Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Creating a SAML app in Yandex Identity Hub for integration with Cloud.ru

Written by
Updated at March 24, 2026

Cloud.ru is a Russian provider of cloud services, spanning IaaS, PaaS, AI/ML tools, and solutions for public, private, and hybrid cloud deployments, including support for infrastructure migration and operation.

To authenticate your organization's users to Cloud.ru via SAML SSO, create a SAML app in Identity Hub and configure it appropriately both in Identity Hub and Cloud.ru.

SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.

For the users of your organization to be able to access Cloud.ru:

  1. Create an app.
  2. Set up the integration.
  3. Make sure the application works correctly.

Create an app

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the top-right corner, click Create application and in the window that opens:

    1. Select the SAML (Security Assertion Markup Language) single sign-on method.

    2. In the Name field, specify a name for your new app: cloud-ru-saml-app.

    3. Optionally, in the Description field, enter a description for the new app.

    4. Optionally, add labels:

      1. Click Add label.
      2. Enter a label in key: value format.
      3. Press Enter.

    5. Click Create application.

Set up the integration

To configure Cloud.ru integration with the SAML app you created in Yandex Identity Hub, complete the setup both in Cloud.ru and Yandex Identity Hub.

Set up the SAML app in Cloud.ru

  1. Get the metadata for the new app:

    1. Log in to Yandex Identity Hub.
    2. In the left-hand panel, select Apps and then, the SAML app.
    3. On the Overview tab, under Identity provider (IdP) configuration, click Download metadata file.

    The downloaded XML file contains the required metadata and a certificate used for SAML response signature verification.

  2. Set up SAML authentication for Cloud.ru.

    1. Log in to the Cloud.ru console.

    2. Navigate to the Federations tab in the Administration section.

    3. Click Create federation and select the SAML protocol type.

    4. Upload the XML metadata file you got in Yandex Identity Hub in the previous step.

    5. Enter the federation name and description.

    6. Set the session duration.

      Note

      The maximum lifetime of an SSO session is from 30 minutes to 7 days. If there is no activity, the session is automatically terminated and re-authentication is required.

    7. Check the settings in the Single Logout Service section, they should be imported from the XML metadata file. For Default URL Binding, set Post.

    8. Check the settings in the Single Sign-On Service section, they should be imported from the XML metadata file. For Default URL Binding, set Redirect.

    9. Make sure the signing certificate was imported from the XML metadata file and has the Signing type.

    10. Click Create.

    11. Download the provided XML file with Cloud.ru metadata, as it is required to complete the setup in Yandex Identity Hub.

    12. Click Done.

    13. In the list of federations, find the new federation and copy its ID. Save this ID as you will need it later.

Set up the SAML application in Yandex Identity Hub

Set up service provider endpoints

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. At the top right, click Edit and in the window that opens:
    1. In the **SP EntityID ** field, specify the entityID attribute value of the EntityDescriptor element from the Cloud.ru XML metadata file.
    2. In the ACS URL field, specify the Location attribute value of the AssertionConsumerService element from the Cloud.ru XML metadata file.
    3. Click Save.

Add users

To enable your organization's users to authenticate in Cloud.ru using the Yandex Identity Hub SAML application, you must explicitly add their accounts both to the application and the Cloud.ru federation.

Note

Users and groups added to a SAML application can be managed by a user with the organization-manager.samlApplications.userAdmin role or higher.

Add users to the Yandex Identity Hub SAML application

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and select the required app.
  3. Navigate to the Users and groups tab.
  4. Click Add users.
  5. In the window that opens, select the required user.
  6. Click Add.

Add users to the Cloud.ru federation

  1. Log in to the Cloud.ru console.
  2. Open the Users section and go to the Federated users tab.
  3. In the top-right corner, click Add federation user.
  4. Select the federation to add the user to.
  5. Specify the user's email address.
  6. Grant the user the required access permissions for projects and platforms.
  7. Click Add.

Make sure your application works correctly

To make sure both your SAML app and its integration with Cloud.ru work correctly, authenticate to Cloud.ru as one of the users you added to the app.

Proceed as follows:

  1. In your browser, open the Cloud.ru console login page.
  2. If you were logged in, log out.
  3. On the login form, click SSO.
  4. In the dialog that appears, enter the ID of the federation you created and click Log in.
  5. On the Yandex Cloud authentication page, enter your email address and user password.
  6. Make sure you have successfully authenticated to Cloud.ru.
Previous
MWS
Next
OpenID Connect