Manage User Groups - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-19
Category
Administrator Guide
Abstract

Learn more about managing user groups in the Access Management console.

In the User Groups page, you can manage user groups for a specific tenant.

At the top of the page, you can perform the following actions.

  • Import a single existing group from Active Directory that you want to manage in Cortex XDR.

    Note

    This feature is only available if you enabled the Cloud Identity Engine in ConfigurationsIntegrationsCloud Identity Engine.

  • Create a new user group for a number of different system users or groups.

The User Groups table provides the following fields of information.

  • Group Name—Name of the user group.

  • Description —Description of the user group.

  • Role—Lists the group role associated with this user group. You can only have a single role designated per group.

  • Users—Lists all the users belonging to this user group.

    Note

    The user has a union of all scopes from all memberships if they are a part of multiple groups.

  • Nested Groups—Lists any nested groups associated with this user group.

  • IDP Groups—When single sign-on is enabled in Cortex XDR, this column indicates your organization's Identity Provider (IdP) groups that are automatically mapped to the user group.

  • Insert Time—Date and time when the user group was added.

  • Update Time—Date and time of when the user group was last updated.

  • Source—Displays the source of the user group as either a user group imported from Active Directory or a Custom user group created in Cortex XDR.

  • Scope—Lists the scope assigned to the user either directly or through a group based on tags. The family includes the tag types and the related tags of the selected family.

    Note

    Only visible if the Scope Based Access Control feature is enabled for the tenant.

You can also pivot (right-click) from rows and specific values in the table, where a number of different options are available to help you manage your Cortex XDR user groups from this page.

  • Save an existing group as a new group.

  • Edit a group.

  • Remove a group.

  • Copy text to clipboard.

  • Copy the entire row.

  1. Select SettingsConfigurationsAccess ManagementUser Groups.

    In the User Groups page, a number of different options are available to help you manage user groups.

  2. Manage your Cortex XDR user groups.

    The following options are available to help you manage user groups, which you can perform on one or more user groups at a time.

    • Import a single existing group from Active Directory that you want to manage in Cortex XDR.

      Note

      This feature is only available if you enabled the Cloud Identity Engine in ConfigurationsIntegrationsCloud Identity Engine.

      1. Import AD Group.

      2. Set the following parameters in the Import Group from Active Directory window.

        • Import AD Group—Specify the particular Active Directory group in the field and select whether the AD group can be found in All, OUs, or Groups.

          Note

          Only CSP users will be imported.

        • Specify a Description.

        • Role—Select a role that you want to designate for this user group, where only a single role can be assigned to a group.

      3. Import the user group.

    • Create a new user group for a number of different system users or groups.

      1. Select New Group.

      2. Set the following parameters in the New Custom Group window.

        -Specify the Name and Description for the user group.

        -Role—(optional) Select a role that you want to designate for this user group, where only a single role can be assigned to a group.

        -Users—(optional) Select the user(s) that you want to belong to this user group, where you can also use the search field to narrow down the list of users.

        -Nested Groups—(optional) Select the nested group(s) that you want to be associated with this user group.

        -SAML Group Mapping—(optional) Specify the name of the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in Cortex XDR . This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

        -Tag Family—Select the tag category (Endpoint Tags, Endpoint Groups).

        -Tags—After selecting the Tag Family, select the relevant tags associated with the family.

        Note

        • If you select a tag family without specific tags, permissions apply to all tags in the family.

        • The scope is based only on the selected Tag Families. If you scope only based on tags from Family A, then Family B is disregarded in scope calculations and considered as allowed.

      3. Create the user group.

    • Save an existing group as a new group.

      1. Select the user group or right-click the user group, and select Save as New Group.

      2. Set the following parameters in the New Custom Group window.

        -Specify the Name and Description for the user group.

        -Role—Leave the designated role or select a new role that you want to designate for this user group.

        -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

        -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

        -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in Cortex XDR , or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

        -Tag Family—Leave the current family or select the relevant family.

        -Tags—Leave the tags or select the relevant tags associated with the family.

        Note

        • If you select a tag family without specific tags, permissions apply to all tags in the family.

        • The scope is based only on the selected Tag Families. If you scope only based on tags from Family A, then Family B is disregarded in scope calculations and considered as allowed.

      3. Create the user group.

        1. Select the user group or right-click the user group, and select Edit Group.

        2. Set the following parameters in the Edit Custom Group window.

          -Update the Name and Description for the user group.

          -Role—Leave the designated role or select a new role that you want to designate for this user group.

          -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

          -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

          -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in Cortex XDR , or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

          -Tag Family—Leave the current family or select the relevant family.

          -Tags—Leave the tags or select the relevant tags associated with the family.

          Note

          • If you select a tag family without specific tags, permissions apply to all tags in the family.

          • The scope is based only on the selected Tag Families. If you scope only based on tags from Family A, then Family B is disregarded in scope calculations and considered as allowed.

        3. Save your changes.

    • Edit a user group.

      1. Select the user group or right-click the user group, and select Edit Group.

      2. Set the following parameters in the Edit Custom Group window.

        -Update the Name and Description for the user group.

        -Role—Leave the designated role or select a new role that you want to designate for this user group.

        -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

        -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

        -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in Cortex XDR , or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

        -Tag Family—Leave the current family or select the relevant family.

        -Tags—Leave the tags or select the relevant tags associated with the family.

        Note

        • If you select a tag family without specific tags, permissions apply to all tags in the family.

        • The scope is based only on the selected Tag Families. If you scope only based on tags from Family A, then Family B is disregarded in scope calculations and considered as allowed.

      3. Save your changes.

    • Remove a user group.

      1. To remove more than one user group, select the user groups, right-click, and select Remove Groups.

        To remove one user group, select the user group or right-click the user group, and select Remove Group.

      2. Click Delete in the window that is displayed.

    • Copy text to clipboard to copy text from a specific row field in the row of a user group.

    • Copy entire row to copy the text from all the fields in a row of a user group.