Set up authentication - Authenticate Cortex Cloud users using SAML 2.0 or Customer Support Portal (CSP). - Administrator Guide - Cortex CLOUD

Authenticate through the Customer Support Portal

When users log into Cortex Gateway or the tenant (provided they are assigned a role) they are prompted to sign into the Customer Support Portal using their username and password or 2FA (if set up). This is the default method of authentication.

Use the Customer Support Portal (CSP) if you want to locally manage your users, or if you want them to be able to open support tickets. Conversely, use SAML Single Sign-On (SSO) if you want your organization's external Identity Provider (IdP) to manage user authentication according to your corporate standards.

Authenticate using SAML single sign-on in the Cortex Cloud tenant

Users can be authenticated using your IdP provider such as Okta, Ping, or Microsoft Entra ID. You can use any IdP that supports SAML 2.0. After you configure the SSO integration you need to map group SAML group membership to user groups in Cortex Cloud. Use SAML Single Sign-On (SSO) configurations when you require Cortex Cloud users to authenticate according to your organization's precise corporate compliance and access standards as implemented inside your enterprise Identity Provider (IdP). This is critical for enforcing corporate Multi-Factor Authentication (MFA) mandates, complex identity validation, handling automatic de-provisioning (for example, when a user leaves the company), or specific conditional network access policies before granting portal admission.

Removes the administrative burden of requiring separate accounts to be configured through the Customer Support Portal.

Enforces multi-factor authentication (MFA) and any conditional access policies on the user login at the IdP before granting a user access to Cortex Cloud.

Maps SAML group memberships to user groups and roles, allowing you to manage role-based access control.