Set up and configure roles and user groups in the Cortex tenant and Cortex Gateway. Configure authentication and manage users.
Cortex uses role-based access control (RBAC) to manage roles with specific permissions for controlling user access. RBAC helps manage access to components, so that users, based on their roles, are granted the minimal access required to accomplish their tasks.
You can create or configure roles, users, and user groups in Cortex Gateway, the Cortex tenant, or both. For example, create a Manager role in Cortex Gateway, which enables you to maintain the Manager role in a central place with the same level of access for all tenants. If you are using SSO, you create a user group in the Cortex tenant that includes the Manager role, assign tenant users to this group, and map the user group to your SAML group.
Cortex Gateway and the Cortex tenant have different options and requirements.
Location | Details |
---|---|
Cortex Gateway | A centralized portal for managing roles, user groups, and users for all tenants. Any roles and user groups created in Cortex Gateway are available for all tenants. Only users with the Account Admin role can manage roles, tenants, and user groups in Cortex Gateway. |
Cortex tenant | (Recommended) All permissions and roles are specific to the tenant and exist only at the tenant level. Advanced settings such as default dashboards, queries, and shift management can only be defined per role at the tenant level. Only user groups created on the tenant can be mapped to SAML groups when using SAML SSO. You need the Account Admin or Instance Administrator role to manage roles, users, and user groups. |
Roles
Roles enable you to define permissions for specific components, such as incident data, playbooks, scripts, and jobs. For example, you can create a role that allows users to edit the properties of incidents, but not delete incidents. You can create new roles or customize out-of-the-box roles.
If you assign one or more roles to an incident, only users with those roles can view and interact with the incident. For example, you might have an incident with sensitive data that should only be accessible to Tier-1 analysts and managers.
Roles can also be used to define permissions for integration commands. On the
page, you can assign roles to specific integration instances (all commands for that instance) or specific integration instance commands. For example, you could assign the integration instance the Account Admin role, or you could restrict certain commands in the to a specific role. For more information, see Integration Permissions.User groups
While roles can be assigned directly to users, we recommend instead creating user groups. Each user group has a single role associated with it, but each user group can contain multiple users and user groups can be nested within each other, enabling you to further refine your RBAC requirements. Users can belong to multiple user groups.
Nested roles
Cortex XSOAR 8 uses group nesting, where the group with higher permissions includes the permissions of the group with lower permissions, but as a subset of the group with lower permissions. For example, the Admin user group is included as a subset of the Analyst user group, as shown in the following graphic. The Admin role includes the permissions of the Analyst role, the same as in Cortex XSOAR 6.
For example, Content Developer and Analyst user groups include Employee user group permissions, and are nested in the Employee user group.
Authentication
You can create users in the Customer Support Portal or by using SAML Single Sign-On (SSO) in the tenant. After you create users, they authenticate by doing the following:
Authenticate through the Customer Support Portal
Authenticate by using SAML Single Sign-On (SSO) in the Cortex tenant
Manage users
In Cortex Gateway, you can manage users who have been created in the Customer Support Portal or view users who have been created using SSO. In the Cortex tenant, you can manage both sets of users.
By default, users do not have roles assigned and do not automatically have access to tenant data until you assign them a role or add them as members of a user group that has an assigned role.
Further information
For more information about setting up user authentication and users and roles, see the User Authentication, Roles and User Groups video.