Enable SSO With Azure AD

Enabling Single Sign-On (SSO) with Azure AD as your identity provider allows you and your teammates to simplify authentication and log-inaccess to Cloudcraft.

This article will help you get set up if your identity provider is Azure AD. We have additional articles for other providers.

For more general information on using SSO with Cloudcraft, check out Enable SSO in Your Account.

Setting up SAML/SSO

The SAML Enterprise SSO feature is only available for the Enterprise plan, and can only be configured by the Cloudcraft account Owner role.

Head to User → Security & SSO inside Cloudcraft.

Security & Single Sign-On

The details you need to create a new application with Azure can be found in the Cloudcraft service provider details section.

Cloudcraft service provider details

With this information in hand, head to the Azure portal and log in as an administrator.

Click the hamburger menu on the top left of your screen for the portal menu to appear, and then select the Azure Active Directory menu item.

Azure portal menu and active directory

Now that we are in the directory, look for the Manage section on the left menu, and click on Enterprise applications.

Enterprise applications on the Azure portal

Click the New application button on the page that opens and then select the Non-gallery application item.

New enterprise application

Here we are creating a new application for SAML integration. Enter Cloudcraft as the name of the application and click the blue Add button at the bottom of your screen.

Application name

On the next prompt you will need to configure the SAML integration using the details provided by Cloudcraft. In the Getting started section, select the Set up single sign on option, and then SAML.

Set up single sign on

In the next page, click the Edit button in the Basic SAML Configuration section and enter the details provided by Cloudcraft.

The fields are mapped as below, with the first value being the label in Azure AD, and the second being the label in the Cloudcraft dialog.

  • Identifier: Service Provider Entity ID
  • Reply URL: Assertion Consumer Service URL
  • Sign on URL: Leave empty to allow identity provider initiated SSO
SAML settings

Once you are done filling in the details, click the Save button to save your work and return to the previous screen.

Under the SAML Signing Certificate section you will see several options for download. Choose the Federation Metadata XML one and download the file to a convenient place on your computer.

Federation metadata

Head back to Cloudcraft, and upload your metadata XML file into the blue dotted box.

Uploading metadata to Cloudcraft

Lastly, toggle the SAML Single Sign-On is enabled option, and head back to the Azure portal. Click the Test button under the Test single sign-on with Cloudcraft section to test your integration.

Now is a good time to grant access to all the relevant users within your organization. You can find instructions on how to do that in the Azure ADdocumentation.

Once you have verified that the SSO login is working as expected, if you prefer to have your users access Cloudcraft only via Azure AD, enable the Strict mode option, which disables all other login methods.

Enable strict mode

We suggest testing the integration before announcing it to your team, to ensure that everything works as expected.

If you have any questions or trouble with the process, get in touch with our support team and we will be happy to help.