Define the Claim Issuance Policy - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-12-05
End_of_Life
EoL
Category
Administrator Guide
Abstract

Define the claim insurance policy in ADFS (Active Directory Federation Services) to use ADFS as the identity provider for Cortex XSOAR.

You need to define the claim issuance policy. Before you start you need to create the Relying Party Trusts as described in Create Relying Party Trust in ADFS.

  1. From the right menu pane of the Relying Party Trusts, click Edit Claim Issuance Policy

    adfs-edit-claim.png
  2. Click Add Rule.

  3. In the Add Transform Claim Rule Wizard, select Transform an Incoming Claim from the drop down list.

    adfs-add-transform-claim.png
  4. Click Next.

  5. In the Configure Claim Rule page, type the Claim rule name WindowsAccountName which will pass the user login name in AD and select the Windows account name for the Incoming and Outgoing claim type.

  6. Click Finish.

  7. Add another claim rule which will pass the AD user account attributes to Cortex XSOAR. This step is required to map the user group membership, full name, email, phone and other LDAP attributes.

    1. From the right menu pane of the Relying Party Trusts, click Edit Claim Issuance Policy

    2. Click Add Rule.

    3. In the Add Transform Claim Rule Wizard, select Send LDAP Attributes as Claims from the drop down list.

    4. Click Next.

    5. In the Configure Claim Rule page, type a claim rule name, select Active Directory from the Attribute store drop down list and map the required fields. Note that the user group attribute is mandatory if you wish to map the user group to the Cortex XSOAR user role.

      adfs-edit-rule.png
    6. Click Finish and then click OK to create the claim rules.

  8. Open PowerShell and make sure the IDP Sign-on page is enabled

    adfs-powershell.png

    If one of these setting are set to false, enable it by typing Set-AdfsProperties -<Property Name RelayState or EnableIdp> $True

  9. Verify that the ADFS IDP Sign-on page is working by browsing to the ADFS service portal URL, in our example: https://demistodev.local/adfs/ls/idpinitiatedsignon.aspx

  10. Continue with Configure the SAML 2.0 Integration for ADFS.