diff --git a/roles/cortex/tasks/configure.yml b/roles/cortex/tasks/configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cbcb0e99965da2affc197a7ff7b367cfd5c8843f
--- /dev/null
+++ b/roles/cortex/tasks/configure.yml
@@ -0,0 +1,81 @@
+---
+
+- name: migrate(create) cortex database
+  remote_user: root
+  shell: "curl -X POST http://127.0.0.1:9001/api/maintenance/migrate -H 'Content-Type: application/json'"
+  run_once: True
+
+- name: copy json file for admin user creation in cortex container
+  remote_user: root
+  template:
+    src: admin.json
+    dest: /tmp/admin.json
+
+- name: Create Admin(superadmin) user in cortex
+  shell: "curl -X POST http://127.0.0.1:9001/api/user -H 'Content-Type: application/json' -d @/tmp/admin.json"
+  run_once: True
+
+- name: enable basic auth
+  remote_user: root
+  lineinfile:
+    dest: "/etc/cortex/application.conf"
+    insertafter: 'auth {'
+    line: "        method.basic = true"
+  
+- name: Restart Cortex
+  remote_user: root
+  command: "supervisorctl restart cortex"
+
+- name: Wait for Cortex
+  remote_user: root
+  wait_for:
+    host: "{{groups['cortex'][0]}}"
+    port: 9001
+    state: started
+    delay: 5
+
+- name: generate api key for admin user
+  remote_user: root
+  shell: "curl -XPOST -u 'admin:{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}' 'http://127.0.0.1:9001/api/user/admin/key/renew'"
+  run_once: True
+  register: cortexadminuserkey
+  args:
+    warn: false
+  run_once: True
+
+- set_fact:
+    cortexadminuserapikey={{ cortexadminuserkey.stdout }}
+
+- name: copy cortex API key to local file
+  local_action: copy content="{{cortexadminuserapikey}}" dest=secrets/tokens/cortex_secret_key
+
+- name: copy json file for organization creation in cortex
+  remote_user: root
+  template:
+    src: cortex_organization.json
+    dest: /tmp/cortex_organization.json
+
+- name: create organization in cortex
+  remote_user: root
+  shell: "curl -XPOST -H 'Authorization: Bearer {{cortexadminuserapikey}}' -H 'Content-Type: application/json' 'http://127.0.0.1:9001/api/organization' -d  @/tmp/cortex_organization.json"
+  run_once: True
+
+- name: disable basic auth
+  remote_user: root
+  lineinfile:
+    dest: "/etc/cortex/application.conf"
+    regexp: 'method.basic = true'
+    state: absent
+
+- name: Restart Cortex
+  remote_user: root
+  command: "supervisorctl restart cortex"
+
+- name: Wait for Cortex
+  remote_user: root
+  wait_for:
+    host: "{{groups['cortex'][0]}}"
+    port: 9001
+    state: started
+    delay: 5
+
diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
index a494e3f9b8d4099da6d96ed71d9244b1f516dd81..0b9f14235eed9883daf3bf29d355a455c1b39b23 100644
--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -8,6 +8,9 @@
    - start
    - start-cortex
    - init
+- include: configure.yml
+  tags:
+   - init
 - include: stop.yml
   tags:
    - stop
diff --git a/roles/cortex/templates/admin.json b/roles/cortex/templates/admin.json
new file mode 100644
index 0000000000000000000000000000000000000000..4eb4b06b976f654ae60506a3fad33a177eeccfdd
--- /dev/null
+++ b/roles/cortex/templates/admin.json
@@ -0,0 +1 @@
+{"login":"admin","name":"Admin","password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}","roles":["superadmin"],"organization":"cortex"}
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index db6f91c611e9027aa59fd42b552685afbcd522b6..acfe9020d6979cd730eaf57c27ece4f15658b05d 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -127,7 +127,7 @@ auth {
     # scope = "profile"
 
     userIdField = "email"
-    scope = ["openid email profile offline_access User.Read"]
+    scope = ["openid email profile"]
   }
 
   ws.ssl.trustManager {
@@ -143,10 +143,10 @@ auth {
 
   # Single-Sign On
   sso {
-    autocreate = false
-    autoupdate = false
+    autocreate = true
+    autoupdate = true
     autologin = true
-    defaultRoles = ["read"]
+    defaultRoles = ["read", "analyze"]
     defaultOrganization = "{{domain}}"
 
     mapper = simple
diff --git a/roles/cortex/templates/cortex_organization.json b/roles/cortex/templates/cortex_organization.json
new file mode 100644
index 0000000000000000000000000000000000000000..f1c58fff9d6cd9c75504d07294754903bba26fcf
--- /dev/null
+++ b/roles/cortex/templates/cortex_organization.json
@@ -0,0 +1 @@
+{"name": "{{domain}}", "description": "{{domain}}", "status": "Active"}