> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Set up a Palo Alto Networks Cortex XSOAR connector
> C1 provides identity governance for Cortex XSOAR. Integrate your Cortex XSOAR instance with C1 for unified visibility and governance over user access.
## Capabilities
| Resource | Sync | Provision |
| :------- | :------------------------------------------------------------ | :-------- |
| Accounts | | |
| Roles | | |
## Gather XSOAR credentials
Configuring the connector requires you to pass in credentials generated in XSOAR. Gather these credentials before you move on.
A user with the **Admin** role or a custom role with the ability to generate API tokens in XSOAR must perform this task.
### Generate an API key
Log into Cortex XSOAR and navigate to **Settings & Info** > **Settings** > **Integrations** > **API Keys**.
Click **New Key**.
Choose the **Standard** API key.
If desired, set an expiration for the API key and add a comment describing the key's purpose.
Give the API key the **Admin** role or a custom role with the permission to read user and role data.
Click **Save** to generate the new API key.
Carefully copy and save the API key.
## Find your API URL
In the table of API keys, right-click your newly generated API key and select **View Examples**.
Copy the CURL Example URL. The example contains your FQDN, which forms part of your unique API URL. The API URL is in this form: `https://api-{fqdn}/xsoar/`.
**Done.** Next, move on to the connector configuration instructions.
## Configure the XSOAR connector
To complete this task, you'll need:
* The **Connector Administrator** or **Super Administrator** role in C1
* Access to the set of XSOAR credentials generated by following the instructions above
**Follow these instructions to use a built-in, no-code connector hosted by C1.**
In C1, navigate to **Integrations** > **Connectors** and click **Add connector**.
Search for **XSOAR** and click **Add**.
Choose how to set up the new XSOAR connector:
* Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)
* Add the connector to a managed app (select from the list of existing managed apps)
* Create a new managed app
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.
If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
Click **Next**.
Find the **Settings** area of the page and click **Edit**.
Enter the API URL of the Cortex XSOAR instance in the **API URL** field.
Paste the API key into the **Token** field.
Click **Save**.
**Done.** The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
**Follow these instructions to use the XSOAR connector, hosted and run in your own environment.**
When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with C1, automatically syncing and uploading data at regular intervals. This data is immediately available in the C1 UI for access reviews and access requests.
### Resources
* [GitHub repository](https://github.com/conductorone/baton-xsoar): Access the source code, report issues, or contribute to the project.
### Step 1: Set up a new XSOAR connector
In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
Search for **Baton** and click **Add**.
Choose how to set up the new XSOAR connector:
* Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)
* Add the connector to a managed app (select from the list of existing managed apps)
* Create a new managed app
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.
If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
Click **Next**.
In the **Settings** area of the page, click **Edit**.
Click **Rotate** to generate a new Client ID and Secret.
Carefully copy and save these credentials. We'll use them in Step 2.
### Step 2: Create Kubernetes configuration files
Create two Kubernetes manifest files for your XSOAR connector deployment:
#### Secrets configuration
```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
# baton-xsoar-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: baton-xsoar-secrets
type: Opaque
stringData:
# C1 credentials
BATON_CLIENT_ID:
BATON_CLIENT_SECRET:
# XSOAR credentials
BATON_API_URL:
BATON_TOKEN:
```
See the connector's README or run `--help` to see all available configuration flags and environment variables.
#### Deployment configuration
```yaml expandable theme={"theme":{"light":"css-variables","dark":"css-variables"}}
# baton-xsoar.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: baton-xsoar
labels:
app: baton-xsoar
spec:
selector:
matchLabels:
app: baton-xsoar
template:
metadata:
labels:
app: baton-xsoar
baton: true
baton-app: xsoar
spec:
containers:
- name: baton-xsoar
image: ghcr.io/conductorone/baton-xsoar:latest
imagePullPolicy: IfNotPresent
env:
- name: BATON_HOST_ID
value: baton-xsoar
envFrom:
- secretRef:
name: baton-xsoar-secrets
```
### Step 3: Deploy the connector
Create a namespace in which to run C1 connectors (if desired), then apply the secret config and deployment config files.
Check that the connector data uploaded correctly. In C1, click **Apps**. On the **Managed apps** tab, locate and click the name of the application you added the XSOAR connector to. XSOAR data should be found on the **Entitlements** and **Accounts** tabs.
**Done.** Your XSOAR connector is now pulling access data into C1.