After you have configured Azure to authenticate on Cortex XSOAR, you can then configure an integration instance for SAML 2.0 in Cortex XSOAR.
Create a SAML 2.0 integration instance.
Go to→ → .
Search for SAML 2.0 and click Add instance to configure a new integration.
Add the metadata/URL parameters from Azure to Cortex XSOAR.
Cortex XSOAR field
Azure Portal field
Service Provider Entity ID
Identifier (Entity ID) (Basic SAML Configuration Section)
IdP metadata URL
App Federation Metadata URL (SAML Signing Certificate Section)
Idp SSO URL
Login URL (SAML Signing Certificate section)
The following Azure metadata/URL information has been added to the SAML 2.0 attributes in Cortex XSOAR:
In the following fields, copy the Azure attributes exactly how they appear in Azure (in Azure, go to Attribute to get email field, type→ ). For example, in the
In this example, we have the following Claim Names:
Cortex XSOAR SAML 2.0 field
Azure Portal Claim Name Examples
Attribute to get username
Attribute to get email
Attribute to get first name
Attribute to get last name
Attribute to get groups
Add the phone attribute, if required.
Select the Verify the Idp response signature and add the Idp Public certificate, which you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR).
If your Identity Provider requires signed authentication requests, select Sign request and input the public/private certificate pair generated for Cortex XSOAR.
Select the ADFS and Compress encode URL (ADFS) checkboxes.
In the Service Identifier (ADFS) field, copy the characters after the
appidvalue, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate).
In the IdP Single Logout URL, from Azure, copy the Logout URL (section 4).
In the Single Logout Service Endpoint add the details in the following format:
To verify that the settings are successful, in the instance settings, click Get service provider metadata.
For a full list and descriptions of the fields, see SAML 2.0 Azure Parameters.
If you click Test a bug is issued similar to this:
You need to login with a user to test the instance. It is recommended to test this also on the Azure app, as there are detailed error reports and troubleshooting.
Map the Azure groups to Cortex XSOAR roles.
In Microsoft Azure, select→ → → → .
Copy the Object ID.
For example, we created a group, called XSOAR Administrator.
In Cortex XSOAR, go to→ → .
Create or edit an existing role, as described in Define a Role.
In the SAML Roles Mapping field, type the Object ID that you copied in step 2.