This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

SOAR MSSP and customer access

Posted on 07-05-2024 06:00 AM
Roberto_Lio
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

HI all

we have configured our Secops MSSP tenant using  Workforce Identity Pool  and MS365 as backend IdP as explained here

https://www.googlecloudcommunity.com/gc/Onboarding-Journey/Security-Operations-SIEM-Step-1-OnBoardin...

posted by @jstoner .

I am trying to figure out if there is a different way to delegate access to SOAR using a customer IdP as well, without going through my IdP.

Would it be possible to use CIAM aka "Identity Platform" to be able to have a single point of configuration of different SAML IdPs?

Thanks!

Roberto

 

 

0 2 470
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
hzmndt
Staff
Reply posted on --/--/---- --:-- AM

Hi Roberto,

Not sure if I understand you correctly, you want to be able to login to SecOps MSSP tenant with two IdP (1 your's and 1 customer's), if yes, then we can have multiple front-end paths to access, one path for your IdP and the other path for customer's IdP.

Do reach out to Chronicle Support to get the 2nd front-end path (or customer_subdomains if you usingCustomer Management API)

https://cloud.google.com/chronicle/docs/preview/customer-management-api/customer-management-api

 

0 Likes

Posted on --/--/---- --:-- AM
Roberto_Lio
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

HI @hzmndt 

no, the problem is different. We have several  IdP in my company. When we attach the MSSP tenant with the first Workforce Identity Backend, only this IdP can have acces to the SOAR environment(the problem is limited to access in the SOAR platform and not SIEM). Customers and other IdP attached to the WIP cannot have access to the SOAR. In SSO page, SecOps area in GCP, only 1 IdP can be selected. But this prevents other federation-connected IdPs from being able to log in.

 

Roberto_Lio_0-1721045770581.png

I'm not sure if I was clear about the problem, but when SOAR was not embedded in the single SecOps interface, you could connect several IdPs directly to SOAR interface, but now you can no longer do that

0 Likes