Configure the SAML 2.0 Integration for Azure - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2023-12-06
Category
Administrator Guide

After you have configured Azure to authenticate on Cortex XSOAR, you can then configure an integration instance for SAML 2.0 in Cortex XSOAR.

  1. Create a SAML 2.0 integration instance.

    1. Go to SettingsIntegrationsInstances.

    2. Search for SAML 2.0 and click Add instance to configure a new integration.

    3. Add the metadata/URL parameters from Azure to Cortex XSOAR.

      Cortex XSOAR field

      Azure Portal field

      Service Provider Entity ID

      Identifier (Entity ID) (Basic SAML Configuration Section)

      IdP metadata URL

      App Federation Metadata URL (SAML Signing Certificate Section)

      Idp SSO URL

      Login URL (SAML Signing Certificate section)

      The following Azure metadata/URL information has been added to the SAML 2.0 attributes in Cortex XSOAR:

      azure-login.png
    4. In the following fields, copy the Azure attributes exactly how they appear in Azure (in Azure, go to User Attributes & ClaimsEdit). For example, in the Attribute to get email field, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

      In this example, we have the following Claim Names:

      azure-addclaims.png

      Cortex XSOAR SAML 2.0 field

      Azure Portal Claim Name Examples

      Attribute to get username

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

      Attribute to get email

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

      Attribute to get first name

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

      Attribute to get last name

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

      Attribute to get groups

      http://schemas.microsoft.com/ws/2008/06/identity/claims/role

      Add the phone attribute, if required.

    5. Select the Verify the Idp response signature and add the Idp Public certificate, which you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR).

      If your Identity Provider requires signed authentication requests, select Sign request and input the public/private certificate pair generated for Cortex XSOAR.

    6. Select the ADFS and Compress encode URL (ADFS) checkboxes.

    7. In the Service Identifier (ADFS) field, copy the characters after the appid value, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate).

    8. In the IdP Single Logout URL, from Azure, copy the Logout URL (section 4).

    9. In the Single Logout Service Endpoint add the details in the following format:

      https://<cortex xsoar-url>/saml-logout

    10. To verify that the settings are successful, in the instance settings, click Get service provider metadata.

      For a full list and descriptions of the fields, see SAML 2.0 Azure Parameters.

      If you click Test a bug is issued similar to this:

      azure-bug.png

      You need to login with a user to test the instance. It is recommended to test this also on the Azure app, as there are detailed error reports and troubleshooting.

  2. Map the Azure groups to Cortex XSOAR roles.

    1. In Microsoft Azure, select Azure Active DirectoryEnterprise applicationsname of your applicationAssign users and groupsName of your group.

    2. Copy the Object ID.

      For example, we created a group, called XSOAR Administrator.

      azure-admin.png
    3. In Cortex XSOAR, go to SettingsUsers and RolesRoles.

    4. Create or edit an existing role, as described in Define a Role.

    5. In the SAML Roles Mapping field, type the Object ID that you copied in step 2.

      azure-saml2.0.png
  3. Click Save.