SecOps Authentication Error and Solution

Question

We, at Foresite, ran into a SecOps authentication error with some instances we support after the recent January 11th SecOps release. https://cloud.google.com/chronicle/docs/secops/release-notes#January_11_2025

The change affected how IDP group names are passed to SecOps for SOAR authentication, preventing access to some instances.

Cause:

The issue arises from the format of group names in "IDP Group Mapping" in SOAR settings. Group names previously required brackets and quotation marks (e.g., ["soar-users"]). This formatting is no longer valid.

Solution:

To regain access, remove the brackets and quotation marks from the group names in "IDP Group Mapping" (e.g., soar-users).

Workarounds for Lost Admin Access:

Create a Matching IDP Group: Create a new group in your IDP that exactly matches the name of an existing group with admin permissions in SOAR.

Contact Google Support: Google Support can also add a group name to restore admin access.

Page 1 / 1

I thought I was crazy today and yesterday because this worked for me on Friday - came in yesterday to this

Thank you @dlove40 Great catch. Appreciate you sharing your quick fix and solution with us!

Reply

matthewnichols · Accepted Answer

Thank you @dlove40 Great catch. Appreciate you sharing your quick fix and solution with us!

dnehoda · Answer

I thought I was crazy today and yesterday because this worked for me on Friday - came in yesterday to this

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded