Create user groups and roles, manage users in the Main Tenant, and Authenticate users using SAML 2.0 or the Cortex Gateway in a multi-tenant deployment
Cortex uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to components, so that users, based on their roles, are granted the minimal access required to accomplish their tasks.
You can create or configure roles, users, and user groups in Cortex Gateway, the Cortex XSOAR Tenant, or both. For example, create a Manager role in Cortex Gateway, which enables you to maintain the Manager role in a central place with the same level of access for all tenants. If you are using SSO, you create a user group in the Cortex XSOAR tenant that includes the Manager role, assign tenant users to this group and map the user group to your SAML group.
Cortex Gateway and the Cortex tenant have different options and requirements.
Location | Details |
---|---|
Cortex Gateway | A centralized portal for managing roles, user groups, and users for all tenants. Any roles and user groups created in Cortex Gateway are available for all tenants. Only users with the Account Admin role can manage roles, tenants, and user groups in Cortex Gateway. If the roles and user groups are created in the Cortex Gateway, roles, permissions, and user groups are propagated to child tenants, not if they are created in the Main Tenant. |
Cortex XSOAR Tenant | All permissions and roles are specific to the tenant and exist only at the tenant level. Advanced settings such as default dashboards, queries, and shift management can only be defined per role at the tenant level. Only user groups created on the tenant can be mapped to SAML groups when using SAML SSO. You need the Account Admin or Instance Administrator role to manage roles, users, and user groups. You can't create roles and user groups in child tenants when accessing the child tenant from the Main Tenant. Any role or user group created on the Main Tenant does not propagate to the child tenant. |