Use Multiple SAML 2.0 Providers - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

In Cortex Xpanse, you can use multiple SAML SSO providers.

To view providers, go to SettingsConfigurationsAccess ManagementSingle Sign-On. To add an additional provider, Add SSO Connection.

When using two or more SSO providers:

  • The first provider in the list is used as the default SSO provider. The Domain parameter is predefined for the first SSO.

  • If you add additional SSO providers, you must provide the email Domain in the SSO Integration settings for all providers except the first. Cortex Xpanse uses this domain to determine which identity provider the user should be sent to for authentication. At the Cortex Xpanse login page, if you have enabled more than one SSO provider, an optional email field displays above the Sign-In with SSO button. If the user does not enter an email address in this field or if the email address does not match an existing domain, the user is automatically directed to the default IdP provider (the first in the list of SSO providers). If the user enters an email address and it matches a domain listed in the email Domain field in the SSO Integration settings for one of your IdPs, Sign-In with SSO sends the user to the IdP associated with that email domain.

  • When mapping IdP user groups to Cortex Xpanse user groups, you must include the group attribute for each IdP you want to use. For example, if you are using Microsoft Azure and Okta, your Cortex Xpanse user group SAML Group Mapping field must include the IdP groups for each provider. Each group name is separated by a comma.