Skip to Content
PlatformProduction DeploymentEnabling Single Sign-On (SSO)Single Sign-On with Microsoft

Single Sign-On with Microsoft

Step 1: Set the Base URL

  1. In the CloudQuery Platform sidebar, click on your user profile, then select Organization settings.
  2. Switch to the Single Sign-On tab.
  3. In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.
    • This should be the domain or subdomain where you host CloudQuery Platform, e.g., https://cloudquery.example.com.

Configuration of your domain name in CloudQuery platform Configuration of your domain name in CloudQuery platform

Step 2: Register an Application in Microsoft Entra ID

  1. In a new tab, navigate to Microsoft Entra ID (Azure AD).
  2. Click Enterprise ApplicationsNew Application.
  3. Click Create your own application.
  4. Enter a name for the application, such as CloudQuery, and select Integrate any other application you don’t find in the gallery (Non-gallery).
  5. Click Create.

Creating a new enterprise application Creating a new enterprise application

Step 3: Configure SAML-based SSO

  1. Inside the newly created application, navigate to Single sign-on under Manage section.
  2. Select SAML as the sign-in method.

Setup of SAML protocol Setup of SAML protocol

  1. Click Edit under Basic SAML Configuration.
  2. Enter the following details:
    • Identifier (Entity ID): Copy this value from the CloudQuery Admin panel.
    • Reply URL (ACS URL): Copy this value from the CloudQuery Admin panel.
  3. Click Save.

SAML configuration with values from CloudQuery admin page SAML configuration with values from CloudQuery admin page

Step 4: Download & Upload Metadata

  1. Scroll down to the SAML Certificates section.
  2. Click Download next to Federation Metadata XML.
    • This will download a file named MicrosoftIDPMetadata.xml.

Download of Federation Metadata XML file Download of Federation Metadata XML file

In the CloudQuery Admin panel, click Upload metadata file and upload the MicrosoftIDPMetadata.xml file as shown in the figure below:

Uploading federation metadata XML file Uploading federation metadata XML file

Step 5: Configure User Attributes & Claims

  1. Click Edit in the Attributes & Claims section.
  2. Add the following mappings:
    • Given namefirst_name
    • Surnamelast_name
    • Email addressemail
  3. Click Save.

Configuration of attributes Configuration of attributes

Step 6: Assign Users and Groups

  1. In the Users and groups section, click Add user/group.
  2. Select the users or groups that should have access to CloudQuery.
  3. (Optional) To map groups to specific CloudQuery Platform roles, create Microsoft Entra ID Groups for each role level and assign users accordingly.
  4. In the CloudQuery Platform SSO settings, set the Group attribute field and configure role mappings. See Map Groups to User Roles for full configuration.

Step 7: Enable User Access

  1. Navigate to Enterprise ApplicationsCloudQuery.
  2. Click Properties.
  3. Set Enabled for users to sign in? to Yes.
  4. Click Save.

Enablement of sign-in Enablement of sign-in

Step 8: Save and Test

  1. In the CloudQuery Admin panel, click Save and enable.
  2. In the Microsoft Entra ID portal, click Test SAML login.
  3. If everything is configured correctly, you can log into CloudQuery Platform with your Microsoft account.

Next Steps

Last updated on
Single Sign-On with GoogleSingle Sign-On with Okta