Enable SSO for Cortex Self-manage
Cortex Self-Managed comes with support for Single Sign-On (SSO) with any authentication provider that supports OIDC.
Your self-managed instance does not include SSO enabled by default to allow for easy iteration.
Step 1: Configure an app in your SSO provider
Create an app in your SSO provider to be used for Cortex.
Set the redirect URL to be
http(s)://[CORTEX BACKEND HOST]/login/oauth2/code/[PROVIDER]
,for example, on Cortex Cloud, the Okta URL would be
https://api.getcortexapp.com/login/oauth2/code/okta
. Other common provider values include:Amazon SAML -
amazon
Azure Active Directory -
azuread
Google SSO -
google
JumpCloud SAML -
jumpcloud
Okta SSO -
okta
Generic OIDC -
auth0
Copy the client ID, client secret, and issuer URI. Store these in a secure location, as you will need them int he next steps.
Step 2: Configure SSO in Cortex
In Cortex, navigate to Settings > OpenID Connector.
Configure the OIDC form:
Type: Select your SSO provider.
If your provider is not listed, type its name into the Type dropdown then click +Add new.
Identifier: Enter your client ID.
Secret: Enter your client secret.
Issuer: Enter your Issuer URI, e.g.,
https://{your-org}.okta.com
.For Okta, if you are using the default authorization server then your Issuer will be
https://{your-org}.okta.com/oauth2/default
.
At the bottom of the page, click Save.
To verify your setup, log out and back in. You should be prompted to log in with SSO.
Disabling SSO
If you misconfigured your SSO setup, you can disable auth again by connecting to the database for your Cortex instance and running DELETE FROM oidc_client_secret_basic_connections;
. After doing this, refresh the page to log back in.
Last updated
Was this helpful?