Configure Microsoft Azure to Authenticate Cortex XSOAR
Set up your Microsoft Azure account to authenticate Cortex XSOAR users. Create groups, configure application. SAML 2.0.
You need to authenticate Cortex XSOAR in your Azure account and then create a SAML 2.0 instance in Cortex XSOAR.
- In the Azure Portal, create new groups to match the Cortex XSOAR roles.For example, Cortex XSOAR comes out of the box with the Administrator, Analyst, and Read-Only roles. We need to add these roles to Azure.
- From the home page, select.Azure Active DirectoryGroupsNew group
- Add the Administrator group.You can add existing users to this group now or at a later stage.You can also allow Azure AD Group Owners to add or modify users in the group. Groups can be manually or dynamically populated by user or a device (see the options underMembership type) and defer to the Azure Administrator. One option is for Cortex to XSOAR to populate the group membership as part of a custom Playbook for bulk user provisioning.
- Repeat these steps for each group required. For example, analyst, read-only user, etc. It is recommended, as a minimum, to create a group for each role.
- Create a Non-Gallery application.
- From the home page, selectEnterprise applicationsNew Application
- SelectNon-gallery application.
- Type the name of your application and clickAddThe page redirects to the Overview page. Copy theObject IDfor future reference.
- Assign Groups to the new application.
- In theGetting Startedsection, clickAssign users and groups.
- Click.Add user/groupUsers and groups
- Select the groups that you created in step 1.
- Repeat for all other groups created.
- Set up SSO configuration for the application.
- In theSet up single sign onfield, clickGet started.
- In theBasic SAML Configurationsection, add theIdentifier (Entity ID)andReply URL (Assertion Consumer Service URL).Use the formathttps://<XSOAR Server FQDN>/saml
- To use SP initiated SSO, in theSign on URLfield, add the URL in the format:https://<XSOAR Server FDQN>/#/loginUsers can sign into the Cortex XSOAR login page, an authorization request is sent to Azure, and after authentication, the user is logged in to Cortex XSOAR.
- In theUser Attributes & Claimssection, click the edit icon and add the following attributes and values as required.Ensure the attribute names match the names in Cortex XSOAR, when defining the instance.
- Add a new group, clickAdd a group claim.
- In theGroup Claims (Preview)window, selectSecurity groups.
- In theAdvanced optionssection, select theCustomize the name of the group claimandEmit groups as role claimscheck boxes.
- Copy the additional claims details in text format as these are added when you Configure the SAML 2.0 Integration for Azure.If you are setting up an SMS integration (such as Twilio) add a new phone attribute new claim to reference users directory phone numbers.
- Copy theApp Federation Metadata Url,Login URLandLogout URLfields, which are needed to configure the instance in Cortex XSOAR.
- (Optional) Add a new certificate.
- In theSAML Signing Certificatesection, click the edit button.
- ClickNew Certificate.
- In theSigning Optionfield, from the drop down list, selectSign SAML response and assertion.
- ClickSave.Ensure the status is active in Section 3.
- In section 3, download theCertificate (Base 64)for future use.
- Generate a private key for assertion signing. For example type the following command:openssl genrsa -out saml.key 2048Save the private key to notepad for later configuration.
- You can now add an instance in Cortex XSOAR, as described in Configure the SAML 2.0 Integration for Azure.
Recommended For You
Recommended videos not found.