> Cloud Rewind Overview > Identity and Access Management > Configure Single Sign On

Configure SSO using Microsoft Entra

You can configure Cloud Rewind single sign-on (SSO) using Microsoft Entra as the Identity Provider (IdP).

Note

Microsoft Entra supports up to 150 user groups for each SAML token. If a user belongs to more than 150 user groups when Microsoft Entra issues the SAML token, the user might experience unpredictable results. See Microsoft documentation.

Step 1: Configure SSO (SAML) integration with Entra

  1. In Cloud Rewind, go to IAM > Authentication > SAML ENABLE and enable Enable Single Sign-On.

    For next steps you'll need the two ID values under Service provider deatils, so copy them to a text file.

  2. Create an Entra application for Cloud Rewind SSO:

    1. Log into the Microsoft Entra admin center, go to Applications > Enterprise applications and click + New application.

    2. Under Browse Microsoft Entra Gallery, click + Create your own application.

    3. Name the application and select Integrate any other application you don't find in the gallery (Non-gallery).

      Click Create.

    4. Under Getting Started, assign users and user groups that should have access to Cloud Rewind.

    5. From the navigation pane, go to Single sign-on and click SAML.

    6. In the upper-right corner of the Basic SAML Configuration section, click Edit and configure:

      • Identifier (Entity ID): The Entity ID that you copied from Cloud Rewind.

      • Reply URL (ACS URL): The ACS ID that you copied from Cloud Rewind.

    7. In the upper-right corner of the Attributes & Claims section, click + Add a new claim and configure:

      • Name: email (all lower case)

      • Source type: Attribute

      • Source attribute: user.mail

    Save.

  3. Back in Cloud Rewind SAML settings, under Configure identity provider details configure the following fields with data from the Entra Cloud Rewind application:

    • Entity ID

    • ACS URL

    • Certificate: Download the certificate from the Entra Cloud Rewind application, open it in a text editor, copy its content and paste here.

  4. Configure:

    • Default role assignment: Initial Cloud Rewind permissions role for new users

      Note

      This configuration does not change roles for existing users.

    • To make SSO required, preventing access by users managed directly in Cloud Rewind, disable Grant access using Cloud Rewind credentials.

  5. Click Configure.

  6. In the Entra Cloud Rewind application, click Test to verify that SSO works.

Step 2: Configure SCIM integration with Entra (optional)

To enable user provisioning from Entra to Cloud Rewind, configure SCIM integration:

  1. In Cloud Rewind, go to IAM > Authentication > SCIM Provisioning ENABLE and enable SCIM Provision.

    You'll need the following for next steps:

    • Copy the Base URL to a text file.

    • Under SCIM Token provide a Token Name and click GENERATE. Copy the produced token to a text file.

    Click Configure.

  2. In Entra SCIM configuration, go to Provisioning > + New configuration, and configure:

    • Select Bearer authentication.

    • Tenant URL: Paste the Base URL that you copied from Cloud Rewind.

    • Secret token: Paste the SCIM token that you copied from Cloud Rewind.

    Click Test connection to verify the configuration.

    Click Create.

  3. Go to Manage > Provisioning, and under Mappings:

    1. Click Provision Microsoft Entra ID Groups.

    2. Under Enabled select No.

    3. Save.

    Make sure that Provision Microsoft Entra ID Groups is listed as disabled.

  4. In the Entra SCIM overview, click Start provisioning.

×

Loading...