SAML 2.0 Azure Parameters

Describes the SAML 2.0 parameters for Microsoft Azure as an identity provider.
The following table describes the SAML 2.0 parameters for Azure, when adding a new instance in Cortex XSOAR:
Attribute
Description
Name
A name for the integration instance.
Service Provider Entity ID
The URL of your Cortex XSOAR server (also known as an ACS URL). In the format:
https://yourdomain.com/saml
IdP metadata URL
URL of your organization’s IdP metadata file. You can copy this from the
App Federation Metadata URL
in the
SAML Signing Certificate
in Azure.
IdP metadata file
Your organization’s IdP metadata file. You either need to add the IdP metadata URL or the file.
IdP SSO URL
The URL of the IdP application that corresponds to Cortex XSOAR. You can copy this from the
Login URL
field in the
SAML Signing Certificate
section.
Attribute to get username
Attribute in your IdP for the user name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
.
Attribute to get email
Attribute in your IdP for the user's email address. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
.
Attribute to get first name
Attribute in your IdP for the user's first name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
.
Attribute to get last name
Attribute in your IdP for the user's last name. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
.
Attribute to get phone
Attribute in your IdP for the user's phone number, if available. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone
.
Attribute to get groups
Attribute in your IdP for the groups of which the user is a member. Copy this URL from the User Attributes & Claims section. See step 4.10 (additional claim details) in Configure Microsoft Azure to Authenticate Cortex XSOAR. For example,
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
.
Groups delimiter
Groups list separator. Value:
“,”
Default role (for IdP users without groups)
Role to assign to the user when they are not a member of any group. For example,
Analyst
.
RelayState
Only used by certain IdPs. If your IdP uses relay state, you need to supply the relay state.
Verify IDP public certificate
The Certificate (Base64) you downloaded in step 5.5 in Configure Microsoft Azure to Authenticate Cortex XSOAR.
Sign Request
Method for the IdP to verify the user sign-in request using the IdP vendor certificate.
Service Provider Private key (pem format)
Private key for your IdP, in PEM format. Created locally by the user who wants to use SAML. The public key is uploaded to Azure.
Do not validate server certificate (insecure)
If you are use a self-signed certificate for the Azure server you can use this checkbox.
Use system proxy settings
Select the check box to use proxy settings.
ADFS
Whether the server uses ADFS.
Compress encode URL (AFDS)
(
Manadatory
) Select the check box to compress encode URL (AFDS). If not, you may receive a
Decoding Flat
error during connection.
Service identifier (AFDS)
Add the characters after the
appid
value, which can be found at the end of the App Federation Metadata URL. For example,
https://login.microsoftonline.com/934a6d32-9550be/federationmetadata/2007-06/federationmetadata.xml?appid=b0331331-f15b-4a32-9f48-19158beb0340
. Add
b0331331-f15b-4a32-9f48-19158beb0340
Don’t map SAML groups to Demisto roles
SAML groups are not mapped to Cortex XSOAR roles. Default roles are assigned and you can select them later.
Get service provider metadata
Enables you to verify that the settings are successful.
IdP Single Logout URL
This functionality ends the user's session in Azure when logging out.
Single Logout Service Endpoint
The URL of the single logout Endpoint.
Use this instance for external authentication only
Limits this instance to authenticate external (non-Cortex XSOAR) users when they answer a survey sent via a communication task in a playbook.

Recommended For You