Entra ID (Azure AD) SSO
Cortex supports configuring Single Sign-On (SSO) with Microsoft Entra ID (formerly known as Azure Active Directory) with OpenID Connect for protecting access to your Cortex workspace.
Cortex also supports an integration to track Entra ID teams and team members as entity owners as well as create Scorecards involving your Entra ID teams. See the Entra ID (Azure AD) integration page for more information.
How to configure Entra ID SSO for Cortex
You must have the Configure OpenID Connector & SCIM
permission.
Step 1: Set up a new Entra ID application in Azure
From the Entra ID overview page in your Azure portal, click Add > App registration.
Enter a descriptive name for the application, such as "Cortex login." .
Under "Supported account types," select Accounts in this organizational directory only.
Selecting this option means the SSO will only work for the given Entra instance and not for other organizations.
Under "Redirect URI (optional)," select Web from the dropdown menu.
In the Authorized redirect URI field, enter
https://cortexapp.auth0.com/login/callback
.Click Register to save the app. You will be redirected to the app's overview page.
Copy the Application (client) ID value and store it in a secure location, as you will need this in the next steps.
You can find more detailed instructions on registering an app with the Microsoft identity platform in its quickstart guide.
Step 2: Create a client secret in Azure
From the app's Overview page in Azure, click Add a certificate or secret then go to the Client secrets tab.
Click New client secret. Enter a description and expiration.
The SSO will stop working when the secret expires, so set an expiration that makes sense for your process. If you regularly rotate secrets, a shorter expiration period might make more sense. If you do not, a longer duration will ensure that SSO continues to function without frequent interruption.
Click Save.
Copy the value of the secret and store it in a secure location, as you will need this in the next steps.
Step 3: Obtain the metadata document endpoint in Azure
Go to the Overview page in Azure and click the Endpoints tab.
Copy the OpenID Connect metadata document up to
/v2.0
.It should be in the format
https://login.microsoftonline.com/<uuid>/v2.0
.
Step 4: Configure SSO in Cortex
In your Cortex workspace, navigate to Settings > OpenID Connector.
Configure the form:
Type: Select
Azure
.Identifier: Enter the application (client) ID from Step 1.
Secret: Enter the client secret created in Step 2.
Issuer: Enter the issuer URI from Step 3.
Do not include a backslash after
v2.0
in the issuer URI. This will process as an invalid configuration for the URI.
At the bottom of the page, click Save.
After saving your configuration, users will only have the option to sign in to your Cortex workspace via Microsoft Entra ID.
Last updated
Was this helpful?