Enable SSO with a Generic Identity Provider

Enabling Single Sign-On (SSO) in Cloudcraft allows you to simplify authentication and login access to Cloudcraft.

This article helps you set up SSO if you do not have a specific guide for your identity provider. If your identity provider is Azure AD or Okta, see the following articles:

For more general information on using SSO with Cloudcraft, check out Enable SSO in Your Account.

Setting up SAML/SSO

The SAML Enterprise SSO feature is only available for the Enterprise plan, and can only be configured by the Cloudcraft Account Owner role.
  1. In Cloudcraft, navigate to User > Security & SSO.
  2. The details you need to create a new application with Azure can be found in the Cloudcraft service provider details section.
Screenshot of Cloudcraft service provider details for Identity Provider configuration with entity ID and assertion consumer service URL.
  1. Log in to your identity provider as an administrator.

  2. Follow their documentation to create a new application for SAML integration.

  3. Map their fields with Cloudcraft’s fields. For reference, the fields are usually mapped as follows, with the first one being the label used by your identity provider and the second one being the label at Cloudcraft.

    • Single sign on URL: Assertion Consumer Service URL
    • Audience URI: Service Provider Entity ID
    • Name ID: NameId Format
  4. If the Name ID field is a dropdown, select emailAddress or similar.

You can also include an app logo to make it easier for users to see which application they are signing in to. We have one that fit most provider's restrictions over here.
  1. Configure the application to allow access to all the relevant users within your organization.
  2. Download the metadata file generated by your provider — sometimes called federation XML.
  3. Navigate back to Cloudcraft and upload your metadata XML file.
Successfully configured SAML Single Sign-On status with identity provider URL visible in security settings interface.
  1. Toggle the SAML Single Sign-On is enabled option.
  2. If you prefer to have your users access Cloudcraft only via your identity provider, enable the Strict mode option.