Streamline Your Security with Cortex XDR: Okta SSO

Streamline Your Security with Cortex XDR: Okta SSO

Table of Contents

1. Introduction
2. Prerequisites
3. Configuration of Cortex XDR SSO with Octa as the Identity Provider (IDP)
4. Group mapping
5. Setting up Single Sign-On in Cortex XDR 3.4
6. Using Octa as the IDP
7. Configuring the Octa App Integration
8. Attribute statements for user information
9. Group attribute statements for role-Based access control
10. Completing the SAML setup instructions in Cortex XDR
11. Mapping attributes in Cortex XDR
12. Assigning users and groups in Octa
13. Testing the SSO integration
14. Automatic role assignment using group mapping
15. Troubleshooting SAML-based SSO configuration

Introduction

In this article, we will explore the single sign-on (SSO) feature in the Cortex XDR tenant. Single sign-on allows users to log in to the Cortex XDR instance using their organization's SSO process, streamlining the login experience and reducing the number of credentials required to access the console. We will provide step-by-step instructions for configuring SSO with Octa as the identity provider (IDP) and cover group mapping for role-based access control. Before we begin, let's ensure we have the necessary prerequisites in place.

Prerequisites

Before proceeding with the SSO configuration, make sure You have the following:

1. Cortex XDR account admin or instance administrator credentials.
2. Login access to your Cortex XDR instance.
3. An active Octa instance as your chosen IDP.

Now that we have the prerequisites, let's dive into the configuration process.

Configuration of Cortex XDR SSO with Octa as the Identity Provider (IDP)

To set up SSO with Octa as the IDP in Cortex XDR, follow these steps:

1. Log in to your Cortex XDR instance using your CSB credentials with an account that has either the XDR account admin or instance administrator role.
2. Navigate to "Settings" and select "Configurations".
3. Scroll down to the bottom and enable "Single Sign-On" by toggling the button.
4. Once enabled, you will see the configuration options.

Group Mapping

Group mapping allows for role-based access control in Cortex XDR. By mapping groups in Octa to roles in Cortex XDR, users can be automatically assigned roles based on their group membership. To set up group mapping, follow these steps:

1. Create a group in Cortex XDR by going to "Settings", "Configurations", "User Groups", and clicking "New Group".
2. Give the group a descriptive name and select a role for the group.
3. Specify the SAML group mapping group that you will use. For example, use "Cortex Administrators" as the group name and click "Create".
4. Create the corresponding group in Octa under "Directory" and "Groups".
5. Assign users to the group in Octa.
6. Configure the group mapping in the Cortex XDR SAML application settings.
7. Test the SSO integration with a user assigned to the group to verify the appropriate role assignment.

Setting up Single Sign-On in Cortex XDR 3.4

Starting with Cortex XDR 3.4, administrators can set up their Cortex XDR instances to use their organization's IDP for SAML-based single sign-on. Users will then have the ability to log in using their organization's SSO process to access the console. Here's how to enable SSO in Cortex XDR:

1. Log in to your Cortex XDR instance using your CSB credentials with an account that has either the XDR account admin or instance administrator role.
2. Go to "Settings", "Configurations", and scroll down to the bottom.
3. Select "Single Sign-On" and toggle the button to reveal the configuration options.
4. Configure the necessary settings based on your IDP's requirements.

Using Octa as the IDP

For the purpose of this article, we will be using Octa as the IDP. However, the concepts discussed here can be applied to other IDPs with slight variations. Let's proceed with Octa as the IDP and configure the app integration.

Configuring the Octa App Integration

To configure the Octa app integration in Cortex XDR, follow these steps:

1. Log into the admin portal for your Octa instance and go to "Applications".
2. Select "Create App Integration" and choose SAML 2.0 as the sign-in method.
3. Provide an app name and optionally add an app logo.
4. Follow the Prompts to complete the Octa app configuration, providing the necessary attributes and values.
5. Once configured, obtain the metadata containing the Identity Provider Single Sign-On URL, Identity Provider Issuer, and the X.509 certificate.

Attribute Statements for User Information

Attribute statements define the user information that will be passed from Octa to Cortex XDR during the SSO process. In this section, we will define the attribute statements for the user's first name, last name, and email address.

Group Attribute Statements for Role-based Access Control

Group attribute statements allow for role-based access control by mapping Octa groups to roles in Cortex XDR. This enables users to be assigned roles in Cortex XDR automatically based on their group membership. For example, mapping Octa groups like "Viewer" or "Administrator" to corresponding roles in Cortex XDR.

Completing the SAML Setup Instructions in Cortex XDR

To complete the SAML setup instructions in Cortex XDR, follow these steps:

1. Paste the values obtained from the Octa configuration (Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 certificate) into the corresponding fields in Cortex XDR.
2. Verify the attributes are correctly mapped by previewing the SAML assertion in Cortex XDR.
3. If the attributes are mapped correctly, proceed with the setup by clicking "Next".
4. Specify your feedback, select the appropriate options, and click "Finish".

Mapping Attributes in Cortex XDR

In this step, we will configure the attribute mappings in Cortex XDR based on the values filled in during the Octa configuration. We will map attributes like given name, surname, email address, and groups using Cortex XDR's attribute mapping feature.

Assigning Users and Groups in Octa

To assign users and groups in Octa, follow these steps:

1. Go to the Octa application created for the Cortex XDR integration.
2. Click the "Assignments" tab and assign users or groups as needed.
3. Ensure at least one user is assigned to the application for testing the SSO integration.

Testing the SSO Integration

To test the SSO integration, follow these steps:

1. Open a new incognito window in your browser.
2. Visit your Cortex XDR tenant login page, accessible at "your-tenant-name.xdr-networks.com".
3. If redirected to the customer support portal, check the SSO configuration in your Cortex XDR tenant and save the changes.
4. Click on "Single Sign-On with SSO" to be redirected to the Octa login page.
5. Complete the Octa login process to test the integration.
6. If the sign-in is successful, you will be redirected to the Cortex XDR instance and logged in.

Automatic Role Assignment Using Group Mapping

To enable automatic role assignment based on group membership, follow these steps:

1. Create a group in Cortex XDR that corresponds to a group in Octa.
2. Create the same group in Octa and assign users to the group.
3. Configure the group mapping in the Cortex XDR SAML application settings, specifying the attribute for group mapping.
4. Test the SSO login with a user assigned to the group to ensure the appropriate role is assigned based on group membership.

Troubleshooting SAML-Based SSO Configuration

Here are a few troubleshooting tips if you encounter issues while configuring SAML-based SSO:

1. Verify that your email address in Octa matches your email address in Cortex XDR.
2. Check if a role is being assigned during the login process, either through the default role in the Cortex XDR SSO configuration or via group mapping.
3. Ensure that you are using valid attribute values and correctly configured URLs in both Cortex XDR and Octa for SSO.
4. Double-check the attribute mappings and group mappings to avoid any mapping errors.

In conclusion, SSO is a powerful feature that simplifies access management and enhances the user login experience in Cortex XDR. By implementing SSO with Octa as the IDP and configuring group mapping, organizations can streamline access provisioning and improve security. Remember to follow the steps and guidelines provided in this article to successfully set up and test the SSO integration in your Cortex XDR instance.