Skip to main content
Version: Next

Windows Authentication

Cortex supports Windows Authentication via IIS. This uses the user's Windows credentials to authenticate, so no separate login screen is shown.

note

For most environments, SAML with ADFS or Azure AD is the recommended approach over Windows Authentication. See Authentication for a comparison of available options.

Prerequisites

  • The Windows Authentication feature must be enabled in IIS

Step 1 - Configure IIS

  1. Open IIS Manager.
  2. Select the Cortex application node.
  3. Open Authentication.
  4. Disable Anonymous Authentication.
  5. Enable Windows Authentication.

If Windows Authentication is not listed, it needs to be added via Add Windows Features under Internet Information Services > World Wide Web Services > Security.

Step 2 - Configure Cortex

In appsettings.json, set the authentication type to windows:

{
  "Authentication": {
    "Type": "windows"
  }
}

How User Matching Works

When a user authenticates, Cortex looks up their Windows account name and attempts to find a matching user record in your source system.

Account IDs are matched in the format domain\login against the Windows Login ID field on the user account record.

  • If a match is found, a Cortex user account is created using the domain\login identifier as both the Name and Email Address.
  • If no match is found automatically, you will need to create user accounts manually via the User Management page.

Troubleshooting

If users are not matched or cannot log in, see:

Administration Troubleshooting