Platform Admin Skill
Use this skill for managing access, authentication, and authorization in Coralogix. It covers API key management, role and scope definitions, user administration, team groups, SAML SSO configuration, and IP access restrictions.
Destructive Operation Safety
All write operations (create, update, delete, set-idp, set-active, set-status) require interactive confirmation. The CLI will prompt before executing. To skip the prompt in scripts, pass
.
IMPORTANT: NEVER pass without explicit user approval. Before executing any write operation:
- Describe the exact operation to the user (what will be created/modified/deleted)
- Wait for the user to confirm
- Only then execute with
Read-only operations (list, get, search, system, sp-params, send-data-keys) do not require confirmation and can be run freely.
Read-Only Mode
Use
(or
) to block all write operations at the CLI level. This is useful for safe exploration - you can query any IAM resource without risk of accidental modifications.
Agent Mode
When running inside an AI agent (Claude Code, Cursor, Codex, etc.), cx automatically detects the agent environment and fails fast on write operations instead of hanging on a stdin prompt. The error message instructs you to get user confirmation first, then re-run with
.
CLI Commands
API Keys
| Command | Purpose |
|---|
| List all API keys |
| Get a single API key |
cx iam api-keys create --from-file
| Create an API key |
cx iam api-keys update --from-file <id>
| Update an API key |
cx iam api-keys delete <id>
| Delete an API key |
cx iam api-keys send-data-keys
| List send-data API keys |
cx iam api-keys admin list
| List all team members' keys |
cx iam api-keys admin delete --ids <id1> <id2>
| Bulk delete keys |
cx iam api-keys admin set-status --ids <id1> --active true/false
| Activate/deactivate keys |
Roles & Scopes
| Command | Purpose |
|---|
| List custom roles |
| Get a role definition |
cx iam roles create --from-file
| Create a custom role |
cx iam roles update --from-file <id>
| Update a custom role |
| Delete a custom role |
| List system (built-in) roles |
| List all scopes |
| Get a scope definition |
cx iam scopes create --from-file
| Create a scope |
cx iam scopes update --from-file
| Update a scope |
cx iam scopes delete <id>
| Delete a scope |
Users & Groups
| Command | Purpose |
|---|
| Search users (optional , ) |
cx iam users get <user-id>
| Get a single user |
cx iam users create --from-file
| Create user(s) |
cx iam users update --from-file
| Update user(s) |
cx iam users set-status --user-ids <id> --status ACTIVE/INACTIVE
| Activate/deactivate users |
| List all team groups |
| Get a group by ID |
cx iam groups get-by-name <name>
| Get a group by name |
cx iam groups users <group-id>
| List users in a group |
cx iam groups create --from-file
| Create a group |
cx iam groups update --from-file <id>
| Update a group |
cx iam groups delete <id>
| Delete a group |
SAML & IP Access
| Command | Purpose |
|---|
| Get SAML configuration |
| Get service provider parameters |
cx iam saml set-idp --from-file
| Set IDP parameters |
cx iam saml set-active --active true/false
| Activate/deactivate SAML |
| Get IP access settings |
cx iam ip-access create --from-file
| Create IP access rules |
cx iam ip-access update --from-file
| Update IP access rules |
| Delete IP access settings |
All commands support
for structured output and
for profile selection.
Access Audit Workflow
Use this workflow to produce a comprehensive access report:
Step 1: List All Users
bash
cx iam users search -o json
cx iam users search -o json | jq '[.[] | {id, name: .user_name, status, role_ids}]'
Step 2: List Roles
bash
cx iam roles list -o json
cx iam roles system -o json
Cross-reference user role IDs with role definitions to understand permissions.
Step 3: List Groups and Memberships
bash
cx iam groups list -o json
cx iam groups list -o json | jq '[.[] | {id, name, member_count: (.members | length)}]'
For each group, check members:
bash
cx iam groups users <group-id> -o json
Step 4: Inventory API Keys
bash
cx iam api-keys list -o json
cx iam api-keys admin list -o json
cx iam api-keys send-data-keys -o json
Identify old or unused keys:
bash
cx iam api-keys list -o json | jq '[.[] | {id, name, created_at, active}] | sort_by(.created_at)'
Step 5: Check IP Restrictions
bash
cx iam ip-access get -o json
Step 6: Check SAML Configuration
bash
cx iam saml get -o json
cx iam saml sp-params -o json
Step 7: Cross-Reference
Produce a summary: which users have admin roles, which API keys are old, which groups have broad access.
API Key Rotation
Safe key rotation workflow:
- List current keys:
cx iam api-keys list -o json
- Identify keys to rotate: filter by age or name
- Create replacement key:
cx iam api-keys create --from-file new-key.json --yes
- Deploy the new key to all systems using the old key
- Verify the new key works in all integrations
- Delete the old key:
cx iam api-keys delete <old-key-id> --yes
WARNING: Never delete an API key before its replacement is deployed and verified. Deleting an active key immediately breaks all integrations using it.
Safety Callouts
Deleting API keys breaks any integration using that key immediately. Always create a replacement first.
Deactivating users (
cx iam users set-status --status INACTIVE
) takes effect immediately. The user loses access with no grace period.
Changing SAML configuration (
or
) can lock out the entire team if misconfigured. Always verify SP parameters first with
.
Deleting IP access rules (
) removes all IP restrictions immediately, potentially exposing the account.
Key Principles
- Audit before modifying - run the full access audit workflow before making changes
- Never delete keys without replacement - create new key → deploy → verify → delete old
- Use for structured reports - enables jq filtering for precise access analysis
- Multi-profile for cross-environment audits - use or to audit staging + production
- Template from existing -
cx iam roles get <id> -o json > role.json
Related Skills
- - review what API keys are used for and whether they're still needed