12-30-2020 02:57 AM
I am running the Community Edition and have not found anything concerning MFA for xSOAR users. What would be the preferred way to enable MFA for users like Analysts and Administrators?
12-30-2020 11:20 AM
Best would be to use an external authentication mechanism that supports MFA. For example any SAML service (like Okta) usually supports MFA for authenticating users for the services.
12-31-2020 06:53 AM
01-05-2021 12:51 PM
The XSOAR community edition does have a DUO integration that can be specifically used to provide 2fa authentication for admin logins to the portal.
Just go to settings>integrations and either scroll down or type duo into the search bar at the top.
Hope this helps.
01-06-2021 07:07 PM
Any standard SAML IdP is supported.
We do not have specific document for gsuite, but you can see the Okta example: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/users-and-roles/authent...
There are also guides from google on how to use gsuite as SAML IdP...
01-15-2021 08:12 AM
I want to ask if we can have any other federation (PingID) integrated with XSOAR for MFA?
01-15-2021 08:16 AM
You can use Ping for SAML auth, MFA would then enforced on the login with Ping.
While we list Okta, AzureAD, ADFS, you can certainly use other SAML providers like Ping.
01-15-2021 08:32 AM
Thanks for the quick response.
We have already tested SAML integration with PingID and it works fine. How do I force it to use Ping, is that something which needs to be configured on Ping side or XSOAR side?
01-15-2021 08:45 AM
When you go to login to your XSOAR server, you will see a button "Log in with your Identity Provider (SSO/SAML)". If you have previously setup local accounts in XSOAR, you can disable them, or change the passwords to force users to login with SSO going forward.
02-05-2021 01:45 AM
Bit late in the day but further to my previous reply I have actually just done a video on my channel about this very thing if you want to take a look it is at https://youtu.be/NvDdTz2CMi4
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!