Microsoft Entra

Contact Sales to Enable This Feature

Microsoft Entra is a unified identity and access management solution that enhances security, compliance, and user experience across hybrid and multi-cloud environments. Zilliz Cloud allows you to configure single sign-on (SSO) with Microsoft Entra over the SAML protocol.

Before you start

Before you begin the SSO configuration, make sure the following conditions are met:

• You are the Organization Owner of the organization where SSO is to be configured.

• You have access to the Microsoft Entra admin center. For more information, refer to Microsoft Entra documentation.

Step 1: Create an application on Microsoft Entra

1. Log in to the Microsoft Entra admin center.

2. In the left-side navigation pane, choose Applications > Enterprise applications.

3. On the page that appears, choose All applications > + New application. Then, click + Create your own application.

4. In the Create your own application pane, enter the application name and select Integrate any other application you don't find in the gallery (Non-gallery). Then, the application is created.

Step 2: Set up SAML-based SSO

1. On the application page, choose Single sign-on > SAML.

2. In the Basic SAML Configuration section, click Edit.

3. Configure Identifier (Entity ID) and Reply URL, then click Save:

   • Identifier: The unique ID that identifies your application to Microsoft Entra ID. This value must be unique across all applications in your Microsoft Entra tenant. In this example, enter zilliz.

   • Reply URL (Assertion Consumer Service URL): The URL where the application expects to receive the authentication token. Enter a placeholder value for now and update it later after configuring the settings on Zilliz Cloud console.

4. Download the certificate and copy the Login URL.

5. Then, switch to the Zilliz Cloud console for further configuration.

Step 3: Configure SSO on Zilliz Cloud

1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

2. In the left-side navigation pane, choose Settings.

3. On the Settings page, find the Single Sign-On (SSO) section and click Configure.

4. In the Configure Single Sign-On (SSO) dialog, you will see two options - SAML 2.0 and Okta Workforce. For this guide, select SAML 2.0 to proceed with the SAML 2.0 integration.

5. In the Configure Single Sign-On (SSO) step, enter the IdP settings using the certificate and Login URL obtained from Microsoft Entra in Step 2.

   • Single Sign-On URL: Paste the Login URL value obtained from Microsoft Entra into this field. This URL receives the SAML authentication requests from Microsoft Entra.

   • Entity ID: Enter zilliz. This identifier is used to distinguish the issuer of SAML requests, responses, or assertions, ensuring that messages from Microsoft Entra are correctly recognized and accepted by Zilliz Cloud.

   • Certificate: Open the certificate downloaded from Microsoft Entra and paste the certificate details into this field. This public key certificate is used to verify the digital signatures of SAML assertions, enabling Zilliz Cloud to authenticate the source of the SAML data securely.

6. Click Save to proceed.

Step 4: Update Microsoft Entra integration

After saving the integration details on Zilliz Cloud, you'll be provided with a redirect URL:

1. Copy the provided redirect URL from the Zilliz Cloud console.

2. Return to the Microsoft Entra admin center and navigate to the application you created.

3. Edit the SAML settings to replace the Reply URL with the redirect URL you copied from Zilliz Cloud, and save changes.

Step 5: Assign Microsoft Entra application to users

Before users can access Zilliz Cloud through SSO, you need to assign the Microsoft Entra application to them:

1. On the application page of the Microsoft Entra admin center, choose Users and groups > + Add user/group.

2. Select users or groups to grant them access to the application.

For details, refer to Microsoft Entra documentation.

Test configuration

To ensure your SSO setup is functional:

1. Open a new browser window and navigate to the Zilliz Cloud SSO login URL provided earlier.

2. You should be redirected to the login page of the Microsoft Entra admin center.

3. Log in using the credentials of a user who has been assigned the application.

4. If SSO is configured correctly, you will be redirected to the Zilliz Cloud console after successful authentication.

📘Notes

By default, users logging in via SSO are granted the Organization Member role. To expand their permissions, you can modify their roles in the Zilliz Cloud console.

If you encounter any issues during the setup or testing process, please contact Zilliz support for assistance.