Set up Okta as the Identity Provider Using SAML 2.0 - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-09-26
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation

As Okta is third-party software, specific procedures and screenshots may change without notice. We encourage you to also review the Okta documentation for app integrations.

To configure SAML SSO in Cortex XSOAR, you must be a user who can access the Cortex XSOAR tenant and have either the Account Admin or Instance Admin role assigned.

The following video provides step-by-step guides to configuring SSO with Okta and with Azure AD. Note that the Okta specific instructions begin at minute 3:30.

Within Okta, assign users to groups that match the user groups they will belong to in Cortex XSOAR. Users can be assigned to multiple Okta groups and receive permissions associated with multiple user groups in Cortex XSOAR. Use an identifying word or phrase, such as Cortex XSOAR, within the group names. For example, Cortex XSOAR Analysts. This allows you to send only relevant group information to Cortex XSOAR, based on a filter you will set in the group attribute statement.

Create a list of the Okta groups and their corresponding Cortex XSOAR user groups (or the Cortex XSOAR user groups you intend to create) and save this list for later use when configuring user groups in Cortex XSOAR.

  1. In Cortex XSOAR, go to Settings & InfoSettingsAccess ManagementAuthentication Settings.

  2. In the Login Options tab, toggle SSO Disabled to on.

    By default, SSO is disabled in Cortex XSOAR.

  3. Expand the SSO Integration settings.

  4. Copy and save the values for Single Sign-On URL and Audience URI (SP Entity ID). Both values are needed to configure your IdP settings.

  5. You can not save the enabled SSO Integration at this time, as it requires values from your IdP.

  1. From within Okta, create a Cortex XSOAR application and Edit the SAML Settings.

  2. Paste the Single sign-on URL and the Audience URI (SP Entity ID) that you copied from the Cortex XSOAR SSO settings. The Audience URI should also be pasted in the Default RelayState field. This allows users to log in to Cortex XSOAR directly from the Okta dashboard.

  3. Show Advanced Settings, verify that Okta is configured to sign both the response and the assertion signature for the SAML token, and then Hide Advanced Settings.

  4. Cortex XSOAR requires the IdP to send four attributes in the SAML token for the authenticating user.

    • Email address

    • Group membership

    • First Name

    • Last Name

    Configure Okta to send group memberships of the users using the memberOf attribute. Use the word or phrase you selected when configuring Okta groups (such as Cortex XSOAR) to create a filter for the relevant groups.

  5. Copy the exact names of the attribute statements from Okta and save them, as they are required to configure the Cortex XSOAR SSO integration. In the example above, the names are FirstName, LastName, Email, and memberOf. The attribute name are case sensitive.

  1. In Okta, from your Cortex XSOAR application page, click View SAML setup instructions. If you do not see this button, verify you are on the Sign On tab of the application.

  2. Copy and save the values for Identity Provider Single Sign-On URL , Identity Provider Insurer, and the X.509 Certificate. These values are needed to configure your Cortex XSOAR SSO Integration.

  1. In Cortex XSOAR, go to Settings & InfoSettingsAccess ManagementAuthentication Settings.

  2. In the Login Options tab, toggle SSO Disabled to on.

    By default, SSO is disabled in Cortex XSOAR.

  3. Expand the SSO Integration settings.

  4. Use the following table to complete the SSO Integration settings, based on the values you saved from Okta.

    Okta

    Cortex XSOAR Field

    Identity Provider Single Sign-On URL

    IdP SSO URL

    Identity Provider Issuer

    IdP Issuer ID

    X.509 Certificate

    X.509 Certificate

  5. In the IdP Attributes Mapping section, enter the attribute names from Okta. The names are case-sensitive and must match exactly.

  6. Save your settings.

  1. Select Settings & InfoSettingsAccess ManagementUser Groups.

  2. Right-click a user group and select Edit Group.

  3. In the SAML Group Mapping field add the Okta group(s) that should be associated with this user group. Multiple groups should be separated with a comma. The Okta group name must match the exact value sent in the token.

  4. Save your settings.

  5. Repeat for each user group.

  1. Go to the Cortex XSOAR tenant URL and Sign-In with SSO.

    Note

    When using SAML 2.0, users are required to authenticate by logging in directly at the tenant URL. They cannot log in via the Cortex Gateway.

  2. After authentication to Okta, you are redirected again to the Cortex XSOAR tenant.

  3. Once logged in, validate that you have been assigned the proper roles.

    To view your role and any user group role in which you belong, click your name in the bottom left-hand corner, and click About.