Single Sign On

CloudBeaver Enterprise supports Federated Authentication for SSO (Single Sign-On) access into the application. Your provider must support SAML to access the application.

SAML configuration

1. Go to the Administration menu and enable SAML in the Server configuration tab.

2. Go to the Identity Providers tab and create a new configuration using the SAML IdP (Identity Provider) details.

3. Open the created configuration and download the metadata file.

4. Go to the SAML IdP website and add the metadata parameters from the file (entityID and Location) to the SSO access settings, assign users and add the attribute mappings according to the SAML IdP requirements.

The new SAML tab becomes available after creating the configuration in the CloudBeaver authentication dialog. This is where the user can select the configuration and thereafter login into the application using SSO.

SSO configuration for AWS

More information you can find here: Configuring SAML assertions for the authentication response.

1. Go to the AWS Settings tab and enable the Federated authentication.

2. Add the Proxy User on the same page. You can set the current user or add a new one.

When an AWS user is logged into CloudBeaver using SSO, it has the Proxy User and the IAM user's identity-based permissions. The AWS User cannot receive further permissions from the Proxy User than he already has based on the IAM user's identity-based permissions.

CloudBeaver does not keep your authentication information on the server-side and in configuration files. Once your session expires, you will need to authenticate again. When a user logs out from the application, CloudBeaver also performs a session logout from SAML IdP.