Manage Single Sign-On - Learn how to easily and securely authenticate system users with one set of credentials using SSO with the SAML 2.0 standard. - Administrator Guide - Cortex XDR - Cortex - Security Operations

User authentication in the Customer Support Portal

When you create a Customer Support Portal (CSP) account you can set up two-factor authentication (2FA) to log into the CSP, by using one of the following:

For more information about setting up 2FA in the CSP, see Two Factor Authentication (2FA) Overview. You can also add an IdP, which is recommended. See How to Enable a Third Party IdP.

When you add users to the CSP account, they are added as users in the Cortex Gateway and the tenant. By default, users have access to the Cortex Gateway, but cannot make any changes in the Cortex Gateway unless they are Account Admins and cannot access a tenant until they are assigned a role or group role.

When users log into the Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the CSP using their username and password including 2FA (if set up). This is the default method of authentication.

SAML single sign-on in the Cortex XDR tenant

In the Cortex XDR tenant, users can be authenticated using your IdP provider such as Okta, Ping, or Azure AD. You can use any IdP that supports SAML 2.0. You define authentication in your identity provider’s account and configure the SSO settings in Cortex XDR.

Removes the administrative burden of requiring separate accounts issued through the Customer Support Portal.

Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex XDR.

Maps SAML group memberships to Cortex XDR user groups and roles, allowing you to manage role-based access control.

Removes access to Cortex XDR when a user is removed or disabled at the IdP.