End-of-Life (EoL)

Configure Microsoft Azure to Authenticate Cortex XSOAR

Set up Azure as the IP
You need to authenticate Cortex XSOAR in your Azure account and then create a SAML 2.0 instance in Cortex XSOAR.
  1. In the Azure Portal, create new groups to match the Cortex XSOAR roles.
    For example, Cortex XSOAR comes out of the box with Administrator, Analyst, Read-Only roles. We need to add these roles to Azure.
    1. From the home page, select
      Azure Active Directory
      New Group
    2. Add the Administrator group.
      You can add existing users to this group now or at a later stage.
      You can also allow Azure AD Group Owners to add or modify users in group. Groups can be manually or dynamically populated by user/device (see the options under
      Membership type
      ) and defer to the Azure Administrator. One option is for Cortex to XSOAR to populate the group membership as part of a custom Playbook for bulk user provisioning.
    3. Click
    4. Repeat these steps for each group required. For example, analyst, read-only user, etc. It is recommended, as a minimum, to create a group for each role.
  2. Create a Non-Gallery application.
    1. From the home page, select
      Azure Active Directory
      Enterprise applications
      New Application
    2. Select
      Non-gallery application
    3. Type the name of your application and click
      The page redirects to the Overview page. Copy the
      Object ID
      for future reference.
  3. Assign Groups to the new application.
    1. In the
      Getting Started
      section, click
      Assign users and groups
    2. Click
      Add user/group
      Users and groups
    3. Select the groups that you created in step 1.
    4. Repeat for all other groups created.
  4. Set up SSO configuration for the application.
    1. In the
      Set up single sign on
      field, click
      Get started
    2. Click
    3. In the
      Basic SAML Configuration
      section, add the
      Identifier (Entity ID)
      Reply URL (Assertion Consumer Service URL)
      Use the format
      <XSOAR Server FQDN>/saml
    4. To use SP initiated SSO, in the
      Sign on URL
      field, add the URL in the format:
      https://<XSOAR Server FDQN>/#/login
      Users can sign into the Cortex XSOAR login page, an authorization request is sent to Azure, and after authentication, the user is logged in to Cortex XSOAR.
    5. In the
      User Attributes & Claims
      section, click the edit icon and add the following attributes and values as required.
      Ensure the attribute names match the names in Cortex XSOAR, when defining the instance.
    6. Add a new group, click
      Add a group claim
    7. In the
      Group Claims (Preview)
      window, select
      Security groups
    8. In the
      Advanced options
      section, select the
      Customize the name of the group claim
      Emit groups as role claims
      check boxes.
    9. Click
    10. Copy your additional claims details in text format, as these are added when you Configure the SAML 2.0 Integration for Azure.
      If you are setting up an SMS integration (such as Twilio) add a new phone attribute new claim to reference users directory phone numbers.
    11. Copy the
      App Federation Metadata Url
      Login URL
      fields, which are needed to configure the instance in Cortex XSOAR.
  5. (
    ) Add a new certificate.
    1. In the
      SAML Signing Certificate
      section, click the edit button.
    2. Click
      New Certificate
    3. In the
      Signing Option
      field, from the drop down list, select
      Sign SAML response and assertion
    4. Click
      Ensure the status is active in Section 3.
    5. In section 3, download the
      Certificate (Base 64)
      for future use.
    6. Generate a private key for Assertion signing. For example, type the following command:
      openssl genrsa -out saml.key 2048
      Save the private key to notepad for configuration later.
  6. You can now add an instance in Cortex XSOAR, as described in Configure the SAML 2.0 Integration for Azure.

Recommended For You