Configure Microsoft Azure to Authenticate Cortex XSOAR

In the Azure Portal, create new groups to match the Cortex XSOAR roles.
For example, Cortex XSOAR comes out of the box with Administrator, Analyst, Read-Only roles. We need to add these roles to Azure.
From the home page, select
Azure Active Directory
Groups
New Group
.
Add the Administrator group.

You can add existing users to this group now or at a later stage.
You can also allow Azure AD Group Owners to add or modify users in group. Groups can be manually or dynamically populated by user/device (see the options under
Membership type
) and defer to the Azure Administrator. One option is for Cortex to XSOAR to populate the group membership as part of a custom Playbook for bulk user provisioning.
Click
Create
.
Repeat these steps for each group required. For example, analyst, read-only user, etc. It is recommended, as a minimum, to create a group for each role.
Create a Non-Gallery application.
From the home page, select

Azure Active Directory

Enterprise applications

New Application



Select

Non-gallery application

.

Type the name of your application and click

Add



The page redirects to the Overview page. Copy the

Object ID

for future reference.


Assign Groups to the new application.
In the
Getting Started
section, click
Assign users and groups
.

Click
Add user/group
Users and groups
.
Select the groups that you created in step 1.

Repeat for all other groups created.
Set up SSO configuration for the application.
In the

Set up single sign on

field, click

Get started

.

Click

SAML

.



In the

Basic SAML Configuration

section, add the

Identifier (Entity ID)

and

Reply URL (Assertion Consumer Service URL)

.

Use the format

https://

<XSOAR Server FQDN>/saml



To use SP initiated SSO, in the

Sign on URL

field, add the URL in the format:

https://<XSOAR Server FDQN>/#/login

Users can sign into the Cortex XSOAR login page, an authorization request is sent to Azure, and after authentication, the user is logged in to Cortex XSOAR.

In the

User Attributes & Claims

section, click the edit icon and add the following attributes and values as required.



Ensure the attribute names match the names in Cortex XSOAR, when defining the instance.

Add a new group, click

Add a group claim

.

In the

Group Claims (Preview)

window, select

Security groups

.

In the

Advanced options

section, select the

Customize the name of the group claim

and

Emit groups as role claims

check boxes.



Click

Save

.

Copy your additional claims details in text format, as these are added when you Configure the SAML 2.0 Integration for Azure.



If you are setting up an SMS integration (such as Twilio) add a new phone attribute new claim to reference users directory phone numbers.

Copy the

App Federation Metadata Url

and

Login URL

fields, which are needed to configure the instance in Cortex XSOAR.


(
Optional
) Add a new certificate.
In the
SAML Signing Certificate
section, click the edit button.
Click
New Certificate
.
In the
Signing Option
field, from the drop down list, select
Sign SAML response and assertion
.

Click
Save
.
Ensure the status is active in Section 3.
In section 3, download the
Certificate (Base 64)
for future use.

Generate a private key for Assertion signing. For example, type the following command:
openssl genrsa -out saml.key 2048
Save the private key to notepad for configuration later.
You can now add an instance in Cortex XSOAR, as described in Configure the SAML 2.0 Integration for Azure.