Skip to main content

Azure Active Directory



Azure AD is an identity service that provides SSO and authentication. You can use Azure AD to drive insights into values such as:

  • Authentication
  • Ownership

For SSO, read our Azure AD SSO Guide.


In order to connect Cortex with Active Directory, you’ll need to add your information in Settings → Azure Active Directory.


If you do not see the Settings page you're looking for, you likely don't have the proper permissions and need to contact your admin.

  1. Start by registering a new single tenant Active Directory application.
  2. In Active Directory, navigate to your new application, and then to API Permissions. Add the following permissions:
  • Microsoft APIs → Microsoft Graph → Application permissions → User → User.Read.All
  • Microsoft APIs → Microsoft Graph → Application permissions → Group → Group.Read.All
  1. Click "Grant Admin Consent" to grant permissions for all accounts in the directory.
  2. Next, navigate to Certificates & secrets and click "New client secret". Set the expiration/description to whatever you see fit, but you'll have to remember to rotate the secret within Cortex for the Active Directory integration to continue working.
  3. Take your newly created client secret, and your tenant ID and client ID, found in the application Overview page, and enter below.


Cortex can pull team memberships from Azure AD groups.

Entity descriptor

You can define the following block in your Cortex entity descriptor to add your Azure AD group as an owner.
- type: group
name: Engineering # group name in Azure AD

The group name is case-sensitive and should be exactly the same as in Azure AD.