Manage Single Sign-On - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Learn how to easily and securely authenticate system users with one set of credentials using SSO with the SAML 2.0 standard.

After you activate your tenant, you can authenticate users by doing one or both of the following options:

  • User authentication in the Customer Support Portal

    When you create a Customer Support Portal (CSP) account you can set up two-factor authentication (2FA) to log into the CSP, by using one of the following:

    • Email

    • Okta Verify

    • Google Authenticator (non FedRAMP accounts)

    For more information about setting up 2FA in the CSP, see Two Factor Authentication (2FA) Overview. You can also add an IdP, which is recommended. See How to Enable a Third Party IdP.

    When you add users to the CSP account, they are added as users in the Cortex Gateway and the tenant. By default, users have access to the Cortex Gateway, but cannot make any changes in the Cortex Gateway unless they are Account Admins and cannot access a tenant until they are assigned a role or group role.

    When users log into the Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the CSP using their username and password including 2FA (if set up). This is the default method of authentication.

    Note

    If you have multiple tenants, you will need to repeat this task for each tenant. The activation process includes accessing the gateway, activating the tenant, and then accessing the tenant.

  • SAML single sign-on in the Cortex XSIAM tenant

    In the Cortex XSIAM tenant, users can be authenticated using your IdP provider such as Okta, Ping, or Azure AD. You can use any IdP that supports SAML 2.0. You define authentication in your identity provider’s account and configure the SSO settings in Cortex XSIAM.

There are several advantages to authenticating with SAML 2.0 versus a Customer Support Portal (CSP) account.

  • Removes the administrative burden of requiring separate accounts issued through the Customer Support Portal.

  • Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex XSIAM.

  • Maps SAML group memberships to Cortex XSIAM user groups and roles, allowing you to manage role-based access control.

  • Removes access to Cortex XSIAM when a user is removed or disabled at the IdP.

If you want to rely on CSP authentication, it is useful where you have one CSP account and want the same users to have permissions in several tenants.