Skip to main content

Azure Active Directory

AuthTeams

Overview

Azure Active Directory, now known as Microsoft Entra ID, is an identity service that provides SSO and authentication. Integrate Cortex with Azure AD to drive insights into ownership of entities.

caution

For information on configuring Entra ID SSO for logging in to Cortex, see the Microsoft Entra ID SSO Guide.

How to configure Azure AD with Cortex

caution

If you do not see the settings page you're looking for, you likely don't have the proper permissions and need to contact your admin.

Step 1: Register and configure a new Active Directory application

  1. Follow Microsoft's documentation to register a new single tenant AD application.
  2. In AD, navigate to your new application, and then to API Permissions. Add the following permissions:
    • Microsoft APIs > Microsoft Graph > Application permissions > User > User.Read.All
    • Microsoft APIs > Microsoft Graph > Application permissions > Group > Group.Read.All
  3. Click Grant Admin Consent to grant permissions for all accounts in the directory.
  4. Navigate to Certificates & secrets and click New client secret.
    • Note that you will need to rotate the secret before the expiration date you set for it.
  5. Navigate to the application's Overview page and copy the client ID. You will need the client ID and secret in the next steps.

Step 2: Configure the integration in Cortex

  1. In Cortex, navigate to the Azure Active Directory settings page:
    1. In Cortex, click your avatar in the lower left corner, then click Settings.
    2. Under "Integrations", click Azure Active Directory.
  2. Configure the Azure AD integration form:
    • Tenant ID: Enter your Azure AD tenant ID.
    • Client ID and Client secret: Enter the client ID and secret you generated in the previous steps.
  3. Click Save.
    • You will be redirected to the Azure Active Directory settings page in Cortex, where you can optionally set a group filter to limit which groups are pulled in from Azure AD.

How to connect Cortex entities to Azure AD

Import entities from Azure AD

To import teams and team memberships:

  1. In the main nav of Cortex, click Catalogs > Teams.
  2. On the right side of the Teams page, click Add team.
  3. On the "Import entities" page, select Azure Active Directory.
  4. A list of discovered entities will appear. Click the team you want to add.
    • If your expected teams do not appear, click Sync teams in the upper left corner of the "Import teams" page.
  5. When you click a team, you will be redirected to the "Team details" page where you can configure basic details, Slack channels, parent and children teams, on-call, and links. When you are finished, click Save team at the bottom of the page.

Editing the entity descriptor

You can define the following block in your Cortex entity descriptor to add your Azure Active Directory group as an owner. 
x-cortex-owners:
  - type: group
    name: Engineering # group name in Azure Active Directory
    provider: ACTIVE_DIRECTORY

The group name is case-sensitive and should be exactly the same as in Azure Active Directory.

Expected results

Teams page

Under Catalogs > Teams, you will see teams and team members pulled in from Azure AD.

Entity pages

If you have ownership of entities set up, then Azure AD teams and users will be listed in the Owners page for an entity.

Background sync

Cortex conducts an ownership sync every day at 6 a.m. UTC.

Scorecards and CQL

With the Azure AD integration, you can create Scorecard rules and write CQL queries based on Azure AD teams.

See more examples in the CQL Explorer in Cortex.

All ownership details

A special built-in type that supports a null check or a count check, used to enforce ownership of entities.

Definition: ownership: Ownership | Null

Example

You can create a Scorecard with a rule that checks if an entity has at least one team as an owner.

ownership.teams().length > 0

Still need help?

The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:

  • Email: help@cortex.io, or open a support ticket in the in app Resource Center
  • Chat: Available in the Resource Center
  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your customer success manager.