Define Duo to authenticate Cortex XSOAR - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-10-07
End_of_Life
EoL
Category
Administrator Guide
Abstract

Define the Duo application to provide single sign on (SSO) for Cortex XSOAR.

Before you start, create a Duo group for Cortex XSOAR users.

  1. Log in to Duo and click Applications.

  2. Click Protect an Application.

  3. Find Generic Service Provider - 2FA with SSO hosted by Duo (Single Sign-On) in the application list and click Protect.

    duo-generic-service-provider.png
  4. In the Service Provider section, enter the following, using the url of your Cortex XSOAR installation:

    Parameter

    Value

    Entity ID

    https:// <cortexxsoarURL>

    Assertion Consumer Service

    https:// <cortexxsoarURL>/saml

    Single Logout URL

    https:// <cortexxsoarURL>/saml-logout

    Service Provider Login URL

    Keep this field blank.

    Default Relay State

    Keep this field blank.

  5. In the SAML Response section, change the following:

    1. Change the NameID format drop-down from urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

      duo-nameid-format.png
    2. Leave NameID attribute as <Email Address> and Signature algorithm as SHA256.

    3. In the Signing Options section, clear the Sign assertion checkbox.

      duo-signing-option.png
  6. Map attributes:

    IdP Attribute

    SAML Response Attribute

    <Username>

    urn

    <Email Address>

    Email

    <First Name>

    FirstName

    <Last Name>

    LastName

  7. Role attributes:

    Parameter

    Value

    Attribute name

    memberOf

    Service Provider’s Role

    The SAML role in Cortex XSOAR that will be mapped to the Duo group

    Duo Groups

    The Duo group you created

  8. Click Save.