How To
Summary
The purpose of this article is to help the administrator to configure Microsoft® Azure Active Directory (Microsoft® Azure AD) as Identity Provider by using SAML 2.0 "User Attributes" authentication in QRadar®. The instructions in this technote apply only when SAML with "User Attributes" is used for authentication.
Environment
To configure this integration, the administrator must have:
- A Microsoft® Azure AD configuration.
Check the QRadar® documentation for general steps to configure it: Configuring Azure Active Directory as an identity provider. - SAML 2.0 authentication enabled in QRadar®.
Note: SAML authentication is not available in versions before QRadar® 7.3.2.
Steps
This configuration requires both sides, Microsoft® Azure AD Management console, and QRadar® Authentication to match each other.
In this technote, the "Department" matches the Role by using the "user.deparment" attribute. However, these fields might vary on different Microsoft® Azure AD implementations.
Microsoft® Azure AD Management console
- Create the user or edit an existing user. In this example, the user is luis.
- Scroll down to Job Info and add under “Department” and “Company name” the "QRadar Role" and the "QRadar Security Profile".
- In the Department section, use the QRadar® User Role.
- In the Company section, use the QRadar® Security Profile.
- In the left pane, navigate to Enterprise applications and find the QRadar application.
- In the left pane, click "Single sign-on" and scroll down until the Attributes & Claims section.
- Add the new claims:
group = user.companyname
role = user.department
QRadar® Authentication
- On the Admin tab, click Authentication.
- Click Authentication Module Settings.
- From the Authentication Module list, select SAML 2.0.
- On the "How to Authorize" section, select User Attributes.
- Add the User Role and Security Profile Attributes values.
Note: These values are case-sensitive and must match the claim names previously configured on the Microsoft® Azure AD Management console.
User Role Attribute = role
Security Profile Attribute = group
- Click Save Authentication Module.
Result
The user "luis" can authenticate now to QRadar® by using SAML without being configured previously in QRadar®. It is expected for QRadar® to automatically create this new user after the first login.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
12 April 2022
UID
ibm16570011