1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Administrator’s Guide
    5. Users and Roles
    6. Authenticate Users with SAML 2.0
    7. Set up MS Azure as the Identity Provider Using SAML 2.0
    8. Configure the SAML 2.0 Integration for Azure
    9. SAML 2.0 Azure Parameters
    End-of-Life (EoL)

    SAML 2.0 Azure Parameters

    Describes the SAML 2.0 parameters for Azure as an identity provider.
    The following table describes the SAML 2.0 parameters for Azure, when adding a new instance in Cortex XSOAR:
    Attribute
    Description
    Name
    A name for the integration instance.
    Service Provider Entity ID
    The URL of your Cortex XSOAR server (also known as an ACS URL). In the format:
    https://yourdomain.com/saml
    IdP metadata URL
    URL of your organization’s IdP metadata file. You can copy this from the
    App Federation Metadata URL
     in the
    SAML Signing Certificate
     in Azure.
    IdP metadata file
    Your organization’s IdP metadata file. You either need to add the IdP metadata URL or the file.
    IdP SSO URL
    The URL of the IdP application that corresponds to Cortex XSOAR. You can copy this from the
    Login URL
    field in the
    SAML Signing Certificate
     section.
    Attribute to get username
    Attribute in your IdP for the user name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    .
    Attribute to get email
    Attribute in your IdP for the user's email address. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    .
    Attribute to get first name
    Attribute in your IdP for the user's first name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    .
    Attribute to get last name
    Attribute in your IdP for the user's last name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    .
    Attribute to get phone
    (
    Optional
    ) Attribute in your IdP for the user's phone number, if available. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone
    .
    Attribute to get groups
    Attribute in your IdP for the groups of which the user is a member. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
    http://schemas.microsoft.com/ws/2008/06/identity/claims/role
    .
    Groups delimiter
    Groups list separator. Value:
    “,”
    Default role (for IdP users without groups)
    Role to assign to the user when they are not a member of any group. For example,
    Analyst
    .
    RelayState
    Only used by certain IdPs. If your IdP uses relay state, you need to supply the relay state.
    Sign request and verify response signature
    Method for the IdP to verify the user sign-in request and request using the IdP vendor certificate.
    IdP public certificate
    The Certificate (Base64) you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR.
    IdP private key (pem format)
    Private key for your IdP, in PEM format. Created locally by the user who wants to use SAML. The public key is uploaded to Azure.
    Do not validate server certificate (insecure)
    If you are use a self-signed certificate for the Azure server you can use this checkbox.
    Use system proxy settings
    Select the check box to use proxy settings.
    ADFS
    Whether the server uses ADFS.
    Compress encode URL (AFDS)
    (
    Manadatory
    ) Select the check box to compress encode URL (AFDS). If not, you may receive a
    Decoding Flat
     error during connection.
    Service identifier (AFDS)
    Add the
    appid
     value, which can be found at the end of the IdP metadata URL. For example,
    https://login.microsoftonline.com/934a6d32-9550be/federationmetadata/2007-06/federationmetadata.xml?appid=b0331331-f15b-4a32-9f48-19158beb0340
    .
    Do not map SAML groups to Cortex XSOAR roles
    SAML groups are not mapped to Cortex XSOAR roles. Default roles are assigned and you can select them later.
    IdP Single Logout URL
    This functionality ends the user's session in Azure when logging out.
    Single Logout Service Endpoint
    The URL of the single logout Endpoint.
    Single logout - specify Name ID Format
    Specify the ID format if using a single logout.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo