SSO is intended for accounts with multiple users who take the extra security measure of signing into third-party applications using an identity provider.
You'll need a Microsoft account with administrator access to manage Entra ID to complete the configuration.
Azure (Microsoft Entra) Configuration
Step 1: Reach out to our support team
First, request an ACS URL from Cube's Support team. After you've received this URL from us, use the steps below to begin your configuration.
Step 2: Set up Microsoft Entra
Please complete the steps outlined here to set up your SAML 2.0 identity provider and create an app registration in Entra.
Step 3: Configure SAML claims
A SAML 2.0 configuration requires combining information from your org and the target app. For help updating the Attributes & Claims mapping in Azure, please refer to the directions here.
The following Claims will need to be added with the corresponding attributes. These are case sensitive:
Note: Format below is 'Claim Name' >> 'Entra attribute value'
- Unique User Identifier >> user.userprincipalname
- User.FirstName >> user.givenname
- User.LastName >> user.surname
- User.EmailAddress >> user.userprincipalname
- emailaddress >> user.mail
Note: We use user.userprincipalname for email because it’s the Entra login email. Read more here.
Also, ensure that the Namespace attribute for each claim is blank.
Step 4: Share metadata with our support team
Our support team will need the following information so they can configure our side of your SAML settings.
1. The Identity Provider Issuer. This is often called the Entity ID or simply "Issuer." The assertion will contain this information, and the SP will use it as verification.
2. The Identity Provider Single Sign-On URL. The SP may refer to this as the "SSO URL" or "SAML Endpoint."
3. The x.509 Certificate (base 64 version). Click Download Certificate and send the file to us. Some service providers allow you to upload this as a file, whereas others require you to paste it as text into a field. Please send this to Cube via One Time Secret.
Accessing your account with single sign-on (SSO)
When our team has configured Azure with SAML SSO for your Cube instance, you'll be able to use it to sign in:
1. Select Using Single Sign-On?
2. Input your company email address, then click Submit
3. You will be redirected to your organization's sign-in page, and after successfully signing in, you will be redirected to Cube.