Create Communication Task Authentication - Playbook Design Guide - 6.x - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Playbook Design Guide

Product
Cortex XSOAR
Version
6.x
Creation date
2023-01-19
Last date published
2023-12-19
Category
Playbook Design Guide

To ensure that only authorized users gain access to the form you sent, configure user authentication for the communication task.

The main use case is for external users. These are users who are not users in Cortex XSOAR. Upon authentication, external users will have access only to the form that is sent to them. They will not be able to access anything else in Cortex XSOAR.

Note

If you are using Active Directory and after following these instructions you see the error message could not find a provider to authenticate with, go to SettingsAboutTroubleshooting and add the following server configuration.

Key

Value

active.directory.auth.external.instance

name of your Active Directory instance

  1. Set up your idP (for example, Okta) with a dedicated group for your external users who you want to authenticate.

  2. Create the authentication integration. Currently, Cortex XSOAR supports SAML and Active Directory.

    • For the SAML integration, in the Service Provider Entity ID field, enter the URL of the server followed by /external-saml. For example, for external users: https://localhost:8443/external-saml.

    • For the Active Directory integration, enter the relevant groups for the external users.

    If using an engine to submit the form, use the URL of the engine, not the server.

    If using an engine in a mulit-tenant environment, add the following to the d1.conf file: saml.engine.redirect.to.<host name of the engine/host name of the server which the IDP redirects to>.

  3. In the Task details of your communication task in your playbook, enable the Require users to authenticate option to have your SAML or AD authenticate the recipient before allowing them access to the form.

    playbook-comm-task-authenticate.png

    Note

    By default, validation is turned on, to confirm that the user listed in the To field matches the user accessing the form. If you need to send forms to multiple email addresses or to a distribution list, add the server configuration key external.form.validate.user with the value false. All users in the dedicated group are able to access the form, but individual email addresses are not validated.