1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Administrator’s Guide
    5. Users and Roles
    6. Authenticate Users with SAML 2.0
    7. Set up ADFS as the Identity Provider Using SAML 2.0
    8. Create Relying Party Trust in ADFS
    End-of-Life (EoL)

    Create Relying Party Trust in ADFS

    In ADFS you need to create a Relying Party Trust. The following procedure uses ADFS 3.0 on Windows Server 2016 and shows demistodev.local as the ADFS portal service which will allow a trust connection from the https://demo.demisto.com web server.
    You must have a valid and trusted server certificate for ADFS to work, not the self-signed certificates that come with Cortex XSOAR. If you do not use a trusted server certificate for ADFS, you will experience TLS connection issues with ADFS and the integration will not work properly.
    1. Log in to the ADFS server management console.
    2. In the tree in the left panel, right-click
      Service
       and select
      Edit Federation Service Properties
      .
    3. Click the
      General
       tab and confirm that the DNS entries and certificates names are correct.
    4. In the tree in the left panel, right-click
      Relying Party Trusts
       and select
      Add Relying Party Trusts
      .
    5. The Add Relying Party Trust Wizard screen appears. Click
      Start
      .
    6. In the Select Data Source page, select
      Enter data about the relying party manually
      .
    7. Click
      Next
      .
    8. In the Specify Display Name page, type a display name for the trust in the Display name field. In this example, the name of the trust is Demisto.
    9. Click
      Next
      .
    10. (Optional)
       In the Configure Certificate page, you can configure the claims encryption.
    11. Click
      Next
      .
    12. In the Configure URL page, select
      Enable support for the SAML 2.0 Web SSO protocol
      , and enter the Cortex XSOAR server URL followed by /SAML.
    13. Click
      Next
      .
    14. In the Configure Identifiers page, add the Relying party trust identifier. The identifier can be a friendly name, the same as the Display name, or the application URL. This identifier is used to redirect the user back to the Cortex XSOAR web server instead of asking the user to manually choose which service should log in to the ADFS IDP portal.
    15. Click
      Next
      .
    16. In the Choose Access Control Policy page, select an access control policy for the authentication portal. In this example, we choose
      .
    17. Click
      Next
      .
    18. In the Ready to Add Trust page, verify that all the setting are correct.
    19. Click
      Next
       and then click
      Close
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo