MFA for xSOAR portal

Reply
L0 Member

MFA for xSOAR portal

Hello,

 

I am running the Community Edition and have not found anything concerning MFA for xSOAR users. What would be the preferred way to enable MFA for users like Analysts and Administrators?

L2 Linker

Hi,

 

Best would be to use an external authentication mechanism that supports MFA. For example any SAML service (like Okta) usually supports MFA for authenticating users for the services.

 

Gilad

Shriki
L0 Member

@GShriki Is gsuite supported?

 

Can you point to a how-to article?

 

TNX

L2 Linker

Hi

 

The XSOAR community edition does have a DUO integration that can be specifically used to provide 2fa authentication for admin logins to the portal.

Just go to settings>integrations and either scroll down or type duo into the search bar at the top.

 

Hope this helps.

PCCSA PCNSA PCNSE
L2 Linker

Hi,

 

Any standard SAML IdP is supported.

We do not have specific document for gsuite, but you can see the Okta example: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/users-and-roles/authent...

There are also guides from google on how to use gsuite as SAML IdP...

 

Gilad

Shriki
L0 Member

I want to ask if we can have any other federation (PingID) integrated with XSOAR for MFA?

L0 Member

You can use Ping for SAML auth, MFA would then enforced on the login with Ping.

 

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/users-and-roles/authent...

 

While we list Okta, AzureAD, ADFS, you can certainly use other SAML providers like Ping. 

L0 Member

Thanks for the quick response. 

We have already tested SAML integration with PingID and it works fine. How do I force it to use Ping, is that something which needs to be configured on Ping side or XSOAR side?

L0 Member

When you go to login to your XSOAR server, you will see a button "Log in with your Identity Provider (SSO/SAML)".   If you have previously setup local accounts in XSOAR, you can disable them, or change the passwords to force users to login with SSO going forward.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!