Use Multiple SAML 2.0 Providers - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

In Cortex XDR, you can use multiple SAML SSO providers.

To view providers, go to SettingsConfigurationsAccess ManagementSingle Sign-On. To add an additional provider, Add SSO Connection.

When using two or more SSO providers:

  • The first provider in the list is used as the default SSO provider. The Domain parameter is predefined for the first SSO.

  • If you add additional SSO providers, you must provide the email Domain in the SSO Integration settings for all providers except the first. Cortex XDR uses this domain to determine which identity provider the user should be sent to for authentication. At the Cortex XDR login page, if you have enabled more than one SSO provider, an optional email field displays above the Sign-In with SSO button. If the user does not enter an email address in this field or if the email address does not match an existing domain, the user is automatically directed to the default IdP provider (the first in the list of SSO providers). If the user enters an email address and it matches a domain listed in the email Domain field in the SSO Integration settings for one of your IdPs, Sign-In with SSO sends the user to the IdP associated with that email domain.

  • When mapping IdP user groups to Cortex XDR user groups, you must include the group attribute for each IdP you want to use. For example, if you are using Microsoft Azure and Okta, your Cortex XDR user group SAML Group Mapping field must include the IdP groups for each provider. Each group name is separated by a comma.