Configure Communication Task Authentication - Playbook Design Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Playbook Design Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-21
Last date published
2024-09-22
Category
Playbook Design Guide
Abstract

Configure user authentication for a communication task.

When sending a form in a communication task, you can configure user authentication to ensure only authorized users gain access to the form.

The authorized users are usually external users not in Cortex XSOAR, and they will not be able to access anything else in Cortex XSOAR.

Set up playbook communication task authentication
  1. Define in your IdP (for example, Okta) a dedicated group of external users who you want to authenticate.

  2. Select Settings & InfoSettingsAccess ManagementAuthentication Settings.

  3. In the Communication Task Authentication tab, toggle to Enable Communication task SSO Connection. Set the following parameters using your organization’s IdP.

    • General

      Parameter

      Description

      Single Sign-on URL

      Indicates your SSO URL, which is a fixed, read-only value based on your tenant's URL using the format https://<name of Cortex-XSOAR>.paloaltonetworks.com/idp/saml. For example, https://tenant1.xsoar.paloaltonetworks.com/idp/saml

      You need this value when configuring your IdP.

      Audience URI (SP Entity ID)

      Indicates your Service Provider Entity ID, also known as the ACS URL. It is a fixed, read-only value using the format, https://<name of Cortex-XSOAR>.paloaltonetworks.com. For example https://tenant1.xdr.paloaltonetworks.com.

      You need this value when configuring your organization’s IdP.

      IdP SSO URL

      Specify your organization’s SSO URL, which is copied from your organization’s IdP.

      IdP Issuer ID

      Specify your organization’s IdP Issuer ID, which is copied from your organization’s IdP.

      X.509 Certificate

      Specify your X.509 digital certificate, which is copied from your organization’s IdP.

    • IdP Attribute Mappings

      These IdP attribute mappings are dependent on your organization’s IdP.

      Parameter

      Description

      Email

      Specify the email mapping according to your organization’s IdP.

      Group Membership

      Specify the group membership mapping according to your organization’s IdP.

      First Name

      Specify the first name mapping according to your organization’s IdP.

      Last Name

      Specify the last name mapping according to your organization’s IdP.

    • Advanced Settings (Optional)

      The following advanced settings are optional to configure and some are specific for a particular IdP.

      Parameter

      Description

      Relay State

      (Optional) Specify the URL for a specific page that you want users to be directed to after they’ve been authenticated by your organization’s IdP and log in to Cortex XSOAR.

      IdP Single logout URL

      (Optional) Specify your IdP single logout URL provided from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSOAR, the identity provider logs the user out of all applications in the current identity provider login session.

      SP Logout URL

      (Optional) Indicates the Service Provider logout URL that you need to provide when configuring single logout from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSOAR, the identity provider logs the user out of all applications in the current identity provider login session. This field is read-only and uses the following format https://<name of Cortex-XSOAR>.paloaltonetworks.com/idp/logout, such as https://tenant1.xsoar.paloaltonetworks.com/idp/logout.

      Service Provider Public Certificate

      (Optional) Specify your organization’s IdP service provider public certificate.

      Service Provider Private Key (Pem Format)

      (Optional) Specify your organization’s IdP service provider private key in Pem Format.

      Remove SAML RequestedAuthnContext

      (Optional) (Optional) Requires users to log in to Cortex XSOAR using additional authentication methods, such as biometric authentication.

      Selecting this removes the error generated when the authentication method used for previous authentication is different from the one currently being requested. See here for more details about the RequestedAuthnContext authentication mismatch error.

      Force Authentication

      (Optional) Requires users to reauthenticate to access the Cortex XSOAR tenant if requested by the idP, even if they already authenticated to access other applications.

  4. In the Task details of your playbook communication task, check Require users to authenticate to have your SAML or AD authenticate the recipient before allowing them access to the form.

    playbook-comm-task-authenticate-2.png