Microsoft Entra ID authentication
Note
This feature is available in Enterprise and AWS editions only.
CloudBeaver comes with Microsoft Entra ID (formerly Azure AD) authentication support, allowing secure access to your databases. You can connect using different authentication methods, depending on your setup.
Prerequisites¶
Make sure you have:
- an active Azure account with the appropriate permissions
- a Microsoft Entra ID application is registered and configured by your administrator.
Info
To use Microsoft Entra ID authentication for database connections, sign in to CloudBeaver through the Microsoft Entra ID provider. Azure authentication works only within an active Entra ID session. For setup details, see Set up Microsoft Entra ID provider.
Configure an authentication type¶
Available Microsoft Entra ID authentication types depend on the selected database driver.
Entra ID SSO authentication¶
- From the Authentication dropdown menu, select the Microsoft Entra ID method.
-
Click the Authenticate button that appears above the connection settings. You’ll be prompted to log in through Azure.
- Alternatively, log in using the Entra ID identity provider directly.
-
If necessary, provide the Azure Group Name for group-based access.
-
(Optional) Review Use legacy token permissions.
- keep it unchecked in almost all cases.
- enable it only if your DBA or admin specifically instructs you.
Info
This option forces the connection to use older token scopes and claim formats for backward compatibility with databases or drivers that don’t fully support modern Microsoft Entra ID permissions.
-
Once you have input database connection details, click the Test button to verify your settings. If everything is configured correctly, CloudBeaver should now be able to connect to your database using the Microsoft Entra ID authentication method.
Tip
If you check the Save credentials for the current user option, you will not be asked to input your credentials every time you connect. For more details on connection settings, see Create Connection.
Entra ID with client credentials¶
Use this authentication type for service connections where an application authenticates through Microsoft Entra ID.
- From the Authentication dropdown menu, select the Microsoft Entra ID method.
- Enter the values below:
| Field in CloudBeaver | What to enter | Where to find in the Azure portal | Reference |
|---|---|---|---|
| Client ID | Your app’s Application (client) ID | Microsoft Entra ID - App registrations - Your app - Overview | Copy the client ID |
| Tenant ID | Your Directory (tenant) ID | Microsoft Entra ID - Overview - Tenant ID | Find your tenant ID |
| Client secret (Optional) | The secret Value (not the Secret ID) | Your app - Certificates & secrets - Client secrets | Add a client secret |
| Scope (Optional) | OAuth scope used when requesting an access token | Microsoft Entra ID - App registrations - Your app - API permissions | Scopes and permissions |
| SSL Certificate (Optional) | SSL/TLS certificate file for the database connection | Your database SSL/TLS configuration | See your database or infrastructure documentation |
> **Tip**: In client credentials flow, access is usually based on application permissions configured for the registered application. For information on client credentials flow, see [Microsoft identity platform and the OAuth 2.0 client credentials flow](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow).
-
(Optional) Review Use legacy token permissions.
- keep it unchecked in almost all cases.
- enable it only if your DBA or admin specifically instructs you.
Info
This option forces the connection to use older token scopes and claim formats for backward compatibility with databases or drivers that don’t fully support modern Microsoft Entra ID permissions.
-
Once you have input database connection details, click the Test button to verify your settings. If everything is configured correctly, CloudBeaver should now be able to connect to your database using the Microsoft Entra ID authentication method.
Tip
If you check the Save credentials for the current user option, you will not be asked to input your credentials every time you connect. For more details on connection settings, see Create Connection.