Enable SSO with Azure AD

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Enabling Single Sign-On (SSO) with Azure AD as your identity provider allows you to simplify authentication and login access to Cloudcraft.

This article helps you set up SSO if your identity provider is Azure AD. For other identity providers, see the following articles:

For more general information on using SSO with Cloudcraft, check out Enable SSO in Your Account.

Setting up SAML/SSO

Only the account owner can configure the SAML SSO feature. If the account owner is unable to configure SSO, contact the Cloudcraft support team to enable this feature.
  1. In Cloudcraft, navigate to User > Security & SSO.
  2. The details you need to create a new application with Azure can be found in the Cloudcraft service provider details section.
Screenshot of Cloudcraft service provider details for Identity Provider configuration with entity ID and assertion consumer service URL.
  1. Log in to Azure as an administrator.
  2. Click the hamburger menu on the upper-left corner of the screen and select Azure Active Directory.
  3. In the Manage section on the left menu, click Enterprise applications.
  4. Click New application and select Non-gallery application.
  5. Enter Cloudcraft as the name of the application, then click Add.

Next, configure the SAML integration using the details provided by Cloudcraft.

  1. In the Getting started section, select Set up single sign on, then click SAML.
  2. Under the Basic SAML Configuration section, click Edit.
  3. Enter the details provided by Cloudcraft. The fields are mapped as follows, with the first value being the label in Azure AD, and the second being the label in the Cloudcraft dialog.
    • Identifier: Service Provider Entity ID
    • Reply URL: Assertion Consumer Service URL
    • Sign on URL: Leave this blank to allow identity provider-initiated SSO
Screenshot of the Basic SAML Configuration interface showing fields for Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).
  1. Click Save to return to the previous screen.
  2. Under the SAML Signing Certificate section, select Federation Metadata XML and download the XML file to your computer.
  3. Navigate back to Cloudcraft and upload your metadata XML file.
Successfully configured SAML Single Sign-On status with identity provider URL visible in security settings interface.
  1. Toggle the SAML Single Sign-On is enabled option.
  2. Navigate back to the Azure portal.
  3. Under the Test single sign-on with Cloudcraft section, click Test to test your integration.
  4. If you prefer to have your users access Cloudcraft only via Azure AD, enable the Strict mode option, which disables all other login methods.

Note: To grant access to users in your organization, see the Azure AD documentation.

PREVIEWING: rtrieu/product-analytics-ui-changes