IBM Support

QRadar: Configure Microsoft Azure Active Directory as Identity Provider (IdP) for User Attribute authentication

How To


Summary

The purpose of this article is to help the administrator to configure Microsoft® Azure Active Directory (Microsoft® Azure AD) as Identity Provider by using SAML 2.0 "User Attributes" authentication in QRadar®. The instructions in this technote apply only when SAML with "User Attributes" is used for authentication.

Environment

To configure this integration, the administrator must have:
 
  1. A Microsoft® Azure AD configuration.
    Check the QRadar® documentation for general steps to configure it: Configuring Azure Active Directory as an identity provider.
  2. SAML 2.0 authentication enabled in QRadar®.
    Note: SAML authentication is not available in versions before QRadar® 7.3.2.

Steps

This configuration requires both sides, Microsoft® Azure AD Management console, and QRadar® Authentication to match each other.
 
In this technote, the "Department" matches the Role by using the "user.deparment" attribute. However, these fields might vary on different Microsoft® Azure AD implementations.
Microsoft® Azure AD Management console
  1. Create the user or edit an existing user. In this example, the user is luis.

    Figure01
     
  2. Scroll down to Job Info and add under “Department” and “Company name” the "QRadar Role" and the "QRadar Security Profile".
    1. In the Department section, use the QRadar® User Role.
    2. In the Company section, use the QRadar® Security Profile.

      Figure02
       
  3. In the left pane, navigate to Enterprise applications and find the QRadar application.
  4. In the left pane, click "Single sign-on" and scroll down until the Attributes & Claims section.
  5. Add the new claims:

    group = user.companyname
    role = user.department

    Figure03
     
QRadar® Authentication
  1. On the Admin tab, click Authentication.
  2. Click Authentication Module Settings.
  3. From the Authentication Module list, select SAML 2.0.
  4. On the "How to Authorize" section, select User Attributes.
  5. Add the User Role and Security Profile Attributes values.
    Note: These values are case-sensitive and must match the claim names previously configured on the Microsoft® Azure AD Management console.

    User Role Attribute = role
    Security Profile Attribute = group

    Figure04

     
  6. Click Save Authentication Module.
Result
The user "luis" can authenticate now to QRadar® by using SAML without being configured previously in QRadar®. It is expected for QRadar® to automatically create this new user after the first login.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2;and future releases"}]

Document Information

Modified date:
12 April 2022

UID

ibm16570011