Microsoft Entra ID
Cube Cloud supports authenticating users through Microsoft Entra ID (opens in a new tab) (formerly Azure Active Directory), which is useful when you want your users to access Cube Cloud using single sign-on.
This guide will walk you through the steps of configuring SAML authentication in Cube Cloud with Entra ID. You must have sufficient permissions in your Azure account to create a new Enterprise Application and configure SAML integration.
First, we'll enable SAML 2.0 authentication in Cube Cloud:
Click your username from the top-right corner, then click Team & Security.
On the Authentication & SSO tab, ensure SAML 2.0 is enabled:
Take note of the Single Sign On URL and Service Provider Entity ID values here, as we will need them in the next step when we configure the SAML integration in Entra ID.
Go to Enterprise Applications (opens in a new tab) in your Azure account and click New application.
Select Create your own application at the top:
Give it a name and choose a non-gallery application:
Go to the Single sign-on section and select SAML:
Fill-in Entity ID and Reply URL from the SAML configuration page in Cube Cloud:
Go to Attributes & Claims → Edit → Advanced settings:
Set the audience claim override to the value given you by the SAML configuration page in Cube Cloud:
Go to SAML Certificates → Edit and select Sign SAML response and assertion for Signing Option:
Download Federation Metadata XML:
Upload it to Cube Cloud through Advanced Settings tab on the SAML configuration page in Cube Cloud:
Select SHA-256 as Signature Algorithm:
Enter “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name (opens in a new tab)” or a preferred attribute to lookup email address in Attributes → Email:
Save settings on the Cube Cloud side.
Make sure the new Azure application is assigned to some users or a group:
At the bottom of the Single sign-on section, select Test and verify that the SAML integration now works for your Cube Cloud account: