Configure federated authentication with Microsoft Entra ID (Azure AD)
Microsoft Entra ID is a cloud-based identity and access management service formerly known as Azure Active Directory or Azure AD. You can use Entra ID to authenticate users of your organization on DoubleCloud.
Step 1. Create a SAML application in Entra ID
-
Go to the Entra ID (Azure AD) portal
-
Select Azure Active Directory → Enterprise applications → New application.
-
Click Create your own application and enter an application name, such as
DoubleCloud
. -
Select Integrate any other application you don’t find in the gallery.
-
Download the SAML certificate (Base64) from Section 3.
Do not close this page yet. You will need to configure some settings on it in later steps.
Step 2. Add Users
-
Open the Azure AD portal in a new tab and go to Enterprise applications.
-
Select the SAML application you just created.
-
Go to Users and groups and add users.
Step 3. Configure a federation in DoubleCloud
-
Go to the DoubleCloud console.
-
In the top bar, click your organization name → Manage organizations.
-
Select Members from the panel on the left and switch to the Federations tab.
-
Click Create and enter the following details in the form:
-
Name: Federation name, such as
Entra ID
. -
Cookie lifetime: Desired cookie lifetime.
-
IdP Issuer: You can find it in the Entra ID portal under Single Sign-On → Basic SAML Configuration → Section 4 → Microsoft Entra Identifier. It has the
https://sts.windows.net/<app-id>/
format. -
Login URL: You can find it in the Azure AD portal under Single Sign-On → Basic SAML Configuration → Section 4 → Login URL. It has the
https://login.microsoftonline.com/<app-id>/saml2
format. -
Under Advanced, enable Automatically create users if you want to add users to your organization automatically when they sign in. If you keep it disabled, you’ll need to manually add your federated users.
-
-
Click Create federation. The Federation overview page will open.
-
Click Add Certificates and upload the SAML certificate you downloaded from the Entra ID portal.
Keep the Federation overview page open.
Step 4. Finish configuration in the Entra ID portal
-
On the Federation overview page, copy the value from Link to federation login page.
-
In the Entra ID portal, open your SAML application settings page.
-
In Section 1. Basic SAML configuration, enter the following:
-
ACS URL: Enter the link to the federation login page you just copied. It has the
https://auth.double.cloud/federations/<id>
format -
ID (entity): Enter the same link.
-
-
In Section 2, change the name ID format from user.userprincipalname to user.mail. You need to do that to be able to add users to your federation manually.
Step 5. (Optional) Add users
If you didn't enable creating users automatically, you need to add them manually in the DoubleCloud console.
To add a federation user manually:
-
- Go to the DoubleCloud console.
-
In the top bar, click your organization name → Manage organization.
-
Select Members from the panel on the left.
-
Under Invite to the organization, select SSO.
-
In the dropdown, select your federation.
-
Enter the emails of the users you want to invite and click Invite.
Step 6. Test the federation
-
Log in to the DoubleCloud console using the federation URL.
-
Authenticate on the Microsoft login page you’re redirected to.