-
Notifications
You must be signed in to change notification settings - Fork 393
Microsoft Entra ID authentication
Note: This feature is available in Enterprise, AWS, Team editions only.
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution. It secures user authentication, enforces access policies, and enables single sign-on (SSO) for CloudBeaver.
For details, see the Microsoft Entra ID documentation.
Make sure you have:
- An active Azure account with the appropriate permissions.
- Access to the Microsoft Entra admin center.
-
As an administrator, go to Settings -> Server Configuration.
-
Find and activate the Microsoft Entra ID option in the Configuration section.
Tip: For more information on Server Configuration, see Server configuration administration
To enable authorization with the Microsoft platform, you need a registered application in Azure. If one doesn't exist, create and configure it as follows:
-
Register an application
Create a new enterprise application in Microsoft Entra by following the steps in the official Microsoft documentation. -
Configure application secrets CloudBeaver uses the OpenID Connect protocol for authorization with Microsoft Entra ID. To enable this, configure application secrets. Detailed instructions are available in the official Microsoft documentation.
Important: Record the value of the client secret immediately after creating it. It can only be viewed once. If you miss this step, you’ll need to create a new secret.
To enhance functionality, CloudBeaver can read and display the user's first and last name from the OpenID token. To enable this, add the family_name and given_name fields to the response token.
Follow the steps in the official Microsoft documentation to configure optional claims.
Tip: Adding these fields ensures a more personalized user experience by displaying the full name in the application.
-
As an administrator, navigate to Settings -> Identity Providers.
-
Click on the + Add button.
-
Fill in the following fields:
Field | Description |
---|---|
Provider | Select the Microsoft Entra ID from the dropdown menu. |
Configuration name | Enter a descriptive name for this configuration. |
Description | (Optional) Provide a brief description of the Microsoft Entra identity provider configuration. |
Icon URL | (Optional) Enter the URL of an icon to represent this provider in the UI. |
Disabled | (Optional) Leave unchecked to enable this identity provider. |
Domain / Tenant ID | Enter the Microsoft Entra tenant ID. You can find it in the Azure portal. |
Application (client) ID | Enter the application (client) ID of the registered application in Microsoft Entra. |
Secret Key | Enter the client secret generated for the application in Microsoft Entra. |
Provide access to databases from Azure Cloud | (Optional) Enforces multi-factor authentication (MFA) if it is enabled in Microsoft Entra ID settings. |
Database authentication provider | (Optional) Indicates that this configuration can be used as a method for database authorization. |
Read ME-ID group information | (Optional) If enabled, retrieves Active Directory group information from Microsoft Entra ID. |
Read user info | (Optional) Retrieves user profile data using the userinfo endpoint URL. |
Custom scopes | (Optional) The custom scopes. Use with ; delimiter. |
Tip: Ensure you have configured the application with the required permissions in Microsoft Entra to retrieve user information and group details. For additional details, see the Microsoft Entra ID documentation.
-
Click on the Create button.
-
Copy Redirect link:
- Enter the newly created identity provider.
- Copy the Redirect link.
- Add a Redirect link to the application in Microsoft Entra (select Web as platform) - official Microsoft documentation
-
Once the Microsoft Entra ID configuration is complete, navigate to the login screen to test authentication.
-
Select the Federated authentication method, labeled with the Configuration name you specified.
-
Verify the integration of Microsoft Entra ID
- Once logged in, click on your username in CloudBeaver and navigate to the User Info tab.
- Here, you should see tokens. Their presence indicates that the integration of Microsoft Entra ID has been successfully completed, and CloudBeaver has access to the necessary credentials.
- Application overview
- Demo Server
- Administration
- Server configuration
- Create Connection
- Connection Templates Management
- Access Management
-
Authentication methods
- Local Access Authentication
- Anonymous Access Configuration
- Reverse proxy header authentication
- LDAP
- Single Sign On
- SAML
- OpenID
- AWS OpenID
- AWS SAML
- AWS IAM
- AWS OpenId via Okta
- Snowflake SSO
- Okta OpenId
- Cognito OpenId
- JWT authentication
- Kerberos authentication
- NTLM
- Microsoft Entra ID authentication
- Google authentication
- User credentials storage
- Cloud Explorer
- Cloud storage
- Query Manager
- Drivers Management
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
- Domain manager
- Configuring HTTPS for Jetty server
- Product configuration parameters
- Command line parameters
- Local Preferences
- API
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development