The purpose of this article is to help the administrator to configure Microsoft® Active Directory Federation Services (Microsoft® AD FS) as Identity Provider by using SAML 2.0 "User Attributes" authentication in QRadar®. The instructions in this technote apply only when SAML with "User Attributes" is used for authentication.
- A Microsoft® AD FS service configured.
Check the QRadar® documentation for general steps to configure it: Setting up SAML with Microsoft® Active Directory Federation Services.
- SAML 2.0 authentication enabled in QRadar®
Note: SAML authentication is not available in versions prior QRadar® 7.3.2
- Create the user.
Note: The "Last name" is the Tenant in QRadar®.
- Right-click in the User, select Properties, and select the Organization Tab.
- In the Department section, use the QRadar® User Role.
- In the Company section, use the QRadar® Security Profile.
- At the left pane, navigate until the Claim rule name section by following:
- In the Relying Party Trusts folder, select the new trust you created, then click Edit Claim Issuance Policy.
- Click Add Rule (or Edit if there is one already created).
- Select Send LDAP Attributes as Claims from the Claim rule template menu, then click Next.
- Type a Claim rule name, and select in the Attribute store drop-down menu, Active Directory.
- In the “Mapping of LDAP attributes to outgoing claim types” section, modify it to match the 3 fields outlined in the screen capture:
- Enable SAML 2.0 authentication.
- On the Admin tab, click Authentication.
- Click Authentication Module Settings.
- From the Authentication Module list, select SAML 2.0.
- Metadata File: Import the metadata file provided by the Microsoft® AD FS server.
- Select "User Attributes" in the How to authorize section
- From the drop-down menu select:
- User Role Attribute: Role
- Security Profile Attribute: Group
- Tenant Attribute: Surname
- Click Save Authentication Module
- Save the metadata file in a safe and accessible location. This file is required in the Microsoft® AD FS.
- Finally, deploy the changes.
Was this topic helpful?
11 June 2021