Update User

Update the user in Splunk Enterprise Security.

Options

Field

Definition

Type

Required

Allow Empty Inputs?

Indicates whether empty values are allowed in the selected input fields:

Yes: Allows empty values in the selected input fields.
No: Doesn't allow empty values in the selected input fields.

Dropdown

TRUE

Input

Field	Definition	Type	Required
Update By
Username	Username of the user.	Text	TRUE
User
Password	The password of the user. It must meet minimum criteria.	Text	FALSE
Old Password	The previous password of the user.	Text	FALSE
Should Force Change Pass	If true, the user is prompted to change their password.	True/False	FALSE
Roles	Role to assign to the user. To assign multiple roles, pass in each role in the list. If you aren't using the createrole parameter to create a role for the user, at least one existing role is required. If you're using the createrole parameter to create a role, you can specify multiple roles to assign to the user.	List of Text	FALSE
Default App	User default app to be assigned for the user to be created. This setting overrides the default app inherited from the user roles. data_manager dmc dynamic-data-self-storage-app launcher python_upgrade_readiness_appY search splunk-dashboard-studio splunk_app_for_splunk_o11y_cloud splunk_instance_monitoring splunk_instrumentation splunk_metrics_workspace splunk_rapid_diag splunk_secure_gateway splunkclouduf	Dropdown	FALSE
Email Address	The email address of the user.	Text	FALSE
Full Name	Username of the user.	Text	FALSE
Should Restart Background Jobs	If true, incomplete background search jobs that haven't completed are restarted when Splunk restarts.	True/False	FALSE
Time zone	Time zone of the user.	Dropdown	FALSE

Output

Field	Definition	Type
Result
Raw Output	Raw payload returned from the Splunk Enterprise Security API.	Object
Username	Username of the user.	Text
ID	Unique identifier of the user.	Text
Author	The user who executed the search for the user. By default, the author is System.	Text
Capabilities	List of capabilities assigned to the role.	List of Text
Default App	The default app for the user. This setting overrides the default app inherited from the user role.	Text
Default App Is User Override	Indicates whether the default app overrides the user-role default app.	True/False
Email Address	The email address of the user.	Text
Is Locked Out	Indicates whether the user is locked out.	True/False
Full Name	Name of the user.	Text
Is Restart Background Jobs	If true, incomplete background search jobs that haven't completed are restarted when Splunk restarts.	True/False
Roles	Roles to assign to the user. To assign multiple roles, pass in each role in the list. If you aren't using the createrole parameter to create a role for the user, at least one existing role is required. If you're using the createrole parameter to create a role, you can specify multiple roles to assign to the user.	List of Text
Types	Displays one of the following user authentication system types: LDAP Scripted Splunk System (reserved for system user)	Text
Time zone	Time zone of the user.	Text

Related topics

Splunk Enterprise Security connector

Cards in flows

Splunk Enterprise Security API

© 2025 Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Feedback