Enable SSO With a Generic Identity Provider

Enabling Single Sign-On (SSO) in Cloudcraft allows you and your teammates to simplify authentication and log-in access to Cloudcraft.

This article will help you get set up if you do not have a specific guide for your identity provider. Please see the separate articles listed below if your identity provider is Azure AD or Okta.

For more general information on using SSO with Cloudcraft, check out Enable SSO in Your Account.

Setting up SAML/SSO

The SAML Enterprise SSO feature is only available for the Enterprise plan, and can only be configured by the Cloudcraft account Owner role.

Head to User → Security & SSO inside Cloudcraft.

Security & Single Sign-On

The details you need to create a new application with your identity provider can be found in the Cloudcraft service provider details section.

Cloudcraft service provider details

With this information in hand, head to your identity provider's website and log in as an administrator.

Follow their documentation to create a new application for SAML integration, and map their fields with ours.

For reference, the fields are usually mapped like this, with the first one being the label used by your identity provider and the second one being the label at Cloudcraft.

  • Single sign on URL: Assertion Consumer Service URL
  • Audience URI: Service Provider Entity ID
  • Name ID: NameId Format

For the Name ID field the provider might offer you a dropdown with options, instead of an input field. If that is the case, select emailAddress or similar.

You can also include an app logo to make it easier for users to see which application they are signing in to. We have one that fit most provider's restrictions over here.

With the application is set up with your provider, you can configure it to allow access to all the relevant users within your organization. You can find instructions on how to do that within their documentation.

Now that we have everything set up with your provider, it is time to configure Cloudcraft.

Grab the metadata file generated by your provider — sometimes called federation XML —, head back to Security & SSO inside Cloudcraft and upload your config file into the blue dotted box.

Uploading metadata to Cloudcraft

Lastly, toggle the SAML Single Sign-On is enabled option. Once you have verified that the SSO login is working as expected, if you prefer to have your users access Cloudcraft only via your identity provider, enable the Strict mode option.

We suggest testing the integration before telling your team about it, just to ensure that everything works as expected.

If you have any questions or trouble with the process, get in touch with our support team and we will be happy to help.