Define the Claim Issuance Policy

Define the claim insurance policy in ADFS to use ADFS as the identity provider for Cortex XSOAR. Active Directory Federation Services
You need to define the claim issuance policy. Before you start you need to create the Relying Party Trusts as described in Create Relying Party Trust in ADFS.
  1. From the right menu pane of the Relying Party Trusts, click
    Edit Claim Issuance Policy
  2. Click
    Add Rule
    .
  3. In the Add Transform Claim Rule Wizard, select
    Transform an Incoming Claim
    from the drop down list.
  4. Click
    Next
    .
  5. In the Configure Claim Rule page, type the Claim rule name
    WindowsAccountName
    which will pass the user login name in AD and select the Windows account name for the Incoming and Outgoing claim type.
  6. Click
    Finish
    .
  7. Add another claim rule which will pass the AD user account attributes to Cortex XSOAR. This step is required to map the user group membership, full name, email, phone and other LDAP attributes.
    1. From the right menu pane of the Relying Party Trusts, click
      Edit Claim Issuance Policy
    2. Click
      Add Rule
      .
    3. In the Add Transform Claim Rule Wizard, select
      Send LDAP Attributes as Claims
      from the drop down list.
    4. Click
      Next
      .
    5. In the Configure Claim Rule page, type a claim rule name, select Active Directory from the Attribute store drop down list and map the required fields. Note that the user group attribute is mandatory if you wish to map the user group to the Cortex XSOAR user role.
    6. Click
      Finish
      and then click
      OK
      to create the claim rules.
  8. Open PowerShell and make sure the IDP Sign-on page is enabled
    If one of these setting are set to false, enable it by typing
    Set-AdfsProperties -<Property Name RelayState or EnableIdp> $True
  9. Verify that the ADFS IDP Sign-on page is working by browsing to the ADFS service portal URL, in our example: https://demistodev.local/adfs/ls/idpinitiatedsignon.aspx

Recommended For You