Single Sign-On with Microsoft

Set up Single Sign-On with Microsoft

Step 1: Set the Base URL

  1. In the CloudQuery Platform sidebar, click on your user profile, then select Admin Settings.

  2. Switch to the Single Sign-On tab.

  3. In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.

    • This should be the domain or subdomain where you host CloudQuery Platform, e.g., https://cloudquery.example.com.

Configuration of your domain name in CloudQuery platform

Step 2: Register an Application in Microsoft Entra ID

  1. In a new tab, navigate to Microsoft Entra ID (Azure AD).

  2. Click Enterprise Applications → New Application.

  3. Click Create your own application.

  4. Enter a name for the application, such as CloudQuery, and select Integrate any other application you don’t find in the gallery (Non-gallery).

  5. Click Create.

Creating a new enterprise application

Step 3: Configure SAML-based SSO

  1. Inside the newly created application, navigate to Single sign-on under Manage section.

  2. Select SAML as the sign-in method.

Setup of SAML protocol
  1. Click Edit under Basic SAML Configuration.

  2. Enter the following details:

    • Identifier (Entity ID): Copy this value from the CloudQuery Admin panel.

    • Reply URL (ACS URL): Copy this value from the CloudQuery Admin panel.

  3. Click Save.

SAML configuration with values from CloudQuery admin page

Step 4: Download & Upload Metadata

  1. Scroll down to the SAML Certificates section.

  2. Click Download next to Federation Metadata XML.

    • This will download a file named MicrosoftIDPMetadata.xml.

Download of Federation Metadata XML file

In the CloudQuery Admin panel, click Upload metadata file and upload the MicrosoftIDPMetadata.xml file as shown in the figure below:

Uploading federation metadata XML file

Step 5: Configure User Attributes & Claims

  1. Click Edit in the Attributes & Claims section.

  2. Add the following mappings:

    • Givenname → first_name

    • Surname → last_name

    • Emailaddress → email

  3. Click Save.

Configuration of attributes

Step 6: Assign Users and Groups

  1. In the Users and groups section, click Add user/group.

  2. Select the users or groups that should have access to CloudQuery.

  3. (Optional) To grant admin permissions, create a specific Microsoft Entra ID Group and assign it to users who need admin access.

  4. In the CloudQuery Admin panel, enter the exact group name in the Admin group key field to match the app attribute in Microsoft.

Step 7: Enable User Access

  1. Navigate to Enterprise Applications → CloudQuery.

  2. Click Properties.

  3. Set Enabled for users to sign in? to Yes.

  4. Click Save.

Enablement of sign-in

Step 8: Save and Test

  1. In the CloudQuery Admin panel, click Save and enable.

  2. In the Microsoft Entra ID portal, click Test SAML login.

  3. If everything is set up correctly, you should be logged into CloudQuery Platform with your Microsoft account.

Last updated

Was this helpful?