Connect multiple Splunk Observability Cloud organizations

Extend a Unified Identity integration so that a single Splunk Cloud Platform search head can serve as identity provider for multiple observability organizations and allow admins to scope user access across a multi-org environment.

Splunk Cloud Platform administrators can configure multiple Splunk Observability Cloud organizations for Unified Identity and manage them centrally in Splunk Cloud Platform. Admins can set a default Splunk Observability Cloud organization, allowing users to leverage observability data from the default org for Related Content and Dashboarding via observability metric-based charts and service maps. Access to multiple organizations in a multi-org environment requires that admins configure a policy.

Prerequisites

To pair and manage multiple Splunk Observability Cloud child organizations with a Splunk Cloud Platform organization, you must meet the following criteria:

You must be a Splunk Cloud Platform administrator.
You must have already paired the first Splunk Observability Cloud organization with your Splunk Cloud Platform organization.
You must have Unified Identity. To learn how to set it up, see Unified Identity: Splunk Cloud Platform and Splunk Observability Cloud.
You must have Centralized Role Based Access Control (C-RBAC). To learn how to set it up, see Centralized user and role management.

Set up multi-org

To pair multiple Splunk Observability Cloud child organizations with your Splunk Cloud Platform organization, a Splunk Cloud Platform admin must do the following:

Ensure that your Splunk Cloud Platform organization is paired with one Splunk Observability Cloud organization. In Splunk Cloud Platform, go to the Discover Splunk Observability Cloud app. On the Configuration tab, ensure that there is a connection with the Status of ACTIVE and the Configuration type is Unified Identity. If you do not have any organizations paired, you can add your first organization here on this page.
Pair your second Splunk Observability Cloud child org to your Splunk Cloud Platform parent org using the ACS command-line tool. If you haven't installed Admin Config Services (ACS), see Administer Splunk Cloud Platform using the ACS CLI. Then, enter the following ACS command:
```
acs observability pair --o11y-access-token "<enter-o11y-access-token>"
```
Replace <enter-o11y-access-token> in the example above, with your user API access token.
The system returns a status message showing whether or not the pairing was a success. Statuses are SUCCESS, FAILED, or IN_PROGRESS.
```
"pairingId": "<pairing-id>"
"status": "SUCCESS
```
Set up centralized RBAC (C-RBAC) with your newly paired Splunk Observability Cloud organization. Run the following ACS command to add prepackaged Splunk Observability Cloud roles to your Splunk Cloud Platform instance:
```
acs observability enable-capabilities
```
See Centralized user and role management for details on C-RBAC.
Give the read_o11y_content and write_o11y_content capabilities to all users who you want to view data from the default observability org in the paired Splunk Cloud Platform environment. Users with these capabilities can view observability data in Related Content and Dashboard Studio, as well as create or import observability charts and service maps.
For users to access multiple organizations in a multi-org environment, admins must configure a policy. See Create authorization policies in Splunk Web to learn how.