Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

MFA for xSOAR portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

MFA for xSOAR portal

L0 Member

Hello,

 

I am running the Community Edition and have not found anything concerning MFA for xSOAR users. What would be the preferred way to enable MFA for users like Analysts and Administrators?

9 REPLIES 9

L2 Linker

Hi,

 

Best would be to use an external authentication mechanism that supports MFA. For example any SAML service (like Okta) usually supports MFA for authenticating users for the services.

 

Gilad

Shriki

@GShriki Is gsuite supported?

 

Can you point to a how-to article?

 

TNX

L4 Transporter

Hi

 

The XSOAR community edition does have a DUO integration that can be specifically used to provide 2fa authentication for admin logins to the portal.

Just go to settings>integrations and either scroll down or type duo into the search bar at the top.

 

Hope this helps.

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants

Hi,

 

Any standard SAML IdP is supported.

We do not have specific document for gsuite, but you can see the Okta example: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/users-and-roles/authent...

There are also guides from google on how to use gsuite as SAML IdP...

 

Gilad

Shriki

I want to ask if we can have any other federation (PingID) integrated with XSOAR for MFA?

You can use Ping for SAML auth, MFA would then enforced on the login with Ping.

 

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/users-and-roles/authent...

 

While we list Okta, AzureAD, ADFS, you can certainly use other SAML providers like Ping. 

Thanks for the quick response. 

We have already tested SAML integration with PingID and it works fine. How do I force it to use Ping, is that something which needs to be configured on Ping side or XSOAR side?

When you go to login to your XSOAR server, you will see a button "Log in with your Identity Provider (SSO/SAML)".   If you have previously setup local accounts in XSOAR, you can disable them, or change the passwords to force users to login with SSO going forward.

 

L4 Transporter

Bit late in the day but further to my previous reply I have actually just done a video on my channel about this very thing if you want to take a look it is at https://youtu.be/NvDdTz2CMi4 

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants
  • 7115 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!