Authenticate Users with SAML 2.0 - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Authenticate users using SAML 2.0 with your identity provider, for Cortex XSOAR. Use Okta, Microsoft Azure, or ADFS.

SAML exchanges authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority (Identity Provider) and a SAML consumer (Service Provider).

SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. For more information about SAML 2.0, see SAML 2.0 Wikipedia.

You can authenticate your Cortex XSOAR users using SAML 2.0 authentication with your identity provider, such as Okta. You need to define Cortex XSOAR authentication in your Identity Provider’s account, then create a SAML 2.0 instance in Cortex XSOAR:

When configuring the SAML 2.0 integration instance, in the third party application, if the SAML configuration contains the LDAP URL for name, email, phone, SAML populates the user's email field in Cortex XSOAR.

If the third party SAML configuration for name, email, phone is left blank, the administrator can modify the user properties and manually enter the information. To set this up, you need to add the following server configuration (SettingsABOUTTroubleshootingAdd Server Configuration):





This server configuration does not change, no matter how many times you log into or out of Cortex XSOAR. The only time the configuration is overwritten, is when the SAML configuration contains the LDAP URL for email or when it is changed manually in the third party application.