Skip to main content

Azure Active Directory

AuthTeams

Summary

Azure AD is an identity service that provides SSO and authentication. You can use Azure AD to drive insights into values such as:

  • Authentication
  • Ownership
caution

For SSO, read our Azure AD SSO Guide.

Setup

In order to connect Cortex with Active Directory, you’ll need to add your information in Settings → Azure Active Directory.

caution

If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.

  1. Start by registering a new single tenant Active Directory application.
  2. In Active Directory, navigate to your new application, and then to API Permissions. Add the following permissions:
  • Microsoft APIs → Microsoft Graph → Application permissions → User → User.Read.All
  • Microsoft APIs → Microsoft Graph → Application permissions → Group → Group.Read.All
  1. Click "Grant Admin Consent" to grant permissions for all accounts in the directory.
  2. Next, navigate to Certificates & secrets and click "New client secret". Set the expiration/description to whatever you see fit, but you'll have to remember to rotate the secret within Cortex for the Active Directory integration to continue working.
  3. Take your newly created client secret, and your tenant ID and client ID, found in the application Overview page, and enter below.

Registration

Cortex can pull team memberships from Azure AD groups.

Catalog Descriptor

You can define the following block in your Cortex Catalog Descriptor to add your Azure AD group as an owner.
x-cortex-owners:
- type: group
name: Engineering # group name in Azure AD
provider: ACTIVE_DIRECTORY

The group name is case-sensitive and should be exactly the same as in Azure AD.

Troubleshooting