End-of-Life (EoL)

SAML 2.0 Azure Parameters

Describes the SAML 2.0 parameters for Azure as an identity provider.
The following table describes the SAML 2.0 parameters for Azure, when adding a new instance in Cortex XSOAR:
Attribute
Description
Name
A name for the integration instance.
Service Provider Entity ID
The URL of your Cortex XSOAR server (also known as an ACS URL). In the format:
https://yourdomain.com/saml
IdP metadata URL
URL of your organization’s IdP metadata file. You can copy this from the
App Federation Metadata URL
in the
SAML Signing Certificate
in Azure.
IdP metadata file
Your organization’s IdP metadata file. You either need to add the IdP metadata URL or the file.
IdP SSO URL
The URL of the IdP application that corresponds to Cortex XSOAR. You can copy this from the
Login URL
field in the
SAML Signing Certificate
section.
Attribute to get username
Attribute in your IdP for the user name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
.
Attribute to get email
Attribute in your IdP for the user's email address. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
.
Attribute to get first name
Attribute in your IdP for the user's first name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
.
Attribute to get last name
Attribute in your IdP for the user's last name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
.
Attribute to get phone
(
Optional
) Attribute in your IdP for the user's phone number, if available. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone
.
Attribute to get groups
Attribute in your IdP for the groups of which the user is a member. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
.
Groups delimiter
Groups list separator. Value:
“,”
Default role (for IdP users without groups)
Role to assign to the user when they are not a member of any group. For example,
Analyst
.
RelayState
Only used by certain IdPs. If your IdP uses relay state, you need to supply the relay state.
Sign request and verify response signature
Method for the IdP to verify the user sign-in request and request using the IdP vendor certificate.
IdP public certificate
The Certificate (Base64) you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR.
IdP private key (pem format)
Private key for your IdP, in PEM format. Created locally by the user who wants to use SAML. The public key is uploaded to Azure.
Do not validate server certificate (insecure)
If you are use a self-signed certificate for the Azure server you can use this checkbox.
Use system proxy settings
Select the check box to use proxy settings.
ADFS
Whether the server uses ADFS.
Compress encode URL (AFDS)
(
Manadatory
) Select the check box to compress encode URL (AFDS). If not, you may receive a
Decoding Flat
error during connection.
Service identifier (AFDS)
Add the
appid
value, which can be found at the end of the IdP metadata URL. For example,
https://login.microsoftonline.com/934a6d32-9550be/federationmetadata/2007-06/federationmetadata.xml?appid=b0331331-f15b-4a32-9f48-19158beb0340
.
Do not map SAML groups to Cortex XSOAR roles
SAML groups are not mapped to Cortex XSOAR roles. Default roles are assigned and you can select them later.
IdP Single Logout URL
This functionality ends the user's session in Azure when logging out.
Single Logout Service Endpoint
The URL of the single logout Endpoint.
Single logout - specify Name ID Format
Specify the ID format if using a single logout.

Recommended For You