User authentication - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Authenticate Cortex Xpanse users using SAML 2.0 or the Cortex Gateway.

After you have activated your tenant, you need to configure how users access Cortex Xpanse. You can authenticate users by using one or both of the following options:

  • User authentication through the Customer Support Portal (CSP)

    When users log into the Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the CSP using their username and password or 2FA (if set up). This is the default method of authentication.

  • SAML single sign-on in the Cortex Xpanse tenant

    Users can be authenticated using your IdP provider such as Okta, Ping, or Azure AD. You can use any IdP that supports SAML 2.0.

There are several advantages to setting up SSO in the tenant rather than relying on CSP authentication:

  • Removes the administrative burden of requiring separate accounts to be configured through the Customer Support Portal.

  • Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex Xpanse.

  • Maps SAML group memberships to user groups and roles, allowing you manage role based access control.

  • Removes access to Cortex Xpanse when a user is removed or disabled in the IdP.

CSP authentication may be useful when you have one CSP account and want the same set of users to have permissions in several tenants.

Next step

After setting up authentication, start creating roles, user groups, configure permissions, and manage users in the Cortex Xpanse tenant or the Cortex Gateway.