Decide whether you want to add users locally or through SSO or LDAP in Cortex XSOAR On-prem.
You can create users locally or by using SSO or LDAP in the tenant. Users authenticate by doing one of the following:
Authenticate locally
After you create users, they authenticate using their username and password. For more information, see Create users in Cortex XSOAR.
SAML single sign-on
Users can be authenticated using your IdP provider such as Okta, Ping, or Microsoft Entra ID. You can use any IdP that supports SAML 2.0.
LDAP authentication
Users can be authenticated using their Active Directory or OpenLDAP directory credentials.
Using an external identity provider or directory service (SSO or LDAP) provides the following advantages:
Centralized access control: Automatically removes access to Cortex XSOAR when a user is removed or disabled in the IdP or LDAP directory
Dynamic role-based access: Maps SAML or LDAP group memberships directly to Cortex XSOAR user groups and roles, allowing you to manage role-based access control without manually assigning permissions in the platform.
Enforced security policies (SSO only): Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex XSOAR.