search
Ctrlk
Get a DemoCortex AcademyWebsiteStatusLogin

Okta SSO

Cortex supports configuring Single Sign-On (SSO) with Okta to protect access to your Cortex workspace. Additionally, you can configure Okta SCIM with Cortex.

Cortex also supports an integration to track Okta teams and team members as entity owners as well as create Scorecards involving your Okta teams. See the Okta integration page for more information.

hashtag
Configuring Okta SSO for Cortex

Users with the Configure OpenID Connector & SCIM permission can configure Okta SSO in Cortex.

There are two options to configure Okta SSO:

  • Installing the Cortex app in the Okta Integration Network (OIN)arrow-up-right

    • This option provides a simplified setup for most standard use cases. It's compatible with Okta SCIM provisioning features.

  • Creating your own app

    • This option is best if you need more flexibility in configuring redirect behavior, want to configure automatic sign-on, or if you require multiple or advanced configurations.

hashtag
Configuring Okta SSO via the Cortex OIN app

hashtag
Step 1: Installing the Cortex OIN app

Cortex's OIN app configures the initial steps for Okta SSO.

  1. Install the Cortex app from the Okta OINarrow-up-right.

circle-info

You can also access the Cortex app from your Okta instance by navigating to Applications and selecting Cortex from the App Integration Catalog.

hashtag
Step 2: Copying the client ID and client secret

  1. In Okta, navigate to the Applications page and select the Cortex app from your list of applications.

  2. Click the Sign On tab.

  3. Copy the values of the client ID and client secret. Store them in a secure location, as you will need these in the next steps.

    circle-info

    Be sure to copy the client ID and the client secret and save them for later. Do not skip this step—you can only view these values once!

hashtag
Step 3: Obtaining the issuer URI

In Okta, each authorization server has a unique issuer URI. See Okta's instructionsarrow-up-right for information on finding your Okta issuer URI. It should look like https://{okta-domain}.okta.com.

hashtag
Step 4: Configuring SSO in Cortex

  1. Log in to Cortex.

  2. From the main sidebar, click your avatar in the bottom-left corner.

  3. Click Settings.

  4. From the Settings menu, scroll to the Security and access section, then select OpenID connector. The OpenID connector page is displayed.

  5. Enter the following values:

    • From the Type drop-down menu, select Okta.

    • In the Identifier field, enter your client ID.

    • In the Secret field, enter your client secret.

    • In the Issuer field, enter the issuer URI.

  6. Click Save.

Once saved, users will only be able to sign in to Cortex using their Okta account.

hashtag
Configuring Okta SSO via your own app

hashtag
Step 1: Creating an Okta app integration

  1. Log in to the Okta admin console.

  2. Navigate to Applications, then select Create App Integration.

  3. In the modal under the sign-in methods, select OIDC - Open ID Connect. Under Application type, select Web Appplication.

  4. On the next page, enter a name, logo, and grant type for the app.

    • To bypass the login screen and enable automatic sign on, see Auto sign-on below.

  5. Click Save.

    • You will be redirected to the app's overview page.

  6. From the app's overview, click the General tab. Copy the values of the client ID and client secret. Store these in a secure location, as you will need them in the next steps.

Auto sign-on

You can bypass the login screen and enable automatic sign-on with the following configuration for your Okta app:

  • Grant type: Authorization Code

  • Initiate login URI: https://cortexapp.auth0.com/login/callback

  • Sign-in redirect URI: https://app.getcortexapp.com/login?tenantCode=TENANT_CODE

hashtag
Step 2: Configuring SSO in Cortex

  1. Log in to Cortex.

  2. From the main sidebar, click your avatar in the bottom-left corner.

  3. Click Settings.

  4. From the Settings menu, scroll to the Security and access section, then select OpenID connector. The OpenID connector page is displayed.

  5. Enter the following values:

    • From the Type drop-down menu, select Okta.

    • In the Identifier field, enter your client ID.

    • In the Secret field, enter your client secret.

    • In the Issuer field, enter your Okta account domain, e.g. https://{okta-domain}.okta.com.

  6. Click Save.

Once saved, users will only be able to sign in to Cortex using their Okta account.

hashtag
Troubleshooting and FAQ

See frequently asked questions below.

I see authentication failures and/or can't to connect to Okta

Follow these steps:

  1. Check your network connectivity from Cortex to Okta endpoints.

  2. Verify no firewall rules or network changes are blocking outbound traffic.

  3. Confirm required Okta domains/endpoints are reachable.

I see TLS handshake failures in the logs / The TLS handshake could not complete, blocking the authentication flow

Follow these steps:

  1. Validate that outbound HTTPS (port 443) is allowed.

  2. Check for SSL/TLS inspection or proxy interference.

  3. Confirm certificates are not blocked or altered.

PreviousGoogle SSONextOther OIDC SSO providers

Last updated

Was this helpful?