🌙

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Enterprise SSO

Single sign-on (SSO) enables you to integrate Secureworks® Taegis™ XDR access with a localized corporate authentication system, termed a connection in XDR.

With SSO enabled, XDR users utilize their corporate authentication credentials when accessing XDR, which means if you are logged in to your corporate network, you no longer need a separate password or MFA to log in to XDR.

Important

Users still require a user account to be created in XDR including an applicable role with the same email address used in your corporate authentication system. The email address is what allows the synchronization between the authentication systems on a per-user basis.

Enabling SSO provides the following benefits:

Prerequisites

Security Assertion Markup Language 2.0 is a version of the SAML standard for exchanging authentication and authorization identities between security domains.

Your authentication system must be compatible with the SAML2.0 authentication protocol to set up an integration with XDR.

Enterprise SSO Overview

Important

If you have been supplied XDR through a Partner (MSSP) organization, please confirm with your Partner that SSO integration is supported before continuing.

Tenant Administrators can manage SSO connections via the Enterprise SSO page. To access this page, select Tenant Settings → Enterprise SSO from the Taegis Menu.

Note

Enterprise SSO is only configurable by users with the Tenant Admin role.

XDR SSO

XDR SSO

Current SSO connections display as summary cards with the number of domains, expiration date of the signing certificate, and one of the following statuses of the connection below the name:

Select a summary card to review the connection details, change the status, edit details, or delete the connection.

You can also change the status or delete the connection by selecting the menu icon from the bottom-right corner of a card on the Enterprise SSO page.

Add New SSO Connection

Tenant Administrators can configure up to six SSO connections per tenant. Specified domains must be unique per connection and not span across connections.

To set up a new connection, follow these steps:

  1. From the Taegis Menu, select Tenant Settings → Enterprise SSO.
  2. Select + Add Connection. The Add a New Connection panel displays. Use the guidance within each of the following sections to complete configuration.

Add a New SSO Connection

Add a New SSO Connection

General Settings

Provide the following information in General Settings:

Once these details have been provided, select Create Draft Connection & Continue.

Service Provider Settings

Within the SSO configuration, XDR is defined as the Service Provider while your authentication system (Active Directory, PingFederate, Okta, etc.) is defined as the Identity Provider.

Service Provider Settings

Service Provider Settings

The Entity ID and Service URL in Service Provider Settings can be copied by selecting the copy icon to the left of these items. These are required when defining a connection within your corporate identity provider.

Once these details have been gathered, select Next,

Identity Provider Settings

At this stage, you will be required to complete the configuration of your corporate identity provider connection.

Important

SAML Attributes

The identity provider needs to be set up to return the user's email address in the SAML assertion, and this setup will differ depending on the provider. The SAML attribute for the email address should be named http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, with the value set to the user's email address.

Additionally, the identity provider should confirm that the email is verified by including another attribute, email_verified = true, as a string.

XDR will require information from the identification provider to complete the connection to your Tenant. Any user requiring access to XDR still needs an account created within XDR, but password and MFA authentication procedures will be taken from your corporate authentication system, such as Okta or Active Directory.

Identity Provider Settings

Identity Provider Settings

  1. In Identity Provider Settings, supply the SAML Metadata XML URL from your Identity Provider and select Verify.

  2. Once Verify has been selected, the signing certificate will be displayed. This should be checked against your identity provider information to confirm that the correct details have been captured as a part of the connection. If the details do not appear as expected, check the metadata url for any errors.

  3. Select Next once verified to review the connection.

Review Connection

In Review Connection, confirm that the summarized information is correct, and select Save Connection.

Review Connection

Review Connection

The new connection now appears as a summary card on the Enterprise SSO page in a Disabled status.

Test and Confirm SSO Connection

After you have completed the steps to add a new SSO connection, select the summary card for the connection from Tenant Settings → Enterprise SSO. Select Test from the bottom of the connection details to confirm the configuration settings are operational. If there are any errors reported, reapply the settings and retest until successful.

Test Connection

Review Connection

After you have successfully tested the connection, change the connection status to Enabled so all users within the specified domain(s) are subject to SSO.

Note

Identity provider initiated logins are not supported. All logins must be initiated from XDR.

Change Connection Status

To change the status of a connection, from the Enterprise SSO page:

  1. Select the menu icon from the lower-right corner of a connection summary card and choose Change Status, or select a summary card to view the connection details and choose Change Status from the right of the page.

Note

Any connection in Draft status must be updated by selecting the summary card rather than the menu icon.

  1. Select the desired connection status.
  2. Choose Save.

Change Connection Status

Change Connection Status

Edit Connection Details

To edit the details of a connection, from the Enterprise SSO page:

  1. Select a summary card to view the connection details.
  2. Choose Edit from the General Settings or Identity Provider Settings.

Edit Connection Details

Edit Connection Details

  1. Make the desired changes and select Save.

Delete Connection

Note

Connections must be changed to a Disabled status before they can be deleted.

To delete a connection, from the Enterprise SSO page:

  1. Select the menu icon from the lower-right corner of a connection summary card and choose Delete, or select a summary card to view the connection details and choose Delete.
  2. Type the word delete to confirm this action is required and then choose Confirm Delete.

Delete Connection

Delete Connection

  1. Returning to the Enterprise SSO page, verify the connection is removed.

Knowledge Base Resource

Find guidance for configuring Enterprise SSO with Azure AD in this Knowledge Base article.

 

On this page: