Solved: Approval Link won´t open without valid SOAR User

MarinusC · 08-07-2024 07:24 AM

Hello all,

we are using a Google SecOps Instance and try to use the "Approval Link" Feature for our Playbooks.
As far as I understand it the approval can also be given from users which do not have an account in the SecOps Instance (First Line "Outside the platform": https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/assign-approval-links-in...)
After the mail is sent to my inbox and I try to open the approve or decline link in Inkognito mode, the screen stays blank and no error message appears. If I open the link in a browser session where I am logged in into Google SecOps, I can approve/decline the question.

Can anybody help me or had the same issue?
I created the playbook exactly as in the instructions mentioned above.

Thanks,
Marinus

JensW

Hi @MarinusC , we had the same issue. We opened a support case. Support has confirmed the issue and the product team is working on a fix. The support case has been open for a few weeks now, I don't know how long it will take.

View solution in original post

JensW

Hi @MarinusC , we had the same issue. We opened a support case. Support has confirmed the issue and the product team is working on a fix. The support case has been open for a few weeks now, I don't know how long it will take.

MarinusC

Hi @JensW,
thank you for your answer.
Hopefully this will be resolved soon.

AV007

I'm also facing this issue. I'm using EmailV2 for sending email with approval link.After receiving the mail in inbox when I click on approval link, I get a blank page.

There is no issue with Exchange. It works well.

Are you guys still facing this issue? Any other workaround , please suggest.

JensW

@AV007 Unfortunately, the error still exist. This is the last update we received from support:

"The product team is actively working on it since this is a delicate fix, the team is carefully working on deploying the fix which might take a few more days."

I guess it will take longer, as it is a critical change (soar access without authentication). This has to be tested properly.

AV007

Thanks for the resonse.Actually I have access to SOAR and tried testing it with my email id only. Still it gives blank page. Is this scenario also expected?

One more question - Is this issue only with Emailv2 integration because Exchange is working fine for me.

ScottieJ

I tested this with the Microsoft Graph Mail Integration successfully. I was able to use the accept / declined link in an Incognito session. If MS Graph Mail is an option, give it a try.

Chica

HI All ,

even I have same question

if we send approval link to invalid soar user will it work ?

MarinusC

No currently not, Engineering is still working on a fix for this feature.
Support told us that the fix will be available by the end of the month (August).

vanitharaj1208

is it done?

JensW

Not yet. I don‘t know a planned date either.

ORBR

Works for me with Graph Email.

Speaking of approval links, is there a way to know which recipient pressed the link?

vanitharaj1208

if we send approval link to invalid soar user will it work ?

AV007

Approval link is working with Exchange integration for non-soar users . I have tested it.

Check out the new Professional Security Operations Engineer certification beta!

Approval Link won´t open without valid SOAR User