Which of the following cannot be changed by Cloud admins for SAML users?

The authentication method for SAML users in Splunk Cloud is predefined and cannot be altered by Cloud admins. SAML (Security Assertion Markup Language) relies on external identity providers for user authentication, which means that the authentication process is managed outside of Splunk. Since the verification of user identities and associated authentication methods is handled by the SAML identity provider, Cloud admins do not have the authority or capability to change this method directly within the Splunk environment.

In contrast, the other elements can be managed more flexibly. For instance, a default app can be set to establish what users see first upon logging in, and user attributes like password and time zone can be adjusted in accordance with organizational policy or user preferences. This distinction reinforces the role of SAML as a means to centralize user management while limiting administrative adjustments for authentication methods within the application itself.