SAML 2.0 Azure Parameters - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Describes the SAML 2.0 parameters for Microsoft Azure as an identity provider.

The following table describes the SAML 2.0 parameters for Azure, when adding a new instance in Cortex XSOAR:

Attribute

Description

Name

A name for the integration instance.

Service Provider Entity ID

The URL of your Cortex XSOAR server (also known as an ACS URL). In the format: https://yourdomain.com/saml

IdP metadata URL

The URL of your organization’s IdP metadata file. Copy this from the App Federation Metadata URL in the SAML Signing Certificate in Azure.

azure_sso_s3a.png

IdP metadata file

Your organization’s IdP metadata file. You either need to add the IdP metadata URL or the file.

IdP SSO URL

The URL of the IdP application that corresponds to Cortex XSOAR. Copy this from the Login URL field in the SAML Signing Certificate section.

azure_sso_s4.png

Attribute to get username

Attribute in your IdP for the user name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname.

Attribute to get email

Attribute in your IdP for the user's email address. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

Attribute to get first name

Attribute in your IdP for the user's first name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.

Attribute to get last name

Attribute in your IdP for the user's last name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.

Attribute to get phone

(Optional) Attribute in your IdP for the user's phone number, if available. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone.

Attribute to get groups

Attribute in your IdP for the groups of which the user is a member. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example, http://schemas.microsoft.com/ws/2008/06/identity/claims/role.

Groups delimiter

Groups list separator. Value: “,”

Default role (for IdP users without groups)

Role to assign to the user when they are not a member of any group. For example, Analyst.

RelayState

Only used by certain IdPs. If your IdP uses relay state, you need to supply the relay state.

Verify IDP public certificate

The Certificate (Base64) you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR.

Sign Request

Method for the IdP to verify the user sign-in request using the IdP vendor certificate.

Service Provider Private key (pem format)

Private key for your IdP, in PEM format. Created locally by the user who wants to use SAML. The public key is uploaded to Azure.

Do not validate server certificate (insecure)

If you are use a self-signed certificate for the Azure server you can use this checkbox.

Use system proxy settings

Select the check box to use proxy settings.

ADFS

Whether the server uses ADFS.

Compress encode URL (AFDS)

(Manadatory) Select the check box to compress encode URL (AFDS). If not, you may receive a Decoding Flat error during connection.

Service identifier (AFDS)

Add the characters after the appid value, which can be found at the end of the App Federation Metadata URL. For example, https://login.microsoftonline.com/934a6d32-9550be/federationmetadata/2007-06/federationmetadata.xml?appid=b0331331-f15b-4a32-9f48-19158beb0340. Add b0331331-f15b-4a32-9f48-19158beb0340

Don’t map SAML groups to Demisto roles

SAML groups are not mapped to Cortex XSOAR roles. Default roles are assigned and you can select them later.

Get service provider metadata

Enables you to verify that the settings are successful.

IdP Single Logout URL

This functionality ends the user's session in Azure when logging out.

Single Logout Service Endpoint

The URL of the single logout Endpoint.

Use this instance for external authentication only

Limits this instance to authenticate external (non-Cortex XSOAR) users when they answer a survey sent via a communication task in a playbook.