Enabling Single Sign-on (SSO)
Setting up Single Sign-on (SSO) allows your users to log into the CloudQuery Platform using their company credentials, such as those provided by Okta, Google, Microsoft, or other providers.
To set up SSO for your Platform installation, see one of the specific guides below:
If your provider isn’t listed, the steps are similar. Choose one of the guides to use as an example, but adjust as necessary for your application. If you get stuck at any point, contact us for help.
When the basic setup is complete, see how to map groups to user roles.
To rotate your SAML signing certificate, see SSO Certificate Rollover.
Programmatic configuration
SAML SSO can be configured programmatically via the Platform API, which is useful for IaC-managed deployments or automated certificate rotation. See the Platform API Reference (admin section) for the SAML configuration and certificate rollover endpoints.
Next Steps
- SSO with Google - Configure Google Workspace SSO
- SSO with Microsoft - Configure Microsoft Entra ID SSO
- SSO with Okta - Configure Okta SSO
- Map Groups to Roles - Assign roles based on identity provider groups
- Troubleshooting - Diagnose common SSO login and role mapping issues