Skip to main content
Solved

SecOps Authentication Error and Solution

  • January 13, 2025
  • 2 replies
  • 77 views
dlove40
Forum|alt.badge.img+4

We, at Foresite, ran into a SecOps authentication error with some instances we support after the recent January 11th SecOps release. https://cloud.google.com/chronicle/docs/secops/release-notes#January_11_2025

The change affected how IDP group names are passed to SecOps for SOAR authentication, preventing access to some instances.

Cause:

The issue arises from the format of group names in "IDP Group Mapping" in SOAR settings. Group names previously required brackets and quotation marks (e.g., ["soar-users"]). This formatting is no longer valid.

Solution:

To regain access, remove the brackets and quotation marks from the group names in "IDP Group Mapping" (e.g., soar-users).

Workarounds for Lost Admin Access:

Create a Matching IDP Group: Create a new group in your IDP that exactly matches the name of an existing group with admin permissions in SOAR.

Contact Google Support: Google Support can also add a group name to restore admin access.

Best answer by matthewnichols

Thank you @dlove40 Great catch. Appreciate you sharing your quick fix and solution with us!

    2 replies

    dnehoda
    Staff
    Forum|alt.badge.img+16
    • dnehoda
    • Staff
    • January 14, 2025

    I thought I was crazy today and yesterday because this worked for me on Friday - came in yesterday to this 

      matthewnichols
      Community Manager
      Forum|alt.badge.img+16
      • matthewnicholsCommunity Manager
      • Community Manager
      • Answer
      • January 14, 2025

      Thank you @dlove40 Great catch. Appreciate you sharing your quick fix and solution with us!

        Terms & ConditionsCookie settingsAccessibility statement
        Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

        © 2025 Google. All rights reserved.