CloudBeaver Documentation

DOWNLOAD pdf

Microsoft Entra ID authentication

Note: This feature is available in Enterprise, AWS, Team editions only.

Table of contents

Overview

Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution. It secures user authentication, enforces access policies, and enables single sign-on (SSO) for CloudBeaver.

For details, see the Microsoft Entra ID documentation.

Prerequisites

Make sure you have:

  • An active Azure account with the appropriate permissions.

  • Access to the Microsoft Entra admin center.

Configuration steps

Enable Entra ID Authentication

  1. As an administrator, go to Settings -> Server Configuration.

  2. Find and activate the Microsoft Entra ID option in the Configuration section.

Tip: For more information on Server Configuration, see Server configuration administration

Azure Active Directory configuration

To enable authorization with the Microsoft platform, you need a registered application in Azure. If one doesn't exist, create and configure it as follows:

  1. Register an application
    Create a new enterprise application in Microsoft Entra by following the steps in the official Microsoft documentation.

  2. Configure application secrets CloudBeaver uses the OpenID Connect protocol for authorization with Microsoft Entra ID. To enable this, configure application secrets. Detailed instructions are available in the official Microsoft documentation.

    Important: Record the value of the client secret immediately after creating it. It can only be viewed once. If you miss this step, you’ll need to create a new secret.

Optional configuration

To enhance functionality, CloudBeaver can read and display the user's first and last name from the OpenID token. To enable this, add the family_name and given_name fields to the response token.

Follow the steps in the official Microsoft documentation to configure optional claims.

Tip: Adding these fields ensures a more personalized user experience by displaying the full name in the application.

Add an Identity Provider

  1. As an administrator, navigate to Settings -> Identity Providers.

  2. Click on the + Add button.

  3. Fill in the following fields:

Field Description
Provider Select the Microsoft Entra ID from the dropdown menu.
Configuration name Enter a descriptive name for this configuration.
Description (Optional) Provide a brief description of the Microsoft Entra identity provider configuration.
Icon URL (Optional) Enter the URL of an icon to represent this provider in the UI.
Disabled (Optional) Leave unchecked to enable this identity provider.
Domain / Tenant ID Enter the Microsoft Entra tenant ID. You can find it in the Azure portal.
Application (client) ID Enter the application (client) ID of the registered application in Microsoft Entra.
Secret Key Enter the client secret generated for the application in Microsoft Entra.
Provide access to databases from Azure Cloud (Optional) Enforces multi-factor authentication (MFA) if it is enabled in Microsoft Entra ID settings.
Database authentication provider (Optional) Indicates that this configuration can be used as a method for database authorization.
Read ME-ID group information (Optional) If enabled, retrieves Active Directory group information from Microsoft Entra ID.
Read user info (Optional) Retrieves user profile data using the userinfo endpoint URL.
Custom scopes (Optional) The custom scopes. Use with ; delimiter.

Tip: Ensure you have configured the application with the required permissions in Microsoft Entra to retrieve user information and group details. For additional details, see the Microsoft Entra ID documentation.

  1. Click on the Create button.

  2. Copy Redirect link:

    1. Enter the newly created identity provider.
    2. Copy the Redirect link.
    3. Add a Redirect link to the application in Microsoft Entra (select Web as platform) - official Microsoft documentation

Logg in

  1. Once the Microsoft Entra ID configuration is complete, navigate to the login screen to test authentication.

  2. Select the Federated authentication method, labeled with the Configuration name you specified.

  3. Verify the integration of Microsoft Entra ID

    1. Once logged in, click on your username in CloudBeaver and navigate to the User Info tab.
    2. Here, you should see tokens. Their presence indicates that the integration of Microsoft Entra ID has been successfully completed, and CloudBeaver has access to the necessary credentials.