User group management - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-12-12
Category
Administrator Guide
Solution
Cloud
Abstract

Create user groups, and assign roles and users to further refine your requirements,

Users are assigned roles and permissions either by being assigned a role directly or by being assigned membership in one or more user groups.  A user group can only be assigned to a single role, but users can be added to multiple groups if they require multiple roles. You can also nest groups to achieve the same effect.  Users who have multiple roles through either method will receive the highest level of access based on the combination of their roles.

For example:

  • Joe has an Analyst role and is a member of the Tier-1 Analyst user group, which is assigned the Triage role.  Joe has the permissions of the Analyst role and the Triage role. Joe is assigned 2 roles, and has the highest permission based on the combination of both roles.

  • John is a member of two user groups - Tier-1 Analyst and Tier-2 Analyst. One group is configured to use the Triage role and the other group is configured to use the Incident Response role.  John is assigned both roles and has the highest permissions based on the combination of all roles.

  • Jack is a member of the Tier-2 user group which has an Incident response role.  This user group is included in a Tier-3 user group (Threat Hunter role), added as a nested group.  Jack is assigned both roles and has the highest permissions based on the combination of all roles.

On the User Groups page, you can create a new user group for several different system users or groups. You can see information including the details of all user groups, the roles, nested groups, IdP groups (SAML), and when the group was created/updated.

You can also right-click in the table to edit, save as a new group, remove (delete) a group, and copy text to the clipboard.

Note

You can create user groups in the tenant or Cortex Gateway. User groups created in Cortex Gateway cannot be mapped to SAML groups. Only user groups that are created in the tenant support SAML group mapping. We recommend creating user groups in the Cortex tenant because user groups are available for all tenants and you may want different user groups in different tenants, such as dev/prod.

How to create a user group
  1. Go to Settings & InfoSettingsAccess ManagementUser Groups.

    If creating in Cortex Gateway, go to Permission ManagementUser Groups.

  2. To create a new user group for several different system users or groups, click New Group, and add the following parameters:

    Parameter

    Description

    Name

    Name of the user group.

    Description

    Description of the user group.

    Group for product

    (Cortex Gateway only) If you have multiple products, select the relevant Cortex product.

    Role

    Select the group role associated with this user group. You can only have a single role designated per group.

    In Cortex Gateway, you can only select either Instance Administrator or a custom role created in the Gateway.

    Users

    Select the users you want to belong to this user group.

    Note

    If users have been created in the CSP, but you want them to access the tenant through SSO only, skip this field and add only SAML group mapping after SSO is set up, otherwise, users can access the tenant through both the CSP and SSO.

    If you have not yet created any users, skip this field and add them later. See Set up authentication .

    Nested Groups

    Lists any nested groups associated with this user group. If you have an existing group you can add a nested group.

    User groups can include multiple users and nested groups, which inherit the permissions of parent user groups. The user group will have the highest level of permission.

    For example:

    • Group A has Tier-1 Analyst permissions

    • Group B has Tier-2 Analyst permissions

    If you add Group A as a nested group in Group B, Group A inherits Group B's permissions (Tier-1 and Tier-2 permissions).

    In Cortex Gateway, you can only add user groups that are created in Cortex Gateway.

    SAML Group Mapping

    (Relevant when creating a user group in the Cortex tenant only).

    Maps the SAML group membership to this user group. For example, you have defined a Cortex XSOAR Admins group. You need to name this group exactly how it appears in Okta.

    You can add multiple groups by separating them by a comma.

    Note

    When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

    If you have not set up SSO in your tenant, skip this field and add it later. After you have added it, follow the procedure relevant to your IdP. For example, see Set up Okta as the identity using SAML 2.0 .

  3. Create a new user group.