Single Sign-On with Microsoft
Set up Single Sign-On with Microsoft
Step 1: Set the Base URL
In the CloudQuery Platform sidebar, click on your user profile, then select Admin Settings.
Switch to the Single Sign-On tab.
In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.
This should be the domain or subdomain where you host CloudQuery Platform, e.g.,
https://cloudquery.example.com
.

Step 2: Register an Application in Microsoft Entra ID
In a new tab, navigate to Microsoft Entra ID (Azure AD).
Click Enterprise Applications → New Application.
Click Create your own application.
Enter a name for the application, such as CloudQuery, and select Integrate any other application you don’t find in the gallery (Non-gallery).
Click Create.

Step 3: Configure SAML-based SSO
Inside the newly created application, navigate to Single sign-on under Manage section.
Select SAML as the sign-in method.

Click Edit under Basic SAML Configuration.
Enter the following details:
Identifier (Entity ID): Copy this value from the CloudQuery Admin panel.
Reply URL (ACS URL): Copy this value from the CloudQuery Admin panel.
Click Save.

Step 4: Download & Upload Metadata
Scroll down to the SAML Certificates section.
Click Download next to Federation Metadata XML.
This will download a file named
MicrosoftIDPMetadata.xml
.

In the CloudQuery Admin panel, click Upload metadata file and upload the MicrosoftIDPMetadata.xml
file as shown in the figure below:

Step 5: Configure User Attributes & Claims
Click Edit in the Attributes & Claims section.
Add the following mappings:
Givenname →
first_name
Surname →
last_name
Emailaddress →
email
Click Save.

Step 6: Assign Users and Groups
In the Users and groups section, click Add user/group.
Select the users or groups that should have access to CloudQuery.
(Optional) To grant admin permissions, create a specific Microsoft Entra ID Group and assign it to users who need admin access.
In the CloudQuery Admin panel, enter the exact group name in the Admin group key field to match the app attribute in Microsoft.
Step 7: Enable User Access
Navigate to Enterprise Applications → CloudQuery.
Click Properties.
Set Enabled for users to sign in? to Yes.
Click Save.

Step 8: Save and Test
In the CloudQuery Admin panel, click Save and enable.
In the Microsoft Entra ID portal, click Test SAML login.
If everything is set up correctly, you should be logged into CloudQuery Platform with your Microsoft account.
Last updated
Was this helpful?