Okta

In this guide, we'll look at the two ways to configure Okta SSO in Cortex: through Cortex's app in the Okta Integration Network or by creating your own.

Configuring Okta SSO with the Cortex OIN app

1. Add the Cortex app

Cortex's OIN app takes care of most of the steps involved in setting up Okta SSO. Add the integration from this page or from the App integration catalog available under Applications in your Okta instance.

2. Copy the client ID and client secret

Once the app is installed, go back to the Applications page in your Okta admin console and select the Cortex app from your list of applications.

Click the Sign On tab to find the Client ID and Client Secret.

Okta OIDC app

3. Get the issuer URI

Instructions for finding your Okta issuer URI can be found here. It should look like https://{okta domain}.okta.com.

4. Go to Cortex settings

Go to OpenID Connector settings in Cortex under Authentication and access.

Select Okta under Type and enter the following information:

Identifier: The Client ID from step 2.
Secret: The client secret created in step 2.
Issuer: The issuer URI from step 3.

Once you click save, users will only have the option to sign in to Cortex via Okta.

Configuring Okta SSO with your own app

1. Create an Okta app integration

From your Okta admin console, navigate to Applications and select Create App Integration.

In the modal, select OIDC - Open ID Connect from the sign-in method options and Web Appplication under application type.

On the next page, you can enter more details about the app, including a name, logo, and grant type.

On-prem Cortex users should replace existing URI under Sign-in redirect URIs with https://cortex.backend.url/login/oauth2/code/okta. The Sign-out redirect URIs should be https://cortex.backend.url/logout.

Auto sign-on

You can bypass the login screen and enable automatic sign-on by creating a custom Okta app with the following configurations:

Grant type: Authorization Code
Redirect URI: https://cortexapp.auth0.com/login/callback
Sign-in redirect URI: https://app.getcortexapp.com/login?tenantCode=TENANT_CODE

2. Copy the Client ID and Client Secret

Once you save the app, you'll be taken to its overview page. From the General tab, copy the Client ID under Client Credentials and the secret under Client Secrets.

3. Go to Cortex settings

Go to OpenID Connector settings in Cortex under Authentication and access.

Select Okta under Type and enter the following information:

Identifier: The Client ID from step 2.
Secret: The client secret created in step 2.
Issuer: Your Okta account domain.

Configuring Okta SSO with the Cortex OIN app​

1. Add the Cortex app​

2. Copy the client ID and client secret​

3. Get the issuer URI​

4. Go to Cortex settings​

Configuring Okta SSO with your own app​

1. Create an Okta app integration​

Auto sign-on​

2. Copy the Client ID and Client Secret​

3. Go to Cortex settings​