Set up Okta as the Identity Provider Using SAML 2.0 - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-11-13
Category
Administrator Guide

This topic provides specific instructions for using Okta to authenticate your Cortex XDR users. As Okta is third-party software, specific procedures, and screenshots may change without notice. We encourage you to also review the Okta documentation for app integrations.

To configure SAML SSO in Cortex XDR, you must be a user who can access the Cortex XDR tenant and have either the Account Admin or Instance Administrator role assigned.

Within Okta, assign users to groups that match the user groups they will belong to in Cortex XDR. Users can be assigned to multiple Okta groups and receive permissions associated with multiple user groups in Cortex XDR. Use an identifying word or phrase, such as Cortex XDR, within the group names. For example, Cortex XDR Analysts. This allows you to send only relevant group information to Cortex XDR, based on a filter you will set in the group attribute statement.

Create a list of the Okta groups and their corresponding Cortex XDR user groups (or the Cortex XDR user groups you intend to create) and save this list for later use when configuring user groups in Cortex XDR.

  1. In Cortex XDR, go to SettingsConfigurationsAccess ManagementSingle Sign-On.

  2. Expand the SSO Integration settings.

  3. Copy and save the values for Single Sign-On URL and Audience URI (SP Entity ID).

    Both values are needed to configure your IdP settings.

    You cannot save the enabled SSO Integration at this time, as it requires values from your IdP.

  1. In Okta, create a Cortex XDR application and Edit the SAML Settings.

  2. Paste the Single sign-on URL and the Audience URI (SP Entity ID) that you copied from the Cortex XDR SSO settings. The Audience URI should also be pasted in the Default RelayState field, which allows users to log in to Cortex XDR directly from the Okta dashboard.

  3. Click Show Advanced Settings, verify that Okta is configured to sign both the response and the assertion signature for the SAML token, and then click Hide Advanced Settings.

  4. Cortex XDR requires the IdP to send four attributes in the SAML token for the authenticating user.

    • Email address

    • Group membership

    • First Name

    • Last Name

    Configure Okta to send group memberships of the users using the memberOf attribute. Use the word or phrase you selected when configuring Okta groups (such as Cortex XDR) to create a filter for the relevant groups.

  5. Copy the exact names of the attribute statements from Okta and save them, as they are required to configure the Cortex XDR SSO integration. In the example above, the names are FirstName, LastName, Email, and memberOf. The attribute names are case-sensitive.

  1. In Okta, from your Cortex XDR application page, click View SAML setup instructions. If you do not see this button, verify you are on the Sign On tab of the application.

  2. Copy and save the values for Identity Provider Single Sign-On URL, Identity Provider Insurer, and the X.509 Certificate. These values are needed to configure your Cortex XDR SSO Integration.

  1. In Cortex XDR go to SettingsConfigurationsAccess ManagementSingle Sign-On.

  2. Expand the SSO Integration settings.

  3. Use the following table to complete the SSO Integration settings, based on the values you saved from Okta.

    Okta

    Cortex XDR Field

    Identity Provider Single Sign-On URL

    IdP SSO URL

    Identity Provider Issuer

    IdP Issuer ID

    X.509 Certificate

    X.509 Certificate

  4. In the IdP Attributes Mapping section, enter the attribute names from Okta. The names are case-sensitive and must match exactly.

  5. Save your settings.

  1. Select SettingsConfigurationsAccess ManagementUser Groups.

  2. Right-click a user group and select Edit Group.

  3. In the SAML Group Mapping field add the Okta group(s) that should be associated with this user group. Multiple groups should be separated with a comma. The Okta group name must match the exact value sent in the token.

  4. Save your settings.

  5. Repeat for each user group.

  1. Go to the Cortex XDR tenant URL and Sign-In with SSO.

    Note

    When using SAML 2.0, users are required to authenticate by logging in directly at the tenant URL. They cannot log in via Cortex Gateway.

  2. After authentication to Okta, you are redirected again to the Cortex XDR tenant.

  3. When logged in, validate that you have been assigned the proper roles.

    To view your role and any role assigned to a user group you are a member of, click your name in the bottom left-hand corner, and click About.