Enterprise AI Infrastructure Security Series - 2) Identity Provider Setup, Group Sync & Access Rules

clearml logo
ClearML
Feb 27, 2026
ClearML

In this video we walk through setting up and testing an identity provider (Azure Entra ID) with ClearML Enterprise, enabling group synchronization to automate user onboarding, and then using platform access rules to secure the resources available to your teams and agents.

What we cover:

  • Configuring Azure Entra ID as an OIDC identity provider
  • Testing the SSO connection and claims mappings
  • Enabling group synchronization between Azure security groups and ClearML
  • Mapping Azure group IDs to ClearML user groups
  • Setting up admin group auto-assignment
  • Configuring access rules to control project, queue, and resource access per group
  • Restricting sign-up and login to matched group members only

My supporting blog - https://damianerangey.com/blog/2026-02-16-securing-clearml-for-the-enterprise-part-1

This is Part 2 of our series on enterprise AI infrastructure security. Whether you're an IT director evaluating ClearML, a platform engineer rolling it out, or a team lead trying to understand how your users and agents are governed — this walkthrough covers the practical, hands-on configuration from start to finish.
🔗 Links & Resources ClearML Enterprise: https://clear.ml/enterprise ClearML Docs — Identity Providers: https://clear.ml/docs/latest/docs/deploying_clearml/enterprise_deploy/sso/ ClearML Docs — Access Rules: https://clear.ml/docs/latest/docs/webapp/settings/webapp_settings_access_rules/ Azure Entra ID — App Registrations: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps

✨ Follow us or give us a Github star!
Github page: https://github.com/clearml/clearml
Slack Channel: https://joinslack.clear.ml/
LinkedIn: https://www.linkedin.com/company/clearml

Copyright © 2026 OpsMatters™. All rights reserved.