User Authentication - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Authenticate Cortex XSOAR users in the Cortex XSOAR tenant via SAML 2.0 or via the Customer Support Portal.

After you activate your tenant, you can authenticate users by doing one or both of the following options:

  • User authentication in the Customer Support Portal

    When you create a Customer Support Portal (CSP) account you can set up two factor authentication (2FA) to log into the CSP, by using one of the following:

    • Email

    • Okta Verify

    • Google Authenticator (non FedRAMP accounts)

    For more information about setting up 2FA in the CSP, see Two Factor Authentication (2FA) Overview. You can also add an IdP, which is recommended. See How to Enable a Third Party IdP.

    When you add users to the CSP account, they are added as users in the Cortex Gateway and in the tenant. The Cortex Gateway is a centralized portal for managing tenants, users, roles, and user groups. By default users have access to the Cortex Gateway, but cannot make any changes in the Cortex Gateway unless they are Account Admins and cannot access a tenant until they are assigned a role or group role.

    For more information about how to create users in the CSP, see How a Super User Creates a New Customer Support Portal User Account.

    When users log into the Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the CSP using their username and password including 2FA (if set up). This is the default method of authentication.


    If you have multiple Cortex XSOAR tenants, you will need to repeat this task for each tenant. The activation process includes accessing the gateway, activating the tenant, and then accessing the tenant.

    To manage users, roles and user groups in the Cortex Gateway, see Permission Management in the Cortex Gateway.

  • SAML Single Sign On in the Cortex XSOAR tenant

    In the Cortex XSOAR tenant, users can be authenticated using your IdP provider such as Okta, Ping, or Azure AD. You can use any IdP that supports SAML 2.0. You define Cortex XSOAR authentication in your identity provider’s account and configure the SSO settings in Cortex XSOAR.


    • You can view SSO users from the Cortex Gateway, but SSO users do not have access to the Cortex Gateway.

    • You can have multiple IdPs with separate SSO configurations on a tenant.

    There are many advantages of setting up SSO in the tenant rather than relying on CSP authentication.

    • Removes the administrative burden of requiring separate accounts to be configured through the Customer Support Portal.

    • Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex XSOAR.

    • Maps SAML group memberships to Cortex XSOAR user groups and roles, allowing you manage role based access control.

    • Removes access to Cortex XSOAR when a user is removed or disabled in the IdP.

If you want to rely on CSP authentication, it is useful where you have one CSP account and want the same users to have permissions in several tenants.

For multi-tenant accounts, we recommend you review User Authentication for Multi-Tenant Deployments in the Multi-Tenant guide.