SAML Authentication setup

Setting up SAML (Security Assertion Markup Language) will allow your team members to quickly log in to the team CloudAMQP account using the credentials stored in your organization’s Identity Provider (IdP).

In the CloudAMQP Console under Team Settings and the tab SAML you will find the information needed for setting up and where to upload your IdP metadata.

To enforce specific roles, your IdP must send an extra 84codes.roles attribute in the SAML response. You can see some examples on your SAML page above.

When SAML has been configured, the first login for any new accounts will have to be initiated from your IdP. You will not be able to sign in for the first time using the 'Sign in with SAML' on the CloudAMQP login page. Instead, you need to log in through the application created in your SAML provider.

This guide will provide step-by-step instructions on configuring SAML for the most popular IdPs:

Okta - SAML login on CloudAMQP

  1. Navigate to the admin portal. in the Applications view, click Create App Integration Saml Okta Add Application
  2. In the dialog that opens, select the SAML 2.0 option, then click next Saml Okta Create app Next
  3. In Step 1 General Settings, enter Cloudamqp, as an example, in the App name field, then click the green Next button. Saml Okta Create app next
  4. In Step 2A SAML Setting do the following.
    • In the Single sign on URL field, enter and check the box Use this for Recipient URL and Destination URL
    • For Audience URI (SP Entity ID), go to and copy your SAML Audience URL/Audience URI/SP Entity ID/SAML Metadata to this field.
    • In the field Name ID format pick EmailAddress from the drop down list Okta Create app settings
  5. If you wish to assign the users CloudAMQP roles in Okta, do the following.
    • Continue down to Attribute Statement section enter 84codes.roles under name and appuser.roles under value. Saml Okta Atttibutes Roles Click Next and proceed with the following steps including step 12.
  6. In the step Feedback select I'm an Okta customer adding an internal app, and This is an internal app that we have created, then click Finish Okta Create app finalize
  7. The IdP Metadata now has to be uploaded to

    Download the file from Okta, under the menu option Applications, click on your recently created application, and the tab Sign On From here you can download the file that you have to upload to CloudAMQP by clicking Metadata URL and save the file as XML. Okta Create app Metadata
  8. Depending on your setup, you might have to assign users to your new app. You can do this under Applications -> Applications. Click on your created app in the list, followed by the green button Assign and assign to the users who have access to the app. Okta assign users
  9. If you wish to assign the users CloudAMQP roles or specific tags in Okta and have done the setup in step 8, do the following to define your CloudAMQP Team roles in Okta:
    • Go to the menu option Directory -> Profile Editor and click on the app you just created. Okta setup Roles
    • Click the Add Attribute button. Okta setup Roles
    • Enter the information as requested, making sure the variable name is roles, as it is used in the previous step (appname.roles). Under Attribute Members, enter the roles you wish to be able to chose from. The Value field contains the teams' unique code followed by / and the role name or tag. The exact values to use are listed as examples in your CloudAMQP settings at: Okta setup Roles
    • Click Save
    • To assign the roles to your members go to the menu option Applications -> Applications, click on your created app in the list and the pen symbol next to a team member. From the drop-down, you should now be able to chose a role for this user. Okta setup Roles
    • Click Save

Azure Active Directory - SAML login on CloudAMQP

  1. Go to > Enterprise applications > New application > Create new application > Non-gallery application Azure SAML Setup
  2. Click New Application
  3. Azure SAML Setup
  4. Click Non-gallery Application. Enter the name of your new app in the right hand section, i.e. CloudAMQP and click Add Azure SAML Setup The application is now created.
  5. Go back to Home - Enterprise Applications - All applications and search for your newly created app if you dont see it in the list. Azure SAML Setup Click on the app to open it.
  6. Go to Single sign-on using the link on the left side. Azure SAML Setup
  7. Click SAML Azure SAML Setup
  8. Click the edit pen for Basic SAML Configuration
  9. Add Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) with the values you'll find at NOTE: Leave the Sign on URL field BLANK. Click Save Azure SAML Setup
  10. Download the Federation Metadata XML and upload it at Azure SAML Setup
  11. Add users and/or groups that should have access Azure SAML Setup
  12. Enforce user roles via Azure SAML (optional)

    • Open the application, click single sign-on, and click the pen symbol at the User attributes and Claims section Azure SAML Setup
    • Click Add new claim and enter the following

      Name: 84codes.roles

      Source: Transformation, this opens the option to select Transformation: Join().

      Parameter 1: Enter the key found at

      Separator: "/"

      Parameter 2: select user.jobtitle, or any field from the Azure user profile you wish to use to specify the CloudAMQP role to assign.

      Click Save Azure SAML Setup
    • Go back to your application and click Users and Groups.

      Click on one of the users and in the field corresponding to the on chosen one in the previous step, in this case Job title, enter any of the roles specified at Azure SAML Setup
    • Specify for each user what role they are to be assigned in CloudAMQP.

  13. Assign multiple roles via Azure SAML (optional)

    • Start by creating a separate Azure AD group per role/tag and assign to users. Azure SAML Setup
    • In your CloudAMQP Enterprise application, click Single sign-on and the pen symbol next to attributes and claims. In the claim, assign attribute user.assignedroles to 84codes.roles
    • Under app roles, create an app role per role/tag and assign them the correspondent value. Azure SAML Setup
    • Initiate a SAML sign-on. Tags and roles should now be assigned as requested.

    • Google Workspace - SAML login on CloudAMQP

      Set up SAML on Google Workspace.

      1. Using a Super Administrator account, Navigate to Apps > Web and Mobile Apps.
      2. Select 'Add new App' - Add Custom SAML app. Google SAML App
      3. Give your new app a name and press 'Continue'. Download IdP metadata
      4. On the next screen, download IdP metadata. Once downloaded, upload this file to your CloudAMQP portal. In CloudAMQP, Navigate to Team Settings > Team > SAML Configuration and upload the IdP metadata file. Upload IdP metadata
      5. On the next screen in your Google Workspace setup, paste the SAML Consumer URL/ACS (Consumer) URL from your CloudAMQP console to the ACS URL field. For EntityID, paste the SAML Audience URL/Audience URI/SP Entity ID/SAML Metadata value. Select EMAIL as Name ID, and leave the rest as-is. configuration links
      6. Press Finish. Now assign the app to a user and they will be able to sign in. The first login will have to be performed from the Google Workspace app dashboard (9 points menu).
      7. If you wish to provision roles or tags to the users, you can create a custom attribute and bind it to 84codes.roles. Pass the Entity ID followed by role, eg. xxxx-xxxx-xxxx-xxxx-xxxx/monitor. You can find your Entity ID on the CloudAMQP SAML Configuration page. attribute mapping
      8. If you need assistance or have any questions you can get in touch with support through