CloudQuery Platform
  • Introduction
    • Welcome to CloudQuery Platform
    • Getting Help
  • Quickstart
    • Creating a New Account
    • Platform Activation
  • Core Concepts
    • Integrations
    • Syncs
    • Filters & Queries
    • SQL Console
    • Reports
  • Integration Guides
    • Setting up an AWS Integration
    • Setting up an AWS Cost and Usage Integration
    • Setting up a GCP Integration
    • Setting up an Azure Integration
    • Setting up a GitHub Integration
    • Setting up a K8s Integration
      • Using AWS EKS
      • Using Azure AKS
      • Using GCP GKE
    • General Integration Setup Guide
    • General Destination Setup Guide
  • Syncs
    • Setting up a Sync
    • Monitoring Sync Status
  • Cloud insights
    • From cloud asset inventory to insights
      • Security-focused queries
      • Compliance-focused queries
      • FinOps-focused queries
  • Production Deployment
    • Enabling Single Sign-on (SSO)
      • Single Sign-On with Google
      • Single Sign-On with Microsoft
      • Single Sign-On with Okta
  • User Management
    • Platform Roles Overview
    • Workspace Roles Overview
  • Advanced Topics
    • Custom Columns
    • Understanding Platform Views
    • Performance Tuning
  • Reference
    • Search & Filter Query Syntax
  • API Reference
  • CLI Docs
  • CloudQuery Hub
Powered by GitBook
On this page
  • Step 1: Set the Base URL
  • Step 2: Register an Application in Microsoft Entra ID
  • Step 3: Configure SAML-based SSO
  • Step 4: Download & Upload Metadata
  • Step 5: Configure User Attributes & Claims
  • Step 6: Assign Users and Groups
  • Step 7: Enable User Access
  • Step 8: Save and Test

Was this helpful?

  1. Production Deployment
  2. Enabling Single Sign-on (SSO)

Single Sign-On with Microsoft

Set up Single Sign-On with Microsoft

PreviousSingle Sign-On with GoogleNextSingle Sign-On with Okta

Last updated 3 months ago

Was this helpful?

Step 1: Set the Base URL

  1. In the CloudQuery Platform sidebar, click on your user profile, then select Admin Settings.

  2. Switch to the Single Sign-On tab.

  3. In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.

    • This should be the domain or subdomain where you host CloudQuery Platform, e.g., https://cloudquery.example.com.

Step 2: Register an Application in Microsoft Entra ID

  1. Click Enterprise Applications → New Application.

  2. Click Create your own application.

  3. Enter a name for the application, such as CloudQuery, and select Integrate any other application you don’t find in the gallery (Non-gallery).

  4. Click Create.

Step 3: Configure SAML-based SSO

  1. Inside the newly created application, navigate to Single sign-on under Manage section.

  2. Select SAML as the sign-in method.

  1. Click Edit under Basic SAML Configuration.

  2. Enter the following details:

    • Identifier (Entity ID): Copy this value from the CloudQuery Admin panel.

    • Reply URL (ACS URL): Copy this value from the CloudQuery Admin panel.

  3. Click Save.

Step 4: Download & Upload Metadata

  1. Scroll down to the SAML Certificates section.

  2. Click Download next to Federation Metadata XML.

    • This will download a file named MicrosoftIDPMetadata.xml.

In the CloudQuery Admin panel, click Upload metadata file and upload the MicrosoftIDPMetadata.xml file as shown in the figure below:

Step 5: Configure User Attributes & Claims

  1. Click Edit in the Attributes & Claims section.

  2. Add the following mappings:

    • Givenname → first_name

    • Surname → last_name

    • Emailaddress → email

  3. Click Save.

Step 6: Assign Users and Groups

  1. In the Users and groups section, click Add user/group.

  2. Select the users or groups that should have access to CloudQuery.

  3. (Optional) To grant admin permissions, create a specific Microsoft Entra ID Group and assign it to users who need admin access.

  4. In the CloudQuery Admin panel, enter the exact group name in the Admin group key field to match the app attribute in Microsoft.

Step 7: Enable User Access

  1. Navigate to Enterprise Applications → CloudQuery.

  2. Click Properties.

  3. Set Enabled for users to sign in? to Yes.

  4. Click Save.

Step 8: Save and Test

  1. In the CloudQuery Admin panel, click Save and enable.

  2. In the Microsoft Entra ID portal, click Test SAML login.

  3. If everything is set up correctly, you should be logged into CloudQuery Platform with your Microsoft account.

In a new tab, navigate to .

Microsoft Entra ID (Azure AD)
Configuration of your domain name in CloudQuery platform
Creating a new enterprise application
Setup of SAML protocol
SAML configuration with values from CloudQuery admin page
Download of Federation Metadata XML file
Uploading federation metadata XML file
Configuration of attributes
Enablement of sign-in