Documentation
Workspace
Single Sign-on
Microsoft Entra ID

Microsoft Entra ID

Cube Cloud supports authenticating users through Microsoft Entra ID (opens in a new tab) (formerly Azure Active Directory), which is useful when you want your users to access Cube Cloud using single sign-on.

This guide will walk you through the steps of configuring SAML authentication in Cube Cloud with Entra ID. You must have sufficient permissions in your Azure account to create a new Enterprise Application and configure SAML integration.

Single sign-on with Microsoft Entra ID is available in Cube Cloud on Enterprise (opens in a new tab) tier. Contact us (opens in a new tab) for details.

Enable SAML in Cube Cloud

First, we'll enable SAML 2.0 authentication in Cube Cloud:

  1. Click your username from the top-right corner, then click Team & Security.

  2. On the Authentication & SSO tab, ensure SAML 2.0 is enabled:

Cube Cloud Team Authentication and SSO tab

Take note of the Single Sign On URL and Service Provider Entity ID values here, as we will need them in the next step when we configure the SAML integration in Entra ID.

Create a new Enterprise Application in Azure

Go to Enterprise Applications (opens in a new tab) in your Azure account and click New application.

Select Create your own application at the top:

Give it a name and choose a non-gallery application:

Go to the Single sign-on section and select SAML:

Fill-in Entity ID and Reply URL from the SAML configuration page in Cube Cloud:

Go to Attributes & Claims → Edit → Advanced settings:

Set the audience claim override to the value given you by the SAML configuration page in Cube Cloud:

Go to SAML Certificates → Edit and select Sign SAML response and assertion for Signing Option:

Download Federation Metadata XML:

Complete configuration in Cube Cloud

Upload it to Cube Cloud through Advanced Settings tab on the SAML configuration page in Cube Cloud:

Select SHA-256 as Signature Algorithm:

Enter “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name (opens in a new tab)” or a preferred attribute to lookup email address in Attributes → Email:

Save settings on the Cube Cloud side.

Final steps

Make sure the new Azure application is assigned to some users or a group:

At the bottom of the Single sign-on section, select Test and verify that the SAML integration now works for your Cube Cloud account:

Done! 🎉

Google WorkspaceOkta