XSIAM SSO Configuration
MOJO Cortex XSIAM has been integrated with SSO using MOJO Azure AD. A new enterprise application has been created in Azure for SAML based SSO and on the XSIAM side, SSO authentication has been enabled.
Important!
SSO is now the preferred method of accessing the XSIAM
Due to this SSO configuration; authentication now takes place in Azure AD and authorisation takes place in XSIAM. Therefore, in order to provide someone access to XSIAM with some specific permissions, below is what we will need to do:
Create authentication:
- Step 1 - Create a
Security Groupin Azure AD. - Step 2 - Add users in this group as members.
- Step 3 - Go to the SSO Enterprise app and assign this new group.
- Step 4 - Take a note of the
Object idof this new group for the next stage.
Create authorisation:
- Step 5 - Create a user group in XSIAM with the same name as the
Security Groupabove. - Step 6 - Add the
Object idof theSecurity Groupin theSAML Group Mappingsection. - Step 7 - Select appropriate
Rolein the Role selector for this user group.
These above steps should create the neccessary access for the new user.
Below is a list current Azure AD groups and their Role mappings:
| AD Group | Role |
|---|---|
| MOJO-Users-XSIAM-Prod-MIP | Viewer |
| MOJO-Users-XSIAM-Prod-MIP-DevSecOps | Instance Administrator |
| MOJO-Users-XSIAM-Prod-Readonly | Viewer |
| MOJO-Users-XSIAM-Prod-ServiceOwners | Viewer |
| MOJO-Users-XSIAM-Prod-SLT | Viewer Report Generator |
| MOJO-Users-XSIAM-Prod-SOC-Investigations-L1 | Responder |
| MOJO-Users-XSIAM-Prod-SOC-Investigations-L2 | Privileged Responder |
| MOJO-Users-XSIAM-Prod-SOC-M&R-L1 | Investigator |
| MOJO-Users-XSIAM-Prod-SOC-M&R-L2 | Privileged Investigator |
| MOJO-Users-XSIAM-Prod-SOC-M&R-L3 | Privileged Responder |
| MOJO-Users-XSIAM-Prod-SOC-Readonly | Viewer Report Generator |
| MOJO-Users-XSIAM-Prod-SOC-TVM | Privileged Investigator |
| MOJO-Users-XSIAM-Prod-Launchpad-Admins | Scoped Endpoint Admin |
| MOJO-Users-XSIAM-Prod-Mobile-Admins | Scoped Endpoint Admin |
This page was last reviewed on 26 March 2024.
It needs to be reviewed again on 26 September 2024
.
This page was set to be reviewed before 26 September 2024.
This might mean the content is out of date.