Positive SSO (SAML)
SAML-based SSO integration enabling authentication between Cortex (Service Provider) and external Identity Providers.
Positive SSO (SAML)
The Positive SSO service integrates Cortex authentication with external SAML-based Identity Providers (IdPs). In this integration, Cortex acts as the Service Provider (SP).
This enables federated authentication where users authenticate via their organisation's identity provider and are seamlessly logged into Cortex-powered applications.
Environments
| Environment | Base URL |
|---|---|
| Stage | Contact Cortex support |
| Production | Contact Cortex support |
Postman Collection
For full request/response examples including SAML payloads, use the Postman collection:
Authentication Flow
- SP-Initiated Login — The user accesses a Cortex application, which redirects to the IdP for authentication
- IdP Authentication — The user authenticates with the IdP (e.g. Active Directory, Okta)
- SAML Response — The IdP sends a signed SAMLResponse back to Cortex
- Token Exchange — Cortex validates the SAML assertion and issues a JWT access token
- Logout — Can be initiated from either the SP or the IdP
Key Concepts
- Service Provider (SP): Cortex — the application that relies on the IdP for authentication
- Identity Provider (IdP): The external auth system (e.g. Active Directory, Okta, Azure AD)
- SAMLResponse: Signed XML assertion containing authentication/logout confirmation
- SAMLRequest: Signed XML request for initiating logout
- RelayState: The URL to redirect to after the SAML operation completes
- JWT: After SAML validation, Cortex issues its own JWT for subsequent API calls
Updated about 14 hours ago