Could use some help with Azure SSO for community edition Cortex XSOAR

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Could use some help with Azure SSO for community edition Cortex XSOAR

L1 Bithead



I have tried many settings and can't seem to quite figure out what text is to be entered into the setup section within Xsoar for the Azure SAML SSO setup. I keep getting this error: 


" {"id":"errSAMLLogin","status":400,"title":"Failed to login via SAML","detail":"Failed to login via SAML","error":"","encrypted":false,"multires":null} "


I have tried many different names and mappings to Azure. Any insight as to what the entry should look like on the Xsoar side would be greatly appreciated.



This is what I have currently made my entries in Azure to be, and have used the claim name in Xsoar and am still getting the error.


Thank you,





L5 Sessionator

Hi Richard,


Your claim details don't look right for Azure. They should look like this. 


Take a look at this documentation -


Thank you very much for the reply, I have never removed the schema before and have tried it both ways. I have re-added the schema back and still get the same error. I think what I am in need of is what the entry should look like on xsoar side of things. I got the removal of the schema line by looking at the example above in the link that you gave me. 


Here is a screen shot of my saml response with the schemas being sent to xsoar:



Any other ideas would be greatly welcomed.



can you share a screenshot of your integration settings as well please

My current settings: 



If you want to see all of the settings, please let me know. I can take additional screen shots.


Yes please










Thank you again for assisting.





L5 Sessionator

Hi @DriveYourAceOff, it should looks like this.


Screen Shot 2022-04-28 at 2.47.56 pm.png


Also the last option should look like this. According to the documentation - 


"In the Service Identifier (ADFS) field, copy the characters after the appid value, which can be found at the end of the App Federation Metadata URL (section 3 in SAML Certificate)."

Screen Shot 2022-04-28 at 2.50.56 pm.png

Let me know if this works for your. 


Thanks, Jeremy.

Is there any way that you can tell me what the fields say at the end of the attributes you used.

Thanks again, I am still getting the same error however. Here are my new settings, and I believe that they are correct. I am thinking that I may start fresh and try again, but here are my newest settings:



I se the appid section and copied that value to put in below:



The only field in question is the group field. I feel like that may be wrong as there are several different ways to make the group throughout the instructions. I have used the below method, and it does look like it is getting the correct group from Azure in the saml response xml.




Thanks again for the help!



Hi Richard,



I'm not sure about the iDP Metadata URL. You can copy then from the below 

Screen Shot 2022-04-29 at 1.29.46 pm.png


Attribute to get group should be set in a similar way.

Screen Shot 2022-04-29 at 1.33.41 pm.png

Thanks, Jeremy


L0 Member

In Cortex XSOAR, go to Settings > Integrations > Credentials and create a new credentials set.In the Username parameter, enter your registered app Application D.In the Password parameter, enter the secret value you created.Copy your tenant ID for the integration configuration usage.

I updated the group to include the namespace, but am still getting the same error.

Can you please send me the link to this documentation in xsoar so that I can follow it, this makes sense but I want to make sure that I get the values from the correct places. There is no secret with an Enterprise Application in Azure, so that is where I am getting a little bit lost. 



L5 Sessionator
  • 15 replies
  • 31 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!