Step 4. Set up users and roles - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-04
Category
Administrator Guide
Solution
Cloud
Abstract

Set up and configure roles and user groups in Cortex XSOAR and Cortex Gateway. Configure authentication and manage users.

Cortex uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to components, so that users, based on their roles, are granted the minimal access required to accomplish their tasks.

You can create or configure roles, users, and user groups in Cortex Gateway, the Cortex tenant, or both. For example, create a Manager role in Cortex Gateway, which enables you to maintain the Manager role in a central place with the same level of access for all tenants. If you are using SSO, you create a user group in the Cortex tenant that includes the Manager role, assign tenant users to this group, and map the user group to your SAML group.

Cortex Gateway and the Cortex tenant have different options and requirements.

Location

Details

Cortex Gateway

A centralized portal for managing roles, user groups, and users for all tenants. Any roles and user groups created in Cortex Gateway are available for all tenants.

Only users with the Account Admin role can manage roles, tenants, and user groups in Cortex Gateway.

Cortex tenant

(Recommended) All permissions and roles are specific to the tenant and exist only at the tenant level. Advanced settings such as default dashboards, queries, and shift management can only be defined per role at the tenant level. Only user groups created on the tenant can be mapped to SAML groups when using SAML SSO.

You need the Account Admin or Instance Administrator role to manage roles, users, and user groups.

Task 1. Create roles

Roles enable you to define permissions for specific components, such as incident data, playbooks, scripts, and jobs. For example, you can create a role that allows users to edit the properties of incidents, but not delete incidents. You can create new roles or customize out-of-the-box roles.

If you assign one or more roles to an incident, only users with those roles can view and interact with the incident. For example, you might have an incident with sensitive data that should only be accessible to Tier-1 analysts and managers.

Roles can also be used to define permissions for integration commands. On the Integration Permissions page, you can assign roles to specific integration instances (all commands for that instance) or specific integration instance commands. For example, you could assign the Generic Export Indicators Service integration instance the Account Admin role, or you could restrict certain commands in the Core Rest API to a specific role. For more information, see Integration Permissions.

  1. Review out-of-the-box roles and role-based permissions.

  2. Create roles in Cortex Gateway.

  3. Create roles in Cortex XSOAR

For more information about out-of-the-box roles, permissions, and how to create roles, see Roles management.

Task 2. Create user groups

While roles can be assigned directly to users, we recommend instead creating user groups. Each user group has a single role associated with it, but each user group can contain multiple users and user groups can be nested within each other, enabling you to further refine your RBAC requirements. Users can belong to multiple user groups.

For more information about user groups and how to create them, see User group management.

After adding users, assign those users to user groups or assign a direct role.

Task 3. Set up authentication

You can create users in the Customer Support Portal or by using SAML Single Sign-On (SSO) in the tenant. After you create users, they authenticate by doing the following:

  • Authenticate through the Customer Support Portal

  • Authenticate by using SAML Single Sign-On (SSO) in the Cortex tenant

For more information about setting up authentication, see Set up authentication.

Task 4. Manage users

In Cortex Gateway, you can manage users who have been created in the Customer Support Portal or view users who have been created using SSO. In the Cortex tenant, you can manage both sets of users.

By default, users do not have roles assigned and do not automatically have access to tenant data until you assign them a role or add them as members of a user group that has an assigned role.

For more information about how to manage users, see User management.

Further information

For more information about setting up user authentication and users and roles, see Users and roles in Cortex XSOAR. Also check out the User Authentication, Roles, and User Groups video.