Configure the SAML 2.0 Integration for Microsoft Entra ID - Configure an instance of SAML 2.0 integration for Microsoft Entra ID in Cortex XSOAR. - Administrator Guide - 6.13 - Cortex XSOAR - Cortex - Security Operations

Create a SAML 2.0 integration instance.

1. Go to Settings → Integrations → Instances.

2. Search for SAML 2.0 and click Add instance to configure a new integration.

3. Add the metadata/URL parameters from Microsoft Entra ID to Cortex XSOAR.

   Cortex XSOAR field	Microsoft Entra ID Portal field
   Service Provider Entity ID	Identifier (Entity ID) (Basic SAML Configuration Section)
   IdP metadata URL	App Federation Metadata URL (SAML Signing Certificate Section)
   Idp SSO URL	Login URL (SAML Signing Certificate section)

   The following Microsoft Entra ID metadata/URL information has been added to the SAML 2.0 attributes in Cortex XSOAR:

4. In the following fields, copy the Microsoft Entra ID attributes exactly how they appear in Microsoft Entra ID (in Microsoft Entra ID, go to User Attributes & Claims → Edit). For example, in the Attribute to get email field, type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

   In this example, we have the following Claim Names:

   Cortex XSOAR SAML 2.0 field	Microsoft Entra ID Portal Claim Name Examples
   Attribute to get username	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
   Attribute to get email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
   Attribute to get first name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
   Attribute to get last name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
   Attribute to get groups	http://schemas.microsoft.com/ws/2008/06/identity/claims/role

   Add the phone attribute, if required.

5. Select the Verify the Idp response signature and add the Idp Public certificate, which you downloaded in step 5.5 in Configure Microsoft Entra ID to Authenticate Cortex XSOAR).

   If your Identity Provider requires signed authentication requests, select Sign request and input the public/private certificate pair generated for Cortex XSOAR.

6. Select the ADFS and Compress encode URL (ADFS) checkboxes.

7. In the Service Identifier (ADFS) field, copy the characters after the appid value, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate).

8. In the IdP Single Logout URL, from Microsoft Entra ID, copy the Logout URL (section 4).

9. In the Single Logout Service Endpoint add the details in the following format:

   https://<cortex xsoar-url>/saml-logout

10. To verify that the settings are successful, in the instance settings, click Get service provider metadata.

    For a full list and descriptions of the fields, see SAML 2.0 Microsoft Entra ID Parameters.

    If you click Test a bug is issued similar to this:

    You need to login with a user to test the instance. It is recommended to test this also on the Microsoft Entra ID app, as there are detailed error reports and troubleshooting.

Map the Microsoft Entra ID groups to Cortex XSOAR roles.

1. In Microsoft Entra ID, select Microsoft Entra ID Active Directory → Enterprise applications → name of your application → Assign users and groups → Name of your group.

2. Copy the Object ID.

   For example, we created a group, called XSOAR Administrator.

3. In Cortex XSOAR, go to Settings → Users and Roles → Roles.

4. Create or edit an existing role, as described in Define a Role.

5. In the SAML Roles Mapping field, type the Object ID that you copied in step 2.

Click Save.