IBM QRadar

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Arjun,
Okta is supporting LDAP, so there should be no problem integrating it with QRadar interactive users for SSO. When you talk about bypass URL you probably think about the RESTFUL API provided.
For accessing QRadar from external you need to define an authorized service inside QRadar and talk to QRadar from you program passing token and URL for the functions you are looking for. Easiest way is implementation via curl script. Pls check the integrated Interactive API for more details.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Sun March 07, 2021 07:28 AM
From: Arjun Kumar
Subject: QRADAR SAML bypass URL?

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Dear Karl
Thank you for your response. We have tested the SSO functionality and it works flawlessly, I just wanted to know if I don't want to use SSO is there a bypass URL to access the QRadar UI and login with local admin credentials. 

T&R

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: Mon March 08, 2021 12:34 PM
From: Karl Jaeger
Subject: QRADAR SAML bypass URL?

Arjun,
Okta is supporting LDAP, so there should be no problem integrating it with QRadar interactive users for SSO. When you talk about bypass URL you probably think about the RESTFUL API provided.
For accessing QRadar from external you need to define an authorized service inside QRadar and talk to QRadar from you program passing token and URL for the functions you are looking for. Easiest way is implementation via curl script. Pls check the integrated Interactive API for more details.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Sun March 07, 2021 07:28 AM
From: Arjun Kumar
Subject: QRADAR SAML bypass URL?

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

There isn't a 'bypass UR'L for SAML user authentication.

As you observed, SAML is not like the other methods that use 'fallback' to the Local password.

See the docs for Troubleshooting SAML authentication, subtopic ' Restore system login for investigation' for how to fallback.
You edit the running login.conf by hand to restore System auth in the event of trouble. .
------------------------------
Paul Leonard
------------------------------

Original Message:
Sent: Mon March 08, 2021 12:34 PM
From: Karl Jaeger
Subject: QRADAR SAML bypass URL?

Arjun,
Okta is supporting LDAP, so there should be no problem integrating it with QRadar interactive users for SSO. When you talk about bypass URL you probably think about the RESTFUL API provided.
For accessing QRadar from external you need to define an authorized service inside QRadar and talk to QRadar from you program passing token and URL for the functions you are looking for. Easiest way is implementation via curl script. Pls check the integrated Interactive API for more details.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Sun March 07, 2021 07:28 AM
From: Arjun Kumar
Subject: QRADAR SAML bypass URL?

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: 3/8/2021 12:35:00 PM
From: Karl Jaeger
Subject: RE: QRADAR SAML bypass URL?

Arjun,
Okta is supporting LDAP, so there should be no problem integrating it with QRadar interactive users for SSO. When you talk about bypass URL you probably think about the RESTFUL API provided.
For accessing QRadar from external you need to define an authorized service inside QRadar and talk to QRadar from you program passing token and URL for the functions you are looking for. Easiest way is implementation via curl script. Pls check the integrated Interactive API for more details.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Sun March 07, 2021 07:28 AM
From: Arjun Kumar
Subject: QRADAR SAML bypass URL?

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Yes, as Ian mentioned this is our main concern. There has to be a bypass URL for admin access incase the IDP provider is down.

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: Tue March 09, 2021 08:28 AM
From: Ian Lewis
Subject: QRADAR SAML bypass URL?

Hey I think they meant that in the case of an SSO or network outage being able to still authenticate to GUI but not using sso. We are in the same boat and current solution is to SSH on and disable the SSO config in the event that occurs.

- Ian

Original Message:
Sent: 3/8/2021 12:35:00 PM
From: Karl Jaeger
Subject: RE: QRADAR SAML bypass URL?

Arjun,
Okta is supporting LDAP, so there should be no problem integrating it with QRadar interactive users for SSO. When you talk about bypass URL you probably think about the RESTFUL API provided.
For accessing QRadar from external you need to define an authorized service inside QRadar and talk to QRadar from you program passing token and URL for the functions you are looking for. Easiest way is implementation via curl script. Pls check the integrated Interactive API for more details.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Sun March 07, 2021 07:28 AM
From: Arjun Kumar
Subject: QRADAR SAML bypass URL?

Dear all,

We are planning to integrate QRADAR with Okta, it will be using the SSO method. Once SSO is implemented all logins will be through redirected through SSO, is there a way to bypass them? I know many applications do provide a bypass URL. Does anyone have info on this?

T&R
Arjun Kumar

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------