Learn how to easily and securely authenticate system users with one set of credentials using SSO with the SAML 2.0 standard.
After you activate your tenant, you can authenticate users by doing one or both of the following options:
User authentication in the Customer Support Portal
When you create a Customer Support Portal (CSP) account you can set up two-factor authentication (2FA) to log into the CSP, by using one of the following:
Google Authenticator (non FedRAMP accounts)
When you add users to the CSP account, they are added as users in the Cortex Gateway and the tenant. By default, users have access to the Cortex Gateway, but cannot make any changes in the Cortex Gateway unless they are Account Admins and cannot access a tenant until they are assigned a role or group role.
When users log into the Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the CSP using their username and password including 2FA (if set up). This is the default method of authentication.
If you have multiple tenants, you will need to repeat this task for each tenant. The activation process includes accessing the gateway, activating the tenant, and then accessing the tenant.
SAML single sign-on in the Cortex XDR tenant
In the Cortex XDR tenant, users can be authenticated using your IdP provider such as Okta, Ping, or Azure AD. You can use any IdP that supports SAML 2.0. You define authentication in your identity provider’s account and configure the SSO settings in Cortex XDR.
There are several advantages to authenticating with SAML 2.0 versus a Customer Support Portal (CSP) account.
Removes the administrative burden of requiring separate accounts issued through the Customer Support Portal.
Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex XDR.
Maps SAML group memberships to Cortex XDR user groups and roles, allowing you to manage role-based access control.
Removes access to Cortex XDR when a user is removed or disabled at the IdP.
If you want to rely on CSP authentication, it is useful where you have one CSP account and want the same users to have permissions in several tenants.