Configure the SAML 2.0 Integration for Azure
Follow these instructions to configure an instance of
SAML 2.0 integration for Microsoft Azure in Cortex XSOAR servers.
You need to Configure Microsoft Azure to Authenticate Cortex XSOAR and then you
can configure an integration instance for SAML 2.0 in Cortex XSOAR.
- Create a SAML 2.0 integration instance.
- Go to .
- Search forSAML 2.0and clickAdd instanceto configure a new integration.
- Add the metadata/URL parameters from Azure to Cortex XSOAR.Cortex XSOAR fieldAzure Portal fieldService Provider Entity IDIdentifier (Entity ID)(Basic SAML Configuration Section)IdP metadata URLApp Federation Metadata URL(SAML Signing Certificate Section)Idp SSO URLLogin URL(SAML Signing Certificate section)The following Azure metadata/URL information has been added to the SAML 2.0 attributes in Cortex XSOAR:
- In the following fields, copy the Azure attributes exactly how they appear in Azure (in Azure, go to ). For example, in theAttribute to get emailfield, typehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.In this example, we have the following Claim Names:
Cortex XSOAR SAML 2.0 fieldAzure Portal Claim Name ExamplesAttribute to get usernamehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameAttribute to get emailhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressAttribute to get first namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAttribute to get last namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameAttribute to get groupshttp://schemas.microsoft.com/ws/2008/06/identity/claims/roleAdd the phone attribute, if required. - Select theVerify the Idp response signatureand add theIdp Public certificate, which you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR.If your Identity Provider requires signed authentication requests, selectSign requestand input the public/private certificate pair generated for Cortex XSOAR.
- Select the ADFS and Compress encode URL (ADFS) checkboxes.
- In theService Identifier (ADFS)field, copy the characters after theappidvalue, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate).
- In theIdP Single Logout URL, from Azure, copy the Logout URL (section 4).
- In theSingle Logout Service Endpointadd the details in the following format:https://<cortex xsoar-url>/saml-logout
- To verify that the settings are successful, in the instance settings, clickGet service provider metadata.For a full list and descriptions of the fields, see SAML 2.0 Azure ParametersIf you ClickTesta bug is issued similar to this:
You need to login with a user to test the instance. It is recommended to test this also on the Azure app, as there are detailed error reports and troubleshooting.
- Map the Azure groups to Cortex XSOAR roles.
- In Microsoft Azure, select .
- Copy theObject ID.For example, we created a group, called XSOAR Administrator.
- In Cortex XSOAR, go to .
- Create or edit an existing role, as described in Define a Role.
- ClickSave.
