Self service read-only users enables users without an
account the option to view limited data and create incidents in
The self service read-only users feature provides users
who do not have an account and at least one role mapped in Cortex
XSOAR the ability to access Cortex XSOAR in a very limited capacity.
Self service read-only users can:
view their own incidents
add notes and attachments to their incidents
view the dashboards created for them by the administrator
An example of an incident that a self-service read-only user
could create is to report that they lost their laptop.
Self-service read-only users can only view their own data. They
start an investigation
create dashboards or reports
change anything in incidents they create
In order to create notes, the self-service read-only user must
Mark as a note
It is recommended, but not required, that self-service read-only
users have an existing account in the company’s enterprise directory
and Cortex XSOAR is configured to authenticate and authorize read-only
users using the same enterprise directory with LDAP, AD, or SAML
A user is considered as a self-service read-only user if the
user has no role associated with the Cortex XSOAR users settings.
To enable the self-service read-only user feature, Cortex XSOAR
administrators need to:
Set server configuration parameters to:
authenticated users without roles to access the home page.
Define the list of dashboards such users have access to.
Create self-service read-only incident types. Since self-service read-only
users cannot initiate an investigation, the playbooks associated
with these incident types should run automatically.
Create self-service read-only users if no enterprise directory
is configured with Cortex XSOAR.
Create incident layouts for self-service read-only users
and allow self-service read-only users to access the incidents tabs
containing such layouts.
Create and share dashboards for self-service read-only users.