Manage Users - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-14
Category
Administrator Guide
Abstract

Cortex XSOAR enables you to manage users in the Customer Support Portal.

Any user who has a Customer Support Portal account (CSP) can access Cortex XSOAR. In the Users page, you can see all the users that can access Cortex XSOAR. If a user is not listed, ensure that the user is added in the Customer Support Portal.

From the table in the Users page, you can view user information, such as:

Name

Description

User Type

Indicates whether the user was defined in Cortex XSOAR using the CSP (Customer Support Portal), SSO (single sign-on) using your organization’s IdP, or both CSP/SSO.

For information about enabling SSO in Cortex XSOAR, see Configure Single Sign-On Using SAML 2.0 in the Cortex XSOAR Tenant.

Direct Role

Name of the role assigned specifically to the user that is not inherited from somewhere else, such a User Group. When the user does not have any access permissions that are assigned specifically to them, the field displays No-Role.

Groups

Lists the groups that a user belongs to, where any group imported from Active Directory has the letters AD added beside the group name.

If a user is assigned to multiple user groups, which are mapped to different roles, or if the user is assigned to nested user groups, the user has the highest level of privileges based on the combination of roles.

Group Roles

Lists the different group roles based on the groups the user belongs to. When you hover over the group role, the group associated with this role is displayed.

Last Login Time

Last date and time the user accessed Cortex XSOAR.

Status

Displays whether the user is Active or Inactive

Phone number

Displays the user's phone number. Including the user's phone number enables playbooks and scripts to trigger direct analyst communication by phone.

You can right-click the user’s name to update the user's role. You can do the following:

  • Add/edit Roles

    Add out-of-the-box roles such as Administrator, Analyst, etc. or create your own roles. For more information, see Manage Roles.

  • Add/edit user groups.

  • Add/edit accumulated permissions

    The Show Accumulated Permissions field shows permissions based on the role and user groups assigned to the user. Role permissions consist of different components and advanced permissions for all roles.

    By default all permissions are displayed, which lists the combined permissions of every role and user group assigned to the user. You can also select the specific roles assigned to the user, which enables you to compare available permissions based on the roles selected. This can help you understand how the role permissions for a particular user are built. For example, if you need to isolate a specific component, the permissions provided by a particular role or user group.

  • Add/edit permissions for components (such as dashboards, reports, incidents, etc.) and page access, default dashboards, etc. For more information about role permissions, see Role-based Permission Levels.

You can also Import Multiple User Roles as a CSV file to quickly add users who have a CSP account and assign them pre-existing roles in Cortex XSOAR. Access the Download example file (when clicking Import Multiple User Roles) to view the required format to upload and replace the file contents with the data to upload. The following parameters and values must be included:

Parameter

Description

User email

The email address of the user belonging to a CSP account that you want to import.

Role Name

The name of the role that you want to assign to this user. The role must already be created in Cortex XSOAR.

Is an account role (default=false)

Determines whether the user role is created in the Cortex Gateway or Cortex XSOAR tenant. If defined in the Cortex Gateway, set the value to True, otherwise, the value is set to false (default).

You can also deactivate users, add roles, hide users, delete a single sign-on user, etc.

  1. In Cortex XSOAR, select Settings & InfoSettingsAccess ManagementUsers.

    In the Users page, a number of different options are available to help you manage users.

  2. Select the users you want to manage, right-click and select one of the following:

    • Update User Role

      1. (Optional) Select more than one user to set and manage a role for all these system users belonging to the same group at once.

      2. Select a Role from the list of default and custom roles that you want to assign the user.

      3. Add the user to a user group, if required.

      4. Edit the accumulated permissions in the Show Accumulated Permissions field.

    • Deactivate a User

      You cannot deactivate a user that has an Account Admin role.

    • Hide User

      This is useful, for example, when you have users who are not related to Cortex XSOAR and are designated with a role, such as CSP Super Users. If you deselect Show User Subset, these users are hidden in the table.

    • Copy text to clipboard

    • Copy an entire row

    • Delete a Single Sign-on (SSO) user

      This option is only available when you’ve enabled SSO in Cortex XSOAR.