Teams
The CloudBeaver provides a team management feature, allowing administrators to create and manage teams. This feature is integral for organizing users into groups and controlling their access to various databases.
Teams can also be linked to external identity providers, enabling automatic user assignment based on group information received during login.
To create a new team, follow these steps:
- Navigate to the Settings -> Administration -> Users and Teams -> Teams.
- Click on the + Add button.
- Fill in the necessary details in the provided fields.
| Field Name | Description | Additional Info |
|---|---|---|
| Team ID | A unique identifier for the team. | |
| Team Name | The name of the team. | |
| Description | A brief description of the team and its purpose. | |
| Permissions | Access level for team members | Admin Full Access grants full access to CloudBeaver settings |
Parameters 
|
For group mapping and other metadata, e.g. AWS roles | See Integration with identity providers |
Note: The Parameters section is available only after you configure at least one identity provider.
CloudBeaver includes two predefined Team types:
| Types | Description |
|---|---|
admin |
Members of this Team have full administrative privileges within CloudBeaver. |
user |
This Team is for regular users. Administrators assign access to databases (in Team Edition, access to projects) to this team. |
Tip: Administrators can configure the predefined types in the Server Settings. For more information, see Initial data configuration.
In the Users tab, you can manage Team memberships:
- To add a user to the Team, click Edit, select the desired users, and then click Add.
- To remove a user from the Team, select the user and click Delete.
Tip: One user can be a member of a multiple Teams.
In the Connections tab, you can manage which connections are available to the Team:
- To add connections to the Team, click Edit, choose the desired connections, and then click Add.
- To remove connections from the Team, select the connection and click Delete.
For the changes to take effect, especially in cases where group memberships are updated:
- Users may need to log off and log back in through the Single Sign-On (SSO).
- Alternatively, users can wait for the session to timeout.
These actions ensure that the updated claims from the identity provider are received by CloudBeaver, thereby refreshing the Team memberships.
If users aren't assigned to a Team after login, check the following:
- Incorrect group ID: The value in Team parameters must exactly match the one sent in the token. Display names usually won’t work—use raw IDs (e.g., UUID, ARN).
-
Wrong attribute name: Make sure the identity provider is configured to include the correct attribute (e.g.,
groups,roles) in the token. - Missing group claim: Some providers don’t send group claims by default. You may need to explicitly add them in the provider settings.
- Group limit: Azure AD and some other providers may limit the number of groups included in the token (e.g., 150). Users beyond the limit won’t be mapped.
- Session not refreshed: Changes in group membership take effect only after the user logs out and logs in again (or after session timeout).
- Getting started
- Create connection
- Connection network options
- Supported databases
-
Drivers management
- Database authentication methods
- Database navigator
- Properties editor
- Data editor
- SQL editor
-
Entity relation diagrams
- Cloud services
-
AI Smart assistance
- Data transfer
- General user guide
- Administration
- Server configuration
-
Server security and access configuration
- Authentication methods
- Access management
- Proxy configuration
-
Secret management
- Logs
-
Query manager
- Workspace location
- Command line parameters
-
Session manager
- Deployment options
- CloudBeaver Editions
- FAQ
- Development