Add user roles, disable users, hide users, and deactivate users in Cortex Gateway.
In Cortex Gateway, on the Permissions page (Cortex Gateway → Permission Management), you can manage users that have been added to your Customer Support Portal account or view users that have been created in the tenant using SSO (you cannot edit SSO users in Cortex Gateway).
Note
To remove users that were added to your CSP account, you need to do this in the CSP and not in Cortex Gateway.
The Permission page is split into the following:
Users tab: View user information according to your Customer Support Portal account including groups, roles, user types, and tenants assigned. When right-clicking a user, you can perform actions such as editing roles, deactivating users, and removing or adding roles.
Tenants tab: View tenants according to the Cortex product and manage users who have access to each tenant.
Update a user's role if the user was added to the CSP. You can add the following roles:
Pre-defined roles: Instance Administrator and Account Admin.
Custom roles: Includes out-of-the-box roles and roles created in Cortex Gateway or the tenant.
You can add/update roles by either selecting the users in the Users tab or by tenants in the Tenants tab.
Note
To update the permissions attributable to each role, you need to change them in the tenant or the Roles tab in Cortex Gateway.
If users have been created in the CSP, but you want them to access the tenant through SSO only, you should not assign a direct role. If you sign a direct role, users can access the tenant through both the CSP and SSO.
If no role is assigned either directly or through a user group, users cannot view or edit in the Cortex tenant.
You can update user roles for one or multiple users.
From the Permissions page, in the Users tab, do one of the following:
If editing one user, right-click the user's name and select Update Permissions or Add Permissions (if no role).
If editing multiple users, select multiple users, and in the right-hand corner, outside the table, click the edit button.
In the Update user role window, if you want the user to have super user permission across all tenants, select Apply the Account Admin role.
We do not recommend creating additional Account Admins as the user has full access to all tenants across all Cortex products. Account Admin is a special role that is automatically assigned to the Customer Support Portal Super User.
If you have multiple Cortex products, select the product for which you want to change permissions.
In the AVAILABLE TENANTS field, select the tenant where you want to add the user's role.
In the Role field, select one of the following:
Predefined role
Custom role
Save the user role.
You can update user roles according to each Cortex XSOAR tenant or multiple tenants.
Note
If you are updating multiple tenants at one time, you can only add predefined roles or roles created in Cortex Gateway (not custom roles created in the tenant).
In the Permissions page, select the Tenants tab.
If updating a single tenant, right-click the tenant and select Update Permissions.
If updating multiple tenants, select the multiple tenants, and in the right-hand corner, outside the table, click the edit button.
Select the role you want to add.
If selecting multiple tenants, you can only add predefined and custom roles created in Cortex Gateway. If you want to add custom roles created in a tenant, you need to select only one tenant.
Select the users.
Save the role.
If a user has a role in the tenant, you can remove their user permission to access each tenant. If no direct or user group role has been assigned, the user role displays No Role, and has no permission to view or edit on Cortex XSOAR.
From the Permissions page, in the Users tab, right-click the user's name and select Remote Permissions.
Do one of the following:
Remove permissions for all tenants, by clicking Select All Tenants.
To remove permissions for specific tenants, click the name field to select the tenants you want the user to be deactivated from.
Click Remove.
Deactivate users for all or one or more tenants, if they no longer need access, but may need it again at a later date. All user information is maintained for deactivated users. Users should be permanently removed if they no longer have access to the system through the CSP. The deactivated user appears grayed out. To reactivate follow the same steps in this procedure.
Note
You cannot deactivate a user who has an Account Admin role or who is not assigned access to a tenant. If you want to deactivate an Account Admin user role, right-click the user and select Remove User Permissions. You can then deactivate the user.
If the user is assigned to incidents or tasks or is the owner of a dashboard, these assignments do not automatically change when the user is removed or deactivated. We recommend changing incident and task assignments manually before removing or deactivating users.
Any reports the user has created remain available. Reports are not owned by specific users and can be edited or deleted by other users.
In the Cortex XSOAR tenant, before you deactivate a user:
Reassign open incidents to another user.
Go to the Incidents page and search for
-status:closed owner:
to find any incidents the user is assigned and reassign.user_name
Reassign tasks to another user.
Go to the Incidents page and search for
-status:closed investigation.users:
and reassign.user_name
When a user is assigned a task in an incident, the user is added to the incident. This search finds all incidents where the user is a participant.
From the Permissions page, in the Users tab, right-click the user's name and select Deactivate User.
Click Select All Tenants.
To select specific tenants, click the name field to select the tenants you want the user to be deactivated from.
Click Deactivate.
Hides users from the user list in Cortex Gateway. This is useful when you have users who are not related to Cortex XSOAR and will not be designated with a Cortex XSOAR role, such as CSP Super Users, and you want to hide them from the list. When a user is designated as hidden, the user is no longer displayed when the table is configured to Show User Subset (default configuration).
You cannot view the user or search for the user when hidden. To show hidden users, deselect Show User Subset. To remove the hidden user tag, right-click the user and select unhide the user.