IBM Support

QRadar: Configure Microsoft Azure Active Directory as Identity Provider (IdP) for basic authentication

How To


Summary

The purpose of this article is to help the administrator to configure Microsoft® Azure Active Directory (Microsoft® Azure AD) as Identity Provider by using SAML 2.0 authentication in QRadar®. The instructions in this technote apply only when SAML is used for authentication.

Environment

To configure this integration, the administrator must have:
 
  • A Microsoft® Azure AD account configured with administrative access.
  • SAML 2.0 authentication enabled in QRadar®. For more information about SAML authentication, see Configuring SAML authentication.
    Note: SAML authentication is not available in versions before QRadar® 7.3.2.

Steps

Administrator must configure a new Azure application and configure it before it is integrated with QRadar.
Create an Azure application.
  1. Log in to the Azure AD portal as an administrator.

  2. Expand the navigation menu ( Navigation menu icon ), then click Azure Active Directory.

    Figure01
    Figure01-2
  3. Click Add, then Enterprise applications.
    Figure02
  4. Click Create your own application.
    Note: QRadar is not listed as an existing application.
    Figure04
  5. Give a descriptive application name and select Integrate any other application you don't find in the gallery (Non-gallery).
    Note: In this technote, QradarSAML is the application name.
    image-20220726103604-1
  6. Wait until the application is created. After it is created, a management page is displayed.
    Note: The application might take a few minutes to be created.

    Result
    The application is created and you can proceed to configure it.
     
Configure the newly created Azure application.
  1. In left navigation pane, click Single Sign-on and select SAML.
    Figure06
  2. Click Edit, specify the following values in the settings, and save the changes. In this technote, the Console's FQDN is qradar-console01.test.local.
    1. Identifier: Type the QRadar Console's URL such as https://<Console FQDN>/console.
    2. Reply URL: Type the QRadar Console's URL such as https://<Console FQDN>/console/SAMLSSOAssertionConsumerService.
      Figure08
  3. Assign the users and groups entitled to use the application.
    1. Click Overview, and select Assign users and groups.
      Figure09
    2. Click Add user/group.
      Figure10
    3. Click None Selected.
    4. Search the required users and groups. In this technote, luis role is used in the example image.
    5. Click Select.
    6. Click Assign to add the users and groups to be entitled.
      Figure11
  4. Click Enterprise Application, and select the recently created application. In this technote, QradarSAML is the application name.
  5. Scroll down until SAML certificate and download the Federation Metadata XML file.Figure12
    Result
    Azure AD is ready to be integrated with IBM QRadar®.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2;and future releases"}]

Document Information

Modified date:
26 July 2022

UID

ibm16590763

Page Feedback