Set up authentication in the Cortex Xpanse tenant using SSO.
Cortex Xpanse enables you to securely authenticate system users across enterprise-wide applications and websites with one set of credentials using single sign-on (SSO) with SAML 2.0. System users can authenticate using your organization's Identity Provider (IdP), such as Okta or PingOne. You can integrate with any IdP that is supported by SAML 2.0.
Configuring SSO with SAML 2.0 is dependent on your organization’s IdP. Some of the parameter values need to be supplied from your organization’s IdP and some need to be added to your organization’s IdP. You should have sufficient knowledge about IdPs, how to access your organization’s IdP, which values to add to Cortex Xpanse, and which values to add to your IdP fields.
To set up SSO authentication in the tenant, you must be assigned an Instance Administrator or Account Admin role.
Tip
SAML 2.0 users must log in to Cortex Xpanse using the FQDN (full URL) of the tenant. To allow login directly from the IdP to Cortex XSOAR, you must set the relay state on the IdP to the FQDN of the tenant.
If you have multiple tenants, you must set up the SSO configuration separately for each tenant, both in the IdP and in Cortex Xpanse.
Create groups in your IdP that correspond to the roles in Cortex Xpanse and assign users to those groups in your IdP. Users can belong to multiple groups and receive permissions associated with multiple roles. Add the appropriate SAML group mapping from your IdP to each Cortex Xpanse role.
If you are configuring Okta or Azure, follow the procedure in Okta or Azure AD. You can also adapt these instructions with any similar SAML 2.0 IdP.
In Cortex Xpanse, go to → → → .
In the Single Sign-On tab, toggle SSO Disabled to on.
You can see the SSO settings, so you can configure them according to your organization’s IdP.
If you want to add another SSO connection to enable managing user groups with different roles and different IdPs, click Add SSO Connection.
Different SSO parameters for an SSO are displayed to configure according to your organization’s additional IdP.
Note
The first SSO cannot be deleted, it can only be deactivated by toggling SSO Enabled to off.
The Domain parameter is predefined for the first SSO.
If you add additional SSO providers, you must provide the email Domain in the SSO Integration settings for all providers except the first. Cortex Xpanse uses this domain to determine which identity provider the user should be sent to for authentication.
When mapping IdP user groups to Cortex Xpanse user groups, you must include the group attribute for each IdP you want to use. For example, if you are using Microsoft Azure and Okta, your Cortex Xpanse user group SAML Group Mapping field must include the IdP groups for each provider. Each group name is separated by a comma.
Set the following parameters using your organization’s IdP.
General parameters
IdP Attribute Mapping
Advanced Settings (optional)
Save your changes.
Whenever an SSO user logs in to Cortex Xpanse, the following login options are available.
Sign-in with SSO
If you have enabled more than one SSO provider, an optional email field appears. If the user does not enter an email address or if the email address does not match an existing domain, the user is automatically directed to the default IdP provider (the first in the list of SSO providers in the Authentication Settings). If the user enters an email address and it matches a domain listed in the Domain field in the SSO Integration settings for one of your IdPs, Sign-In with SSO sends the user to the IdP associated with that email domain.
Sign-in with your CSP credentials: Users log in with their Customer Support Portal (CSP) credentials, provided they have been added as a user via the CSP and have been assigned a role or assigned to the tenant through the Cortex Gateway or in the tenant. Users log into the CSP via SSO authentication.