SaaS Setup Guide
Get up and running on your QuickCloud hosted environment — sign in, connect your cloud accounts, and run your first migration.
SaaS Setup Guide
With the SaaS track, QuickCloud hosts the platform for you — no Docker, no servers to manage. You access your environment through a browser, connect your cloud accounts so QuickCloud can analyze your infrastructure, and run migrations from the UI.
This guide covers everything from first login to running your first job.
Step 1 — Sign in to your environment
Your welcome email contains a link to your dedicated environment, for example:
https://acme.app.quickcloud.coClick the link and sign in with your company SSO. QuickCloud uses your organization's identity provider — the same credentials you use for your other internal tools.
No SSO set up yet? Your account manager will send a temporary password for first login and walk you through connecting your identity provider. If you haven't heard from them within 24 hours of signup, send them a message.
Supported identity providers
- Okta
- Microsoft Entra ID (Azure AD)
- Google Workspace
- Any SAML 2.0 or OIDC-compatible provider
Step 2 — Connect your cloud account
Before QuickCloud can analyze your infrastructure, it needs read-access to your cloud environment. This is done through a cross-account trust — QuickCloud never stores your cloud credentials.
Navigate to Settings → Cloud Connections in your environment and follow the wizard for your cloud provider.
AWS
The wizard generates a CloudFormation template that creates a read-only IAM role in your account with a trust policy pointing to QuickCloud's AWS account. You run the template once and paste the generated role ARN back into the wizard.
Manually: if you prefer to create the role yourself:
- In IAM, create a new role with Another AWS account as the trusted entity
- Enter QuickCloud's account ID (provided in the wizard)
- Attach the following managed policies:
ReadOnlyAccess(for analysis products)SecurityAudit(additionally required for Modernization, Security & Cost Intelligence (AI))CloudWatchReadOnlyAccess
- Add an external ID condition (the wizard provides one — this prevents confused deputy attacks):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::QUICKCLOUD_ACCOUNT_ID:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "YOUR_EXTERNAL_ID"
}
}
}
]
}- Paste the role ARN into the wizard and click Test connection
Azure
- In the Azure portal, go to Azure Active Directory → App registrations and register a new application
- Under Certificates & secrets, create a new client secret and copy the value
- Navigate to your subscription → Access control (IAM) → Add role assignment
- Assign the Reader role (plus Security Reader for Modernization, Security & Cost Intelligence (AI)) to the app registration
- Enter the Tenant ID, Client ID, Client Secret, and Subscription ID into the QuickCloud wizard
GCP
- In the GCP console, create a Service Account under IAM & Admin → Service Accounts
- Grant it the following roles at the project level:
roles/viewerroles/monitoring.viewer- (additionally)
roles/securitycenter.sourcesViewerfor Modernization, Security & Cost Intelligence (AI)
- Create a JSON key for the service account and download it
- Upload the JSON key in the QuickCloud wizard
Step 3 — Verify the connection
After entering your cloud credentials, click Test connection in the wizard. QuickCloud makes a lightweight API call to confirm access and lists the resources it can see. If the test fails, the wizard shows the specific permission that's missing.
Common issues:
| Error | Fix |
|---|---|
AccessDenied / AuthorizationError | The role or service principal is missing a required permission — check the list in Step 2 |
AssumeRole failed: invalid external ID | Make sure you copied the external ID from the wizard exactly |
No subscriptions found | The Azure app registration doesn't have a role assignment at the subscription level |
Invalid credentials | The JSON key was created before the service account had its roles — recreate the key |
Step 4 — Connect your source system
Once your cloud account is connected, connect the system you're migrating from. What this looks like depends on the product:
App Modernization
Point QuickCloud at your source code repository. Supported sources:
- GitHub (OAuth — authorize via Settings → Integrations → GitHub)
- GitLab (personal access token with
read_repositoryscope) - Bitbucket (app password)
- Azure DevOps (personal access token)
- Direct upload (zip of your repo, up to 500 MB)
Mainframe Migration
Connect to your mainframe via MQ or a lightweight connector agent:
- MQ connector — your mainframe team installs a small MQ listener that QuickCloud calls over TLS. Network requirements: outbound TCP 443 from the mainframe to
ingest.app.quickcloud.co. - File upload — if direct connectivity isn't possible, export your source assets (COBOL, JCL, copybooks) and upload via Projects → New project → Upload assets.
Database Migration
Provide connection details for your source database. QuickCloud connects over a standard JDBC connection — make sure your database allows inbound connections from QuickCloud's egress IPs (listed in Settings → Network → Egress IPs).
Identity & Access (IAM) Migration
- Active Directory / LDAP: provide a read-only service account and the LDAP connection string. QuickCloud connects via LDAPS (port 636).
- RACF: export is done via a script your mainframe team runs; export the RACF database and upload the file.
Step 5 — Run your first job
With your cloud account and source system connected:
- Go to Projects and click New project
- Select the product you want to run
- The wizard guides you through selecting the scope (which systems, which databases, which repos)
- Click Analyze — QuickCloud runs the discovery phase, which takes 5–30 minutes depending on the size of your environment
- Review the analysis report before committing to migration — it shows discovered dependencies, estimated effort, and any blockers
Your account manager will walk you through the first job on your onboarding call. If you haven't scheduled that yet, book a time from your portal dashboard.
Managing team access
Invite colleagues directly from Settings → Team. They'll receive an email invitation and sign in with the same SSO as you. Role options:
| Role | What they can do |
|---|---|
| Admin | Full access — manage connections, run jobs, invite users, view billing |
| Analyst | Run jobs and view reports; cannot manage connections or invite users |
| Viewer | View reports only; read-only access |
If your organization uses SCIM provisioning, QuickCloud supports automatic user lifecycle management through Okta, Entra ID, and Google Workspace. Enable it under Settings → Identity → SCIM.
Data and security
| Question | Answer |
|---|---|
| Does QuickCloud store my source code or data? | QuickCloud stores metadata and migration artifacts (transformed code, schema mappings) in your isolated tenant. Raw source files are processed in memory and not persisted unless you choose to enable job artifacts. |
| Where is my tenant hosted? | US-East-1 by default. EU hosting is available on request — ask your account manager. |
| Can I restrict network egress from QuickCloud to my environment? | Yes — provide your allowed IP ranges under Settings → Network and QuickCloud will only connect from those IPs. |
| Is there a SOC 2 report available? | Yes. Request a copy from your account manager. |
Next steps
- Book your onboarding call — link in your welcome email
- Read the guide for the specific product you're starting with (sidebar)
- If anything isn't working, open a support ticket — include your environment URL and the error message you're seeing