SAML Authentication setup
Setting up SAML (Security Assertion Markup Language) will allow your team members to quickly log in to the team CloudAMQP account using the credentials stored in your organization’s Identity Provider (IdP).
In the CloudAMQP Console under
and the tab
you will find the information needed for setting up and where to upload your IdP metadata.
To enforce specific roles, your IdP must send an extra
attribute in the SAML response. You can see some examples on your SAML page above.
This guide will provide step-by-step instructions on configuring SAML for the most popular IdPs:
Okta - SAML login on CloudAMQP
in the top left dropdown
Applications -> Add Application
Create New App
In the dialog that opens, select the
option, then click the green
button. Choose the option to create a
New Application Integration
In Step 1
CloudAMQP SAML Application,
as an example, in the
field, then click the green
In Step 2A
do the following.
Single sign on URL
and check the box
Use this for Recipient URL and Destination URL
Audience URI (SP Entity ID),
and copy your
SAML Audience URL/Audience URI/SP Entity ID/SAML Metadata
to this field.
In the field
Name ID format
from the drop down list
If you wish to assign the users CloudAMQP roles in OKTA, do the following.
Continuing in the
screen from the previous step; In the
under name and
and proceed with the following steps including step 12.
In the step
I'm an Okta customer adding an internal app,
This is an internal app that we have created,
The IdP Metadata now has to be uploaded to
Download the file from Okta, under the menu option
click on your recently created application, and the tab
From here you can download the file that you have to upload to CloudAMQP by clicking
Identity provider Metadata
Depending on your setup, you might have to assign users to your new app. You can do this under
Applications -> Applications.
Click on your created app in the list, followed by the green button
and assign to the users who have access to the app.
If you wish to assign the users CloudAMQP roles or specific tags in OKTA and have done the setup in step 8, do the following to define your CloudAMQP Team roles in Okta:
Azure Active Directory - SAML login on CloudAMQP
> Enterprise applications > New application > Non-gallery application
Enter the name of your new app in the right hand section, i.e. CloudAMQP and click
The application is now created.
Go back to
Home - Enterprise Applications - All applications
and search for your newly created app if you dont see it in the list.
Click on the app to open it.
using the link on the left side.
Click the edit pen for
Basic SAML Configuration
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
with the values you'll find at
NOTE: Leave the
Sign on URL
field BLANK. Click
Federation Metadata XML
and upload it at
Add users and/or groups that should have access
Enforce user roles via Azure SAML (optional)
Open the application, click single sign-on, and click the pen symbol at the
User attributes and Claims section
Add new claim
and enter the following
Source: Transformation, this opens the option to select Transformation: Join().
Parameter 1: Enter the key found at
Parameter 2: select
or any field from the Azure user profile you wish to use to specify the CloudAMQP role to assign.
Go back to your application and click
Users and Groups.
Click on one of the users and in the field corresponding to the on chosen one in the previous step, in this case
enter any of the roles specified at
Specify for each user what role they are to be assigned in CloudAMQP.