team is actively working on a solution, and the issue will be fully resolved once a patched version is released. The following workaround can be used by Customers using Unified Identity (without Centralized RBAC) until a patched version is released by the Splunk team 1. Customers using Unified Identity (without Centralized RBAC) can create a support case to have a set of users allow-listed for local login. 2. Once the users are allow-listed, the users will be able to login 3. After the patched version is released, the allowlist will be cleaned up There is no workaround for customers using Unified Identity (with Centralized RBAC) yet.

  2. identified Oct 02, 2025, 06:28 PM UTC

    The issue has been identified and a fix is being implemented. The expected ETA is Oct 3 (Friday) by 5 PM Pacific

  3. resolved Oct 08, 2025, 04:39 PM UTC

    This incident has been resolved.