Authentication

Cortex supports five authentication modes:

• None - allow all visitors in as the built-in CSDAdmin user (this user must exist)
• Internal - Internal Cortex Authentication with manually created user accounts.
• Windows Authentication via IIS - Cortex supports Windows Authentication via IIS, but it is strongly recommended to use SAML with ADFS or SAML with Azure AD instead.
• SAML
  • SAML using ADFS
  • SAML using Azure AD (Entra ID)
  • SAML using Okta
  • SAML using Google Workspace
• OpenID Connect using Keycloak

Other authentication services, like Okta, Azure AD, and Shibboleth, are likely to work (with either SAML or OpenID Connect), but have not been tested. If you have questions about a particular authentication scenario, please contact us. If it worked with Cherwell, it likely works with Cortex, but may require additional (undocumented) configuration.

If you use SAML authentication, you may be interested in configuring automatic redirection to the SAML provider. By default, users will see a screen showing that they are currently logged out and need to click to be redirected to the SAML authentication provider, but there is a setting available to have users automatically redirected instead.