Sign in to WeData with Microsoft Entra ID (Azure AD) Single Sign-On (SSO)
Last updated:2025-09-26 17:09:41
Sign in to WeData with Microsoft Entra ID (Azure AD) Single Sign-On (SSO)
Last updated: 2025-09-26 17:09:41
This document demonstrates how to configure Microsoft Entra ID (Azure AD) as the identity provider for Tencent Cloud WeData Single Sign-On (SSO)(this feature requires allowlist capacity, please contact us to enable).
Note:
All configuration operations in Microsoft Entra ID require an administrator (granted global administrator permissions) to execute. For instructions on creating users and granting administrator permissions in Microsoft Entra ID, please refer to the Microsoft Entra documentation.
Enable Single Sign-On (SSO) in Tencent Cloud Identity Center
Enable SSO login
Log in to Tencent Cloud Organization > Identity Center.
In the left sidebar, click User Management > Settings.
In the SSO section, click the button to enable SSO login.
Copy the Service Provider (SP) Information, namely ACS URL and Entity ID.
Enabling Microsoft Entra ID SSO with SAML
Create an Enterprise Application in Microsoft Entra ID:
Log in to the Azure portal as an administrator. Click the menu icon in the top-left corner and select Microsoft Entra ID.
In the left navigation bar, select Manage > Enterprise applications.
Then it goes to All applications. Click New application.
On the Browse Microsoft Entra Gallery page, click Create your own application, enter your app name and select Integrate any other application you don't find in the gallery (Non-gallery), then click Create.
Set Up SSO in your Enterprise Application:
On your app page, click Set up single sign on card.
In the Basic SAML Configuration module, click Edit, fill in the Entity ID and ACS URL that you copied from Tencent Cloud.
Then download the Federation metadata XML from the SAML Certificates module.
Configure Federation in Tencent Cloud Identity Center
Upload Federation Metadata XML in Tencent CLoud Identity Center:
Go to Tencent Cloud Organization > Identity Center Management > Settings > SSO Login. Click Configure Identity Provider Information in the Identity Provider (IDP) Information section.
Click Select File to upload the Federation Metadata XML you downloaded from Microsoft Entra ID.
SSO configuration is now complete. Next, you need to add users and configure the relevant WeData permissions.
Add Users in Azure Enterprise Application
Go to the Enterprise Application you created in Azure. On the Manage > Users and groups page, click Add user/group.
On the Add Assignment page, click Users, then Select the accounts authorized to access WeData.
The successfully assigned users/groups will be displayed in the Users and groups page.
Create Consistent Users in Tencent Cloud Organization
Log in to Tencent Cloud Organization (TCO) > Identity Cente.
In the left sidebar, select User Management > User. On the User list page, click Create User.
After configuration, Click OK.
Note:
Ensure that the Username is the same as the users of your Azure Enterprise application, for example, the highlighted username shown below.
Configuring WeData Permissions for Tencent Cloud Users
Go to Tencent Cloud Organization (TCO) > CAM Synchronization > Configuring Permission.
On the Configuring Permission page, click Create Permission Configuration.
Configure associated policies. You can add the following predefined permissions policy as needed:
QcloudWeDataExternalAccess - Attaching this policy to a sub-account grants it access to other cloud services connected through WeData, mainly to retrieve resource lists.
QcloudDLCFullAccess - Data Lake Compute (DLC) full read and write access.
QcloudWeDataFullAccess - WeData Console full read and write access.
QcloudCOSFullAccess - Object Storage (COS) full read and write access.
QcloudEMRFullAccess - Elastic MapReduce (EMR) full read and write access.
Click OK to complete the permissions creation.
Configuring CAM Role Synchronization
In the left sidebar, click CAM Synchronization > Multi-Account Authorization Management.
On the Multi-Account Authorization Management page, select a target account. Click Configure CAM Role Synchronization.
On the Configure CAM Role Synchronization page, select target users or user group and then click Next.
Select the permission configuration you created and then click Next.
View the configuration information and then click Submit.
Initiate SSO login from Tencent Cloud
The Identity Center administrator should enter the page of Tencent Cloud Organization > Identity Center Management > Identity Center Overview, views and copies the User Login URL.
Other users can visit User Login URL, then click Log in.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback