Set up Azure AD as the Identity Provider Using SAML 2.0 - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-04
Category
Administrator Guide
Solution
Cloud

This topic provides specific instructions for using Azure AD to authenticate your Cortex XSOAR users. As Azure AD is third-party software, specific procedures, and screenshots may change without notice. We encourage you to also review the Azure AD documentation.

To configure SAML SSO in Cortex XSOAR, you must be a user who can access the Cortex XSOAR tenant and have either the Account Admin or Instance Administrator role assigned.

The following video is a step-by-step guide configuring SSO in Cortex XSOAR (specific Azure AD instructions begin at minute 12:42).

Within Azure AD, assign users to security groups that match the user groups they will belong to in Cortex XSOAR. Users can be assigned to multiple Azure AD groups and receive permissions associated with multiple user groups in Cortex XSOAR. Use an identifying word or phrase, such as Cortex XSOAR, within the group names. For example, Cortex XSOAR Analysts. This allows you to send only relevant group information to Cortex XSOAR, based on a filter you will set in the group attribute statement.

  1. In Cortex XSOAR go to Settings & Info → Settings → Access Management → Authentication Settings.

  2. In the Login Options tab, toggle SSO Disabled to on.

    By default, SSO is disabled in Cortex XSOAR.

  3. Expand the SSO Integration settings.

  4. Copy and save the values for Single Sign-On URL and Audience URI (SP Entity ID).

    Both values are needed to configure your IdP settings.

    Important

    When copying the Single Sign-On URL value, remove idp/saml and leave the trailing /.

    For example, if the Single Sign-On URL is https://clientname.panproduct.region.paloaltonetworks.com/idp/saml, just copy https://clientname.panproduct.region.paloaltonetworks.com/.

  5. You cannot save the enabled SSO Integration at this time, as it requires values from your IdP.

  1. From within Azure AD, create a Cortex XSOAR application and Edit the Basic SAML Configuration.

    Azure-Basic-SAML-8.png
  2. Paste the Single sign-on URL and the Audience URI (SP Entity ID) that you copied from the Cortex XSOAR SSO settings. The Single sign-on URL from Cortex XSOAR should be pasted in the Reply URL and the Sign on URL fields. The Audience URI (SP Entity ID) value from Cortex XSOAR should be pasted in the Identifier (Entity ID) and Relay State fields. This allows users to log in to Cortex XSOAR directly from Azure AD.

    azure-basic-saml.png
  3. In the SAML Certificates section, click Edit and verify that Azure is configured to sign both the response and the assertion.

    Azure-Sign-Certificate-8.png
  4. To have Azure AD send group membership for the user in the SAML token, you must + Add a group claim in the Attributes & Claims section. Send the Security groups, using the source attribute Group ID. Use the word or phrase you selected when configuring Azure AD security groups (such as Cortex XSOAR) to create a filter. Customize the name of the group claim as memberOf.