Enable SSO with a Generic Identity Provider
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Enabling Single Sign-On (SSO) in Cloudcraft allows you to simplify authentication and login access to Cloudcraft.
This article helps you set up SSO if you do not have a specific guide for your identity provider. If your identity provider is Azure AD or Okta, see the following articles:
For more general information on using SSO with Cloudcraft, check out Enable SSO in Your Account.
Setting up SAML/SSO
The SAML Enterprise SSO feature is only available for the Enterprise plan, and can only be configured by the Cloudcraft Account Owner role.
- In Cloudcraft, navigate to User > Security & SSO.
- The details you need to create a new application with Azure can be found in the Cloudcraft service provider details section.
Log in to your identity provider as an administrator.
Follow their documentation to create a new application for SAML integration.
Map their fields with Cloudcraft’s fields. For reference, the fields are usually mapped as follows, with the first one being the label used by your identity provider and the second one being the label at Cloudcraft.
- Single sign on URL: Assertion Consumer Service URL
- Audience URI: Service Provider Entity ID
- Name ID: NameId Format
If the Name ID field is a dropdown, select emailAddress or similar.
You can also include an app logo to make it easier for users to see which application they are signing in to. We have one that fit most provider's restrictions
over here.
- Configure the application to allow access to all the relevant users within your organization.
- Download the metadata file generated by your provider — sometimes called federation XML.
- Navigate back to Cloudcraft and upload your metadata XML file.
- Toggle the SAML Single Sign-On is enabled option.
- If you prefer to have your users access Cloudcraft only via your identity provider, enable the Strict mode option.
