These docs are for Cribl Stream 4.4 and are no longer actively maintained.
See the latest version (4.14).
SAML/Azure AD Setup Examples
This example uses Azure Active Directory as the identity provider (IDP).
Get URL and ID from Cribl
Cribl’s terminology corresponds to Azure AD’s terminology as follows:
| Cribl.Cloud | Microsoft Entra ID | 
|---|---|
| Single Sign-On URL | Reply URL (Assertion Consumer Service URL) | 
| Audience URI | Identifier (Entity ID) | 
Create an Enterprise Application
In Microsoft Entra ID:
- Select Enterprise applications (on the left) > New application > Create your own application.
- Name your new app Cribl.Cloud(or any name you prefer).
- Select Integrate any other application you don’t find in the gallery (Non‑gallery).
- Click Create.
Assign Groups
From Microsoft Entra ID’s left nav:
- Select Users and groups.
- Select Add user/group.
- Add the Cribl groups you created in Configure Groups.
- Click Assign after selecting Groups.
Configure Single Sign-On
From Microsoft Entra ID’s left nav, select Single sign‑on > SAML to open the Basic SAML Configuration page. Then, as shown in the screenshot below:
- Select Add identifier and enter the Audience URI value from Cribl.Cloud’s SAML setup page.
- Select Add reply URL and enter the two Single Sign‑on URL values from Cribl.Cloud’s SAML setup page.
- Of these two URLs, identify the one with the connectionquery parameter, and check the checkbox to make it the Default.

Configure Attributes and Groups Claims
In Microsoft Entra ID, edit Attribute & Claims as follows. Start with the claim names:
- Change surnametofamily_name.
- Change emailaddresstoemail.
- Change givennametogiven_name.
Next, add a group claim:
- Select Groups assigned to the application.
- As the Source Attribute, select: Cloud‑only group display names (Preview).
- Accept the defaults for everything else, and save the new settings.

Submit Your App Info to Cribl
After you’ve created the SAML app integration in your IDP, provide Cribl essential metadata about your application, to implement SSO setup on the Cribl side.
- On your Cribl.Cloud portal’s Organization page > SSO tab, select the SAML lower tab.
- Set the IDP Login/Logout URL to your Azure AD’s Set up CloudSAML section > Login URL value.
- Set the IDP issuer to your Azure AD’s Set up CloudSAML section > Azure AD Identifier value.
- To set the X.509 certificate (base64-encoded), navigate to Azure AD’s SAML Certificates section and download your Base64 Certificate.
- Click Test Connection.
- When you’ve verified the connection, click Save to complete your submission.
SAML/Azure AD Setup with My Apps Chiclet (Optional)
If you want to log into Cribl.Cloud via the Microsoft My Apps chiclet, complete the following procedure:
- In Microsoft Entra ID, navigate to the enterprise application that you created to integrate SSO. 
- From the left nav, select Single Sign-on. 
- In the Enterprise Application’s Basic SAML Configurations UI, click Edit. 
- In the Sign on URL (Optional) section, enter the following URL: - https://portal.cribl.cloud/login?connection=<organizationID>
You also need to allow self-service access to the Cribl App, or assign AD groups permissions to access the application.
Link Existing Users
To ensure that your Cribl.Cloud Organization’s local users have a smooth transition to SSO, see Final SSO Steps & Troubleshooting.