Manage User Groups - Cortex Gateway Admin Guide - Cortex - Cortex - Security Operations

Cortex Gateway Administrator Guide

Product
Cortex
Creation date
2023-03-23
Last date published
2024-02-26
Category
Cortex Gateway Admin Guide
Abstract

Cortex Gateway enables you to manage user groups for all Cortex products - Cortex XDR/XSIAM, Cortex XSOAR and Cortex XPANSE.

In the User Groups page, you can manage user groups for a specific tenant.

At the top of the page, you can perform the following actions.

The User Groups table provides the following fields of information.

  • Group Name—Name of the user group.

  • Description —Description of the user group.

  • Role—Lists the group role associated with this user group. You can only have a single role designated per group.

  • Users—Lists all the users belonging to this user group.

    Note

    The user has a union of all scopes from all memberships if they are a part of multiple groups.

  • Nested Groups—Lists any nested groups associated with this user group.

  • IDP Groups—When single sign-on is enabled for the Cortex product, this column indicates your organization's Identity Provider (IdP) groups that are automatically mapped to the user group.

  • Insert Time—Date and time when the user group was added.

  • Update Time—Date and time of when the user group was last updated.

  • Source—Displays the source of the user group as either a user group imported from Active Directory or a Custom user group created in the Cortex product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE.

You can also pivot (right-click) from rows and specific values in the table, where a number of different options are available to help you manage your user groups for the selected Cortex product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE from this page.

  • Save an existing group as a new group.

  • Edit a group.

  • Remove a group.

  • Copy text to clipboard.

  • Copy the entire row.

  1. Select Permissions ManagementUser Groups.

    In the User Groups page, a number of different options are available to help you manage user groups.

  2. Manage your user groups for the selected product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE.

    The following options are available to help you manage user groups, which you can perform on one or more user groups at a time.

    • Create a new user group for a number of different system users or groups.

      1. Select New Group.

      2. Set the following parameters in the New Custom Group window.

        -Specify the Name and Description for the user group.

        -Role—(optional) Select a role that you want to designate for this user group, where only a single role can be assigned to a group.

        -Users—(optional) Select the user(s) that you want to belong to this user group, where you can also use the search field to narrow down the list of users.

        -Nested Groups—(optional) Select the nested group(s) that you want to be associated with this user group.

        -SAML Group Mapping—(optional) Specify the name of the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in the selected product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE. This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

      3. Create the user group.

    • Save an existing group as a new group.

      1. Select the user group or right-click the user group, and select Save as New Group.

      2. Set the following parameters in the New Custom Group window.

        -Specify the Name and Description for the user group.

        -Role—Leave the designated role or select a new role that you want to designate for this user group.

        -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

        -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

        -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in the selected product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE, or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

      3. Create the user group.

        1. Select the user group or right-click the user group, and select Edit Group.

        2. Set the following parameters in the Edit Custom Group window.

          -Update the Name and Description for the user group.

          -Role—Leave the designated role or select a new role that you want to designate for this user group.

          -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

          -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

          -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in the selected product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE, or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

        3. Save your changes.

    • Edit a user group.

      1. Select the user group or right-click the user group, and select Edit Group.

      2. Set the following parameters in the Edit Custom Group window.

        -Update the Name and Description for the user group.

        -Role—Leave the designated role or select a new role that you want to designate for this user group.

        -Users—Leave the current user(s) or select the user(s) that you want to belong to this user group. You can also use the search field to narrow down the list of users.

        -Nested Groups—Leave the current nested group(s), select the nested group(s) that you want to be associated with this user group, or remove all nested groups if you don’t want any defined.

        -SAML Group Mapping—Leave the current IdP group name, specify the group(s) in your organization’s Identity Provider (IdP) that you want to automatically map to this user group in the selected product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE, or remove all IdP groups if you don’t want any defined. This option is only displayed when single sign-on is enabled.

        Note

        When using Azure AD for SSO, the SAML group mapping needs to be provided using the group object ID (GUID) and not the group name.

      3. Save your changes.

    • Remove a user group.

      1. To remove more than one user group, select the user groups, right-click, and select Remove Groups.

        To remove one user group, select the user group or right-click the user group, and select Remove Group.

      2. Click Delete in the window that is displayed.

    • Copy text to clipboard to copy text from a specific row field in the row of a user group.

    • Copy entire row to copy the text from all the fields in a row of a user group.