Pass Through Authentication
Note: This feature is available in Enterprise and AWS editions only.
CloudBeaver lets you sign in once with a federated identity provider and access cloud databases and storage without entering additional credentials.
When a user logs into CloudBeaver with a federated identity provider, the authentication token from that session is reused to access cloud resources. The user does not need to authenticate again when working with cloud databases or cloud storage.
Example: A user who logs in with their Google account can immediately open Cloud Explorer to see and connect to their GCP databases, and open Cloud Storage to access Google Cloud Storage buckets - all without entering any additional credentials.
| Identity provider | Cloud services available |
|---|---|
| Google (OpenID) | GCP databases (Cloud Explorer), Google Cloud Storage (Cloud Storage) |
| AWS Identity Providers | AWS databases (Cloud Explorer), Amazon S3 (Cloud Storage) |
| Microsoft Entra ID | Azure databases (Cloud Explorer) |
Note: Before configuring CloudBeaver, make sure the identity provider is already set up on the provider's side.
-
As an administrator, set up an Identity Provider for your cloud provider - see Supported providers.
-
Log in using the Federated method and select the configured provider.
-
After login, you can:
- open Cloud Explorer to browse and connect to cloud databases
- open Cloud Storage to access cloud storage
A user with access in the corresponding identity provider logs in using their email address. After the first successful login, CloudBeaver automatically creates a user profile, which appears in Settings -> Administration -> Users, assigned to the default team.
An administrator can create a user in advance and assign permissions, team membership, AWS Role ARN, or Microsoft Entra ID User ID.
For more details, see Users.
An administrator can organize users into teams to control access to connections and permissions. Teams can also be auto-assigned based on group information from the identity provider at login - no manual assignment needed.
For more details, see Teams.
- Getting started
- Create connection
- Connection network options
- Supported databases
-
Drivers management
- Database authentication methods
- Database navigator
- Properties editor
- Data editor
- SQL editor
-
Entity relation diagrams
- Cloud services
- Data transfer
- General user guide
- Administration
- Server configuration
-
Server security and access configuration
- Authentication methods
- Access management
- Proxy configuration
-
Secret management
- Logs
-
Query manager
- Workspace location
- Command line parameters
-
Session manager
- Deployment options
- CloudBeaver Editions
- FAQ
- Development