End-of-Life (EoL)

Self-Service Read-Only Users

The self service read-only users feature provides users who do not have an account and at least one role mapped in Cortex XSOAR the ability to access Cortex XSOAR in a very limited capacity.
Self service read-only users can:
  • create incidents
  • view their own incidents
  • add notes and attachments to their incidents
  • view the dashboards created for them by the administrator
An example of an incident that a self service read-only user could create is to report that they lost their laptop.
Self-service read-only users can only view their own data. They cannot start an investigation, create dashboard or reports, or change anything in incidents they create.
In order to create notes, the self service read-only user must mark the
Mark as a note
It is recommended, but not required, that read-only users have an existing account in the company’s enterprise directory and Cortex XSOAR configured to authenticate and authorize read-only users using the same the same enterprise directory with LDAP, AD, or SAML authentication protocols.
A user is considered as a read-only user if it has no role associated with the Cortex XSOAR users settings.
To enable the self service read-only user feature, Cortex XSOAR administrators need to:
  • Set server configuration parameters to:
    • Allow authenticated users without roles to access the home page.
    • Define the list of dashboards such users have access to.
  • Create self service read-only incident types. Since self service read-only users cannot initiate an investigation, the playbooks associated with these incident types should run automatically
  • Create self service read-only users if no enterprise directory is configured with Cortex XSOAR.
  • Create incident layouts for self service read-only users and allow read-only users to access the incidents tabs containing such layouts.
  • Create and share dashboards for read-only users.

Recommended For You