End-of-Life (EoL)

Set up Microsoft Azure as the Identity Provider

Set up Microsoft Azure in Cortex XSOAR as the identity provider.
You can authenticate your Cortex XSOAR users using SAML 2.0 authentication and Microsoft Azure (Azure) as the identity provider. You need to authenticate Cortex XSOAR in your Azure account, and create a SAML 2.0 instance in Cortex XSOAR, by completing the following procedures:

Troubleshooting (generic - known errors)

The following are known issues when using Single sign on in Azure:
  • Method Not Allowed
    : Ensure the endpoint is used for the Service Provider Entity ID and Reply URL for the IdP and Service provider, in the format: https://demisto-dns/saml.
  • "{"id":"errSAMLLogin","status":400,"title":"Failed to login via SAML","detail":"Failed to login via SAML","error":"","encrypted":false,"multires":null}"
    : Most likely an attribute mapping issue. Ensure that all attributes that appear in Cortex XSOAR SAML 2.0 configuration are reflected in Azure claims and its associated SAML assertion. Attributes are case sensitive.
    You may also receive this message, if you select the
    Don’t map SAML groups to Demisto Roles
    checkbox and you do not define a role in
    Default role (for IdP users without groups)
    in the SAML2.0 configuration.
  • After connecting through SSO, a user may temporarily see the home screen, but immediately returns to the login page. The user does not have any group assigned, so he cannot login.
    Check the group mapping and see whether the
    memberOf
    attribute is correct. As a workaround, if you did not set the group mapping, you can use the
    Default role (for IdP users without groups)
    in the SAML2.0 configuration.

Recommended For You