Building Unified Identity for Splunk Observability Cloud

The problem

Splunk had two major clouds — Enterprise Cloud and Observability Cloud — that enterprise customers wanted to use together but couldn't. Identity, sessions, and access control were duplicated across both. Customers provisioned users twice, managed two SSO integrations, and lived without a shared authorization model. The existing identity stack didn't have the abstractions to unify them cleanly, and there was no fine-grained RBAC on the Observability side.

What I led

• Set the technical strategy for cross-platform identity and owned the architectural calls on the trust model and migration path.
• Owned customer escalations and partnered directly with PM, Security, and the Enterprise Cloud team to align roadmaps.
• Designed and shipped the systems below as a team — I led; the engineers wrote the code.
• Drove the AI / identity integration thesis — MCP server for agent-aware role provisioning, RAG over runbooks.
• Owned hiring, growth, and promotions for the team.

What we shipped

• Unified Identity — enterprise SSO from Splunk Enterprise Cloud into Observability Cloud; onboarded triple-digit enterprise customers post-launch.
• Custom RBAC built from the ground up — fine-grained access control across Observability Cloud.
• Real-time metrics engine unifying logs, traces, and spans into a single query interface; materially cut time-to-insight during incident troubleshooting.
• Audit Logs engine for platform transparency and security / compliance queryability.
• MCP server for AI-driven role provisioning (identity × agents).
• RAG system over on-call runbooks (in progress).
• Promoted 4 engineers in 2 years (2 mid→senior, 2 junior→mid); 5th promotion (staff→senior staff) in progress.

What I'd do differently

Designed the RBAC model agent-aware from day one. We bolted MCP onto a system built for humans; an authz layer designed for both humans and agents would have been faster and safer.