Generate Client Credentials - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

Self-service client credentials enable Cortex Xpanse Expander administrators to generate and revoke API credentials.

Note

Cortex Xpanse is moving away from refresh tokens for API access credentials and implementing the OAuth2.0 standard client credentials grant type. Self-service client credentials are currently supported for the Cortex Xpanse SDK and custom integrations. You are not required to use client credentials at this time, but it is recommended. Support for client credentials for Cortex Xpanse-built integrations will be added in a future release. We will notify you when your Cortex Xpanse integration is ready for use with client credentials.

Self-service client credentials enable Cortex Xpanse Expander administrators to generate and revoke API credentials within the Expander UI. These credentials can be used for any API-related application, including the following:

  • Use of the Xpanse SDK

  • Use of custom integrations or scripts

  • Use of Xpanse integrations (Client credential support to be added in an upcoming release.)

To get started with self-service client credentials you must be an Expander administrator or reach out to your Cortex Xpanse CSM for access. There are two levels of permission associated with this feature:

  1. Individual client credentials permission — Allows you to create and revoke your own Cortex Xpanse client credentials.

  2. Administrator client credentials permission — Allows you to create and revoke your own Cortex Xpanse client credentials, and also view and revoke client credentials created by other users from your organization.

If you are unsure whether you have the necessary permission for generating client credentials, navigate to the Settings tab in Expander and look for the Client Credentials option in the left navigation pane.

  1. Navigate to the Settings tab, and select Client Credentials in the left navigation pane.

    client-credentials.png

    In the Client Credentials window, you will see the list of credentials that you previously created. If you have administrator-level client credentials permission, you will also see credentials that were generated by other users in your organization

  2. Click Generate Credentials.

    Note that each user is limited to 10 client credentials at any one time.

    The Client Credentials/Add New window opens.

    generate-credentials.png
  3. Enter a Client Name.

    Client names must be all lowercase. Your client name will be automatically prefixed with “xpanse_expander_”.

  4. Enter a Description that will provide additional context for yourself and other administrators in your organization regarding the purpose of this credential.

  5. Click Generate credentials.

    The Client Identifier and Client Secret will be displayed.

  6. Copy and securely store both the Client Identifier and Client Secret.

    You will not be given another opportunity to retrieve the Client Secret, and Cortex Xpanse has no access to the Client Secret. Be sure to follow your organizational policies with respect to the storage and use of your new credentials.

    Note

    If you misplace or lose your Client Secret, a new client credential must be generated. Cortex Xpanse has no way to retrieve your Client Secret.

You can now use your Cortex Xpanse client credential. For information about using your credentials with an Xpanse-supported integration, see the corresponding integration guide on the Palo Alto Networks Technology Partner portal.. For more information about using your credentials with the Xpanse SDK or a custom integration, see the Cortex Xpanse developer documentation.

If you want to revoke a Cortex Xpanse client credential, see Revoke Client Credentials.