Cortex XSOAR enables you to manage users in the Customer Support Portal.
Any user who has a Customer Support Portal account (CSP) can access Cortex XSOAR. In the Users page, you can see all the users that can access Cortex XSOAR. If a user is not listed, ensure that the user is added in the Customer Support Portal.
From the table in the Users page, you can view user information, such as:
Indicates whether the user was defined in Cortex XSOAR using the CSP (Customer Support Portal), SSO (single sign-on) using your organization’s IdP, or both CSP/SSO.
For information about enabling SSO in Cortex XSOAR, see Configure Single Sign-On Using SAML 2.0 in the Cortex XSOAR Tenant.
Name of the role assigned specifically to the user that is not inherited from somewhere else, such a User Group. When the user does not have any access permissions that are assigned specifically to them, the field displays No-Role.
Lists the groups that a user belongs to, where any group imported from Active Directory has the letters AD added beside the group name.
If a user is assigned to multiple user groups, which are mapped to different roles, or if the user is assigned to nested user groups, the user has the highest level of privileges based on the combination of roles.
Lists the different group roles based on the groups the user belongs to. When you hover over the group role, the group associated with this role is displayed.
Last Login Time
Last date and time the user accessed Cortex XSOAR.
Displays whether the user is Active or Inactive
Displays the user's phone number. Including the user's phone number enables playbooks and scripts to trigger direct analyst communication by phone.
You can right-click the user’s name to update the user's role. You can do the following:
Add out-of-the-box roles such as Administrator, Analyst, etc. or create your own roles. For more information, see Manage Roles.
Add/edit user groups.
Add/edit accumulated permissions
The Show Accumulated Permissions field shows permissions based on the role and user groups assigned to the user. Role permissions consist of different components and advanced permissions for all roles.
By default all permissions are displayed, which lists the combined permissions of every role and user group assigned to the user. You can also select the specific roles assigned to the user, which enables you to compare available permissions based on the roles selected. This can help you understand how the role permissions for a particular user are built. For example, if you need to isolate a specific component, the permissions provided by a particular role or user group.
Add/edit permissions for components (such as dashboards, reports, incidents, etc.) and page access, default dashboards, etc. For more information about role permissions, see Role-based Permission Levels.
You can also Import Multiple User Roles as a CSV file to quickly add users who have a CSP account and assign them pre-existing roles in Cortex XSOAR. Access the Download example file (when clicking Import Multiple User Roles) to view the required format to upload and replace the file contents with the data to upload. The following parameters and values must be included:
The email address of the user belonging to a CSP account that you want to import.
The name of the role that you want to assign to this user. The role must already be created in Cortex XSOAR.
Is an account role (default=false)
Determines whether the user role is created in the Cortex Gateway or Cortex XSOAR tenant. If defined in the Cortex Gateway, set the value to
You can also deactivate users, add roles, hide users, delete a single sign-on user, etc.
In Cortex XSOAR, select → → → .
In the Users page, a number of different options are available to help you manage users.
Select the users you want to manage, right-click and select one of the following:
Update User Role
(Optional) Select more than one user to set and manage a role for all these system users belonging to the same group at once.
Select a Role from the list of default and custom roles that you want to assign the user.
Add the user to a user group, if required.
Edit the accumulated permissions in the Show Accumulated Permissions field.
You cannot deactivate a user that has an Account Admin role.
This is useful, for example, when you have users who are not related to Cortex XSOAR and are designated with a role, such as CSP Super Users. If you deselect Show User Subset, these users are hidden in the table.
Copy text to clipboard
Copy an entire row
Delete a Single Sign-on (SSO) user
This option is only available when you’ve enabled SSO in Cortex XSOAR.