Set up Okta as the Identity Provider Using SAML 2.0 - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Use Okta to authenticate your Cortex Xpanse users.

This topic provides specific instructions for using Okta to authenticate your Cortex Xpanse users. As Okta is third-party software, specific procedures, and screenshots may change without notice. We encourage you to also review the Okta documentation for app integrations.

To configure SAML SSO in Cortex Xpanse, you must be a user who can access the Cortex Xpanse tenant and have either the Account Admin or Instance Admin role assigned.

The following video is a step-by-step guide to configuring SSO for Okta. It shows Cortex XDR, but the same steps apply to Cortex Xpanse.

Within Okta, assign users to groups that match the user groups they will belong to in Cortex Xpanse. Users can be assigned to multiple Okta groups and receive permissions associated with multiple user groups in Cortex Xpanse. Use an identifying word or phrase, such as Cortex Xpanse, within the group names. For example, Cortex Xpanse Analysts. This allows you to send only relevant group information to Cortex Xpanse, based on a filter you will set in the group attribute statement.

Create a list of the Okta groups and their corresponding Cortex Xpanse user groups (or the Cortex Xpanse user groups you intend to create) and save this list for later use when configuring user groups in Cortex Xpanse.

  1. In Cortex Xpanse, go to SettingsConfigurationsAccess ManagementSingle Sign-On.

  2. In the Single Sign-On tab, toggle SSO Disabled to on.

  3. Expand the SSO Integration settings.

  4. Copy and save the values for Single Sign-On URL and Audience URI (SP Entity ID).

    Both values are needed to configure your IdP settings.

    You cannot save the enabled SSO Integration at this time, as it requires values from your IdP.

  1. From within Okta, create a Cortex Xpanse application and Edit the SAML Settings.

  2. Paste the Single sign-on URL and the Audience URI (SP Entity ID) that you copied from the Cortex Xpanse SSO settings. The Audience URI should also be pasted in the Default RelayState field, which allows users to log in to Cortex Xpanse directly from the Okta dashboard.

  3. Click Show Advanced Settings, verify that Okta is configured to sign both the response and the assertion signature for the SAML token, and then click Hide Advanced Settings.

  4. Cortex Xpanse requires the IdP to send four attributes in the SAML token for the authenticating user.

    • Email address

    • Group membership

    • First Name

    • Last Name


    Configure Okta to send group memberships of the users using the memberOf attribute. Use the word or phrase you selected when configuring Okta groups (such as Cortex Xpanse) to create a filter for the relevant groups.

  5. Copy the exact names of the attribute statements from Okta and save them, as they are required to configure the Cortex Xpanse SSO integration. In the example above, the names are FirstName, LastName, Email, and memberOf. The attribute names are case-sensitive.

  1. In Okta, from your Cortex Xpanse application page, click View SAML setup instructions. If you do not see this button, verify you are on the Sign On tab of the application.

  2. Copy and save the values for Identity Provider Single Sign-On URL , Identity Provider Insurer, and the X.509 Certificate. These values are needed to configure your Cortex Xpanse SSO Integration.

  1. In Cortex Xpanse go to SettingsConfigurationsAccess ManagementSingle Sign-On.

  2. In the Single Sign-On tab, toggle SSO Disabled to on.

  3. Expand the SSO Integration settings.

  4. Use the following table to complete the SSO Integration settings, based on the values you saved from Okta.


    Cortex Xpanse Field

    Identity Provider Single Sign-On URL


    Identity Provider Issuer

    IdP Issuer ID

    X.509 Certificate

    X.509 Certificate

  5. In the IdP Attributes Mapping section, enter the attribute names from Okta. The names are case-sensitive and must match exactly.

  6. Save your settings.

  1. Select SettingsConfigurationsAccess ManagementUser Groups.

  2. Right-click a user group and select Edit Group.

  3. In the SAML Group Mapping field add the Okta group(s) that should be associated with this user group. Multiple groups should be separated with a comma. The Okta group name must match the exact value sent in the token.

  4. Save your settings.

  5. Repeat for each user group.

  1. Go to the Cortex Xpanse tenant URL and Sign-In with SSO.


    When using SAML 2.0, users are required to authenticate by logging in directly at the tenant URL. They cannot log in via the Cortex Gateway.

  2. After authentication to Okta, you are redirected again to the Cortex Xpanse tenant.

  3. Once logged in, validate that you have been assigned the proper roles.

    To view your role and any user group role in which you belong, click your name in the bottom left-hand corner, and click About.