End-of-Life (EoL)

Self-Service Read-Only Users

The self service read-only users feature provides users who do not have an account and at least one role mapped in Cortex XSOAR the ability to access Cortex XSOAR in a very limited capacity.
Self service read-only users can:
  • create incidents
  • view their own incidents
  • add notes and attachments to their incidents
  • view the dashboards created for them by the administrator
An example of an incident that a self-service read-only user could create is to report that they lost their laptop.
Self-service read-only users can only view their own data. They cannot:
  • start an investigation
  • create dashboards or reports
  • change anything in incidents they create
In order to create notes, the self-service read-only user must mark the
Mark as a note
It is recommended, but not required, that self-service read-only users have an existing account in the company’s enterprise directory and Cortex XSOAR is configured to authenticate and authorize read-only users using the same enterprise directory with LDAP, AD, or SAML authentication protocols.
A user is considered as a self-service read-only user if the user has no role associated with the Cortex XSOAR users settings.
To enable the self-service read-only user feature, Cortex XSOAR administrators need to:
  • Set server configuration parameters to:
    • Allow authenticated users without roles to access the home page.
    • Define the list of dashboards such users have access to.
  • Create self-service read-only incident types. Since self-service read-only users cannot initiate an investigation, the playbooks associated with these incident types should run automatically.
  • Create self-service read-only users if no enterprise directory is configured with Cortex XSOAR.
  • Create incident layouts for self-service read-only users and allow self-service read-only users to access the incidents tabs containing such layouts.
  • Create and share dashboards for self-service read-only users.

Recommended For You