Set Up MS Azure as the Identity Provider Using SAML 2.0 - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-04-08
End_of_Life
EoL
Category
Administrator Guide
Abstract

Set up Microsoft Azure in Cortex XSOAR as the identity provider for Cortex XSOAR users.

You can authenticate your Cortex XSOAR users using SAML 2.0 authentication and Microsoft Azure (Azure) as the identity provider. To set up Azure, you need to do the following:

Troubleshooting (generic - known errors)

The following are known issues when using Single sign on in Azure:

  • Method Not Allowed: Ensure the endpoint is used for the Service Provider Entity ID and Reply URL for the IdP and Service provider, in the format: https://demisto-dns/saml.

  • "{"id":"errSAMLLogin","status":400,"title":"Failed to login via SAML","detail":"Failed to login via SAML","error":"","encrypted":false,"multires":null}": Most likely an attribute mapping issue. Ensure that all attributes that appear in Cortex XSOAR SAML 2.0 configuration are reflected in Azure claims and its associated SAML assertion. Attributes are case sensitive.

    You may also receive this message, if you select the Don’t map SAML groups to Demisto Roles checkbox and you do not define a role in Default role (for IdP users without groups) in the SAML 2.0 configuration.

  • After connecting through SSO, a user may temporarily see the home screen, but immediately returns to the login page. The user does not have any group assigned, so he cannot login.

    Check the group mapping and see whether the memberOf attribute is correct. As a workaround, if you did not set the group mapping, you can use the Default role (for IdP users without groups) in the SAML 2.0 configuration.

  • If a user belongs to many groups, the identity provide may return an attribute: https://graph.windows.net/{tenantID}/users/{userID}/getMemberObjects and not the actual roles, causing Cortex XSOAR authentication to fail.

    In this case, you can configure Azure AD to return groups assigned to the application, with source attribute Group ID. Note that this option is not officially supported by Cortex XSOAR.