Configure Microsoft Azure to Authenticate Cortex XSOAR - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2023-12-11
Category
Administrator Guide

You need to authenticate Cortex XSOAR in your Azure account and then create a SAML 2.0 instance in Cortex XSOAR.

  1. In the Azure Portal, create new groups to match the Cortex XSOAR roles.

    For example, Cortex XSOAR comes out of the box with the Administrator, Analyst, and Read-Only roles. We need to add these roles to Azure.

    1. From the home page, select Azure Active DirectoryGroupsNew group.

    2. Add the Administrator group.

      azure-group.png

      You can add existing users to this group now or at a later stage.

      You can also allow Azure AD Group Owners to add or modify users in the group. Groups can be manually or dynamically populated by user or a device (see the options under Membership type) and defer to the Azure Administrator. One option is for Cortex XSOAR to populate the group membership as part of a custom playbook for bulk user provisioning.

    3. Click Create.

    4. Repeat these steps for each group required. For example, analyst, read-only user, etc. we recommend, as a minimum, to create a group for each role.

  2. Create a Non-Gallery application.

    1. From the home page, select Enterprise applicationsNew Application.

      azure_app.png
    2. Select Non-gallery application.

    3. Type the name of your application and click Add

      azure_add_app.png

      The page redirects to the Overview page. Copy the Object ID for future reference.

      azure-obid.png
  3. Assign Groups to the new application.

    1. In the Getting Started section, click Assign users and groups.

      azure_gs.png
    2. Click Add user/groupUsers and groups.

    3. Select the groups that you created in step 1.

      azure-assignment.png
    4. Repeat for all other groups created.

  4. Set up SSO configuration for the application.

    1. In the Set up single sign on field, click Get started.

    2. Click SAML.

      azure-saml.png
    3. In the Basic SAML Configuration section, add the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).

      Use the format https://<XSOAR Server FQDN>/saml

      azure_sso_s1.png
    4. To use SP initiated SSO, in the Sign on URL field, add the URL in the format:

      https://<XSOAR Server FDQN>/#/login

      Users can sign into the Cortex XSOAR login page, an authorization request is sent to Azure, and after authentication, the user is logged in to Cortex XSOAR.

    5. In the User Attributes & Claims section, click the edit icon and add the following attributes and values as required.

      azure_sso_s2.png

      Ensure the attribute names match the names in Cortex XSOAR, when defining the instance.

    6. Add a new group, click Add a group claim.

    7. In the Group Claims (Preview) window, select Security groups.

    8. In the Advanced options section, select the Customize the name of the group claim and Emit groups as role claims checkboxes.

      azure-gpclaims.png
    9. Click Save.

    10. Copy the additional claims details in text format as these are added when you Configure the SAML 2.0 Integration for Azure.

      azure-addcl.png

      If you are setting up an SMS integration (such as Twilio) add a new phone attribute new claim to reference users directory phone numbers.

    11. Copy the App Federation Metadata Url, Login URL and Logout URL fields, which are needed to configure the instance in Cortex XSOAR.