Life in modern society becomes easier due to rapid growth of different technologies like real-time analytic, ubiquitous wireless communication, commodity sensors, machine learning, and embedded systems. Nowadays, there seems to be a need to merge these technologies in the form of Internet of Things (IoT) so that smart systems can be achieved. On the other hand, cloud computing is a pillar in IoT by which end users get connected through the cloud servers for getting different services. However, to recognize the legitimacy of communicators during communication sessions through insecure channels like the Internet, serious issues in cloud based IoT applications need to be addressed. Thus authentication procedure is highly desirable to remove the unapproved access in IoT applications. This paper presents an ElGamal cryptosystem and biometric information along with a user's password-based authentication scheme for cloud based IoT applications refereed as SAS-Cloud. Security of the proposed scheme has been analyzed by well popular random oracle model and it is found that SAS-Cloud has ability to defend all the possible attacks. Furthermore, performance of SAS-Cloud has been evaluated and it was found that SAS-Cloud has better effciency than other existing competing ElGamal cryptosystem-based authentication schemes.