Microsoft Entra ID
Last updated
Last updated
In this guide, we'll look at the end-to-end process for setting up Microsoft Entra ID with OpenID Connect.
From the Entra ID overview page in your Azure portal, click Add → App registration.
Enter any user-facing name for the application. It is recommended that "Cortex" is somewhere in the app's name so it is easily identifiable.
Select "Accounts in this organizational directory only" under Supported account types.
Under Redirect URI (optional), select Web from the dropdown and add https://cortexapp.auth0.com/login/callback as an authorized redirect URI.
Click Register to save the app. You'll then be taken to the app's overview page.
Copy the Application (client) ID - you'll need this information later on.
You can find more detailed instructions on registering an app with the Microsoft identity platform in its .
From the app's Overview page, click "Add a certificate or secret" and then go to the Client secrets tab.
Click New client secret and enter a description and expiration.
Once you've saved the secret, copy the Value - you'll need that later on to set up the OpenID connector in Cortex.
Go back to the Overview page and click the Endpoints tab.
Copy the OpenID Connect metadata document up to /v2.0 - this will give you the issuer URI. The issuer URI should be of the format https://login.microsoftonline.com/<uuid>/v2.0.
Do not include a backslash after v2.0 in the issuer URI. This will process as an invalid configuration for the URI.
Select Azure under Type and enter the following information:
Identifier: The Application (client) ID from step 1.
Secret: The client secret created in step 2.
Issuer: The issuer URI from step 3.
Once you click save, users will only have the option to sign in to Cortex via Microsoft.
Go to in Cortex under Authentication and access.