Describes the SAML 2.0 parameters for Microsoft Azure as an identity provider.
The following table describes the SAML 2.0 parameters for Azure, when adding a new instance in Cortex XSOAR:
Attribute | Description | |
---|---|---|
Name | A name for the integration instance. | |
Service Provider Entity ID | The URL of your Cortex XSOAR server (also known as an ACS URL). In the format: | |
IdP metadata URL | The URL of your organization’s IdP metadata file. Copy this from the App Federation Metadata URL in the SAML Signing Certificate in Azure. | |
IdP metadata file | Your organization’s IdP metadata file. You either need to add the IdP metadata URL or the file. | |
IdP SSO URL | The URL of the IdP application that corresponds to Cortex XSOAR. Copy this from the Login URL field in the SAML Signing Certificate section. | |
Attribute to get username | Attribute in your IdP for the user name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Attribute to get email | Attribute in your IdP for the user's email address. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Attribute to get first name | Attribute in your IdP for the user's first name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Attribute to get last name | Attribute in your IdP for the user's last name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Attribute to get phone | (Optional) Attribute in your IdP for the user's phone number, if available. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Attribute to get groups | Attribute in your IdP for the groups of which the user is a member. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate. For example, | |
Groups delimiter | Groups list separator. Value: | |
Default role (for IdP users without groups) | Role to assign to the user when they are not a member of any group. For example, | |
RelayState | Only used by certain IdPs. If your IdP uses relay state, you need to supply the relay state. | |
Verify IDP public certificate | The Certificate (Base64) you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate. | |
Sign Request | Method for the IdP to verify the user sign-in request using the IdP vendor certificate. | |
Service Provider Private key (pem format) | Private key for your IdP, in PEM format. Created locally by the user who wants to use SAML. The public key is uploaded to Azure. | |
Do not validate server certificate (insecure) | If you are use a self-signed certificate for the Azure server you can use this checkbox. | |
Use system proxy settings | Select the check box to use proxy settings. | |
ADFS | Whether the server uses ADFS. | |
Compress encode URL (AFDS) | (Manadatory) Select the check box to compress encode URL (AFDS). If not, you may receive a | |
Service identifier (AFDS) | Add the characters after the | |
Don’t map SAML groups to Demisto roles | SAML groups are not mapped to Cortex XSOAR roles. Default roles are assigned and you can select them later. | |
Get service provider metadata | Enables you to verify that the settings are successful. | |
IdP Single Logout URL | This functionality ends the user's session in Azure when logging out. | |
Single Logout Service Endpoint | The URL of the single logout Endpoint. | |
Use this instance for external authentication only | Limits this instance to authenticate external (non-Cortex XSOAR) users when they answer a survey sent via a communication task in a playbook. |