Okta SSO

Cortex supports configuring Single Sign-On (SSO) with Okta to protect access to your Cortex workspace. Additionally, you can configure Okta SCIM with Cortex.

Cortex also supports an integration to track Okta teams and team members as entity owners as well as create Scorecards involving your Okta teams. See the Okta integration page for more information.

How to configure Okta SSO for Cortex

There are two options to configure Okta SSO in Cortex:

  • Installing the Cortex app in the Okta Integration Network (OIN)

    • This option provides a simplified setup for most standard use cases. It is compatible with Okta SCIM provisioning features.

  • Creating your own app

    • This option is best if you need more flexibility in configuring redirect behavior, want to configure automatic sign-on, or if you require multiple or advanced configurations.

You must have the Configure OpenID Connector & SCIM permission.

Step 1: Install the Cortex OIN app

Cortex's OIN app configures the initial steps for Okta SSO.

  • Install the Cortex app from Okta's app list.

    • Alternatively, in your Okta instance you can navigate to Applications then select Cortex from the App integration catalog.

Step 2: Copy the client ID and client secret

  1. In Okta, navigate to the Applications page and select the Cortex app from your list of applications.

  2. Click the Sign On tab.

    In Okta, click the Sign On tab to find the client ID and client secret.
  3. Copy the values of the client ID and client secret. Store them in a secure location, as you will need these in the next steps.

Step 3: Obtain your issuer URI

In Okta, each authorization server has a unique issuer URI. See Okta's instructions for information on finding your Okta issuer URI. It should look like https://{okta-domain}.okta.com.

Step 4: Configure SSO in Cortex

  1. In your Cortex workspace, navigate to Settings > OpenID Connector.

  2. Configure the form:

    • Type: Select Okta.

    • Identifier: Enter the client ID from Step 2.

    • Secret: Enter the client secret from Step 2.

    • Issuer: Enter the issuer URI from Step 3.

  3. At the bottom of the page, click Save.

After saving your configuration, users will only have the option to sign in to your Cortex workspace via your Okta account.

Last updated

Was this helpful?