LogoLogo
Login to CortexBook a DemoCortex Academycortex.io
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
  • Cortex Query Language (CQL)
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • Step 1: Set up a new Entra ID application
  • Step 2: Create a client secret
  • Step 3: Get the metadata document endpoint
  • Step 4: Go to Cortex settings

Was this helpful?

Export as PDF
  1. Workspace Settings
  2. Managing users
  3. Configuring SSO

Microsoft Entra ID

Last updated 2 months ago

Was this helpful?

In this guide, we'll look at the end-to-end process for setting up Microsoft Entra ID with OpenID Connect.

Step 1: Set up a new Entra ID application

From the Entra ID overview page in your Azure portal, click Add → App registration.

Enter any user-facing name for the application. It is recommended that "Cortex" is somewhere in the app's name so it is easily identifiable.

Select "Accounts in this organizational directory only" under Supported account types.

By selecting "Accounts in this organizational directory only," the SSO will only work for the given Entra instance and not for other organizations.

Under Redirect URI (optional), select Web from the dropdown and add https://cortexapp.auth0.com/login/callback as an authorized redirect URI.

Click Register to save the app. You'll then be taken to the app's overview page.

Copy the Application (client) ID - you'll need this information later on.

You can find more detailed instructions on registering an app with the Microsoft identity platform in its .

Step 2: Create a client secret

From the app's Overview page, click "Add a certificate or secret" and then go to the Client secrets tab.

Click New client secret and enter a description and expiration.

The SSO will stop working when the secret expires, so set an expiration that makes sense for your process. If you're in the habit of rotating secrets, a shorter expiration period might make more sense. If you're not, a longer duration will ensure that SSO doesn't break regularly.

Once you've saved the secret, copy the Value - you'll need that later on to set up the OpenID connector in Cortex.

Step 3: Get the metadata document endpoint

Go back to the Overview page and click the Endpoints tab.

Copy the OpenID Connect metadata document up to /v2.0 - this will give you the issuer URI. The issuer URI should be of the format https://login.microsoftonline.com/<uuid>/v2.0.

Do not include a backslash after v2.0 in the issuer URI. This will process as an invalid configuration for the URI.

Step 4: Go to Cortex settings

Select Azure under Type and enter the following information:

  • Identifier: The Application (client) ID from step 1.

  • Secret: The client secret created in step 2.

  • Issuer: The issuer URI from step 3.

Once you click save, users will only have the option to sign in to Cortex via Microsoft.

Go to in Cortex under Authentication and access.

(formerly known as Azure Active Directory)
quickstart guide
OpenID Connector settings