Access Control
Access to infrastructure (vendor access)
A limited group of qualified and trained Chronicle SOAR DevOps engineers have access to the production service environment for support and maintenance purposes. Access is named and granted by role (RBAC) on a need-to-know basis and subject to least-privileged principles. Access is governed by a policy that requires satisfying password complexity and 2FA. These are enforced by an Identity Provider (IdP) service.
Access to SaaS Application
Users of the Chronicle SOAR cloud service are provisioned with a unique account and are required to change their initial password in accordance with password best practices. In addition, Chronicle SOAR supports SAML integration to manage access via an external customer organizational IdP.
Chronicle SOAR utilizes customizable RBAC mechanism to support any required flexibility or strictness on access control and provides a default Master Admin account which belongs to the customer.