Skip to main content

SAML 2.0

Use the SAML 2.0 integration to configure single sign-on for Cortex XSOAR users, using your organization's identity provider (IdP).

If your IdP is Okta or ADFS, refer to the relevant article.

What is SAML 2.0?#

According to the SAML 2.0 page in Wikipedia:

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for
exchanging authentication and authorization data between security domains. SAML 2.0 is an
XML-based protocol that uses security tokens containing assertions to pass information
about a principal (usually an end user) between a SAML authority, named an Identity
Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based
authentication and authorization scenarios including cross-domain single sign-on (SSO),
which helps reduce the administrative overhead of distributing multiple authentication
tokens to the user.

Configure SAML 2.0 with your IdP#

When configuring SAML 2.0, you need to map several attributes from your IdP to Cortex XSOAR fields. The attribute fields must be populated in Cortex XSOAR exactly as they appear in your IdP. For example, if the email attribute in your IdP is email.address, you need to provide this value in the attribute to get the email parameter in the SAML 2.0 integration in Cortex XSOAR.

IMPORTANT: You need to provide values for all parameters. If you skip parameters, the Cortex XSOAR user you create will not contain important attributes and information, and will require you to manually assign a Cortex XSOAR role to the user.

NameA meaningful name for the integration instance.
Service Provider Entity IDAlso known as an ACS URL. This is the URL of your Cortex XSOAR server, for example:
IdP metadata URLURL of your organization's IdP metadata file.
IdP metadata fileYour organization's IdP metadata file.
IdP SSO URLURL of the IdP application that corresponds to Cortex XSOAR.
Attribute to get usernameAttribute in your IdP for the user name.
Attribute to get emailAttribute in your IdP for the user email address.
Attribute to get first nameAttribute in your IdP for the user first name.
Attribute to get last nameAttribute in your IdP for the user last name.
Attribute to get phoneAttribute in your IdP for the user phone number.
Attribute to get groupsAttribute in your IdP for the groups in which the user is a member.
Groups delimiterGroups list separator.
Default roleRole to assign to the user when they are not a member of any group.
RelayStateFor IdPs using relay state, you need to supply the relay state.
Sign request and verify response signatureMethod for the IdP to verify the user sign-in request using the IdP vendor certificate.
Identity Provider public certificatePublic certificate for your IdP.
Identity Provider private keyPrivate key for your IdP in PEM format in PKCS#1 type (required for single logout).
Service Provider public certificatePublic certificate for the service provider.
Service Provider Private key (pem format)Private certificate key for the service provider in PKCS#1 type.
Do not validate server certificate (insecure)Whether to verify the server certificate.
Use system proxy settingsWhether to use proxy settings.
ADFSWhether to use the ADFS server.
Compress encode URL (ADFS)Check mandatory for ADFS encoding.
Service Identifier (ADFS)The ADFS relay identifier to which Cortex XSOAR redirects the user for SSO first login.
Identity Provider Single Logout URLURL that users are sent to after logging out of the SAML session.
Single Logout Service EndpointLogout service with which SAML communicates.
Do not map SAML groups to Demisto rolesSAML groups will not be mapped to Cortex XSOAR roles.
Single logout - specify Name ID FormatWhether to use the Name ID format.
Name IDDefines the name identifier formats supported by the identity provider.
Use this instance for external authentication onlyLimits this instance to authenticate external (non-Cortex XSOAR) users when they answer a survey sent via a communication task.